tagged w/ CRE
-
-
What if your vendor is acquired, are there assurances in your service agreement allowing you to opt out if you choose to – if so, will all your data be deleted? What if you vendor is acquired by a company based in a foreign country? Maybe the acquiring company ceo, also a peoples republic of china communist party official, will assure you your data has been deleted. All in all – right now, using SaaS simply comes down to a judgment call, what is in the best interest of your firms operations: ease of access, work flow and cost benefits vs. associated risks…
http://information-security-resources.com/2010/02/11/afraid-of-the-cloud-ask-the-right-questions/What if your vendor is acquired, are there assurances in your service agreement... more
-
-
An important consideration with information security incidents is identifying if personally identifiable information - PII - is involved. If it is, then the privacy breach response team needs to be put into action to determine whether or not an actual privacy breach occurred. I’m always interested in hearing the challenges and unique situations they run across as they not only create their plans, but also for how they execute them. Here are three of these situations, often overlooked and not planned for, but experienced by organizations.
http://information-security-resources.com/2010/02/08/perplexities-of-enterprise-privacy-policies/An important consideration with information security incidents is identifying if... more
-
-
Cisco’s existing product lines offer a number of different appliance options which allow companies the ability to block the various web based threats in existence. The problem that this type of solution has is that it does require constant tweaking of the filtering and analysis settings as well as someone to constantly keep an eye on current events as zero-day attacks become more prominent.
http://information-security-resources.com/2010/01/31/web-security-from-a-new-perspective/Cisco’s existing product lines offer a number of different appliance options... more
-
-
Businesses need to scrutinize the information security and privacy programs and practices of vendors and other business partners, and the cloud computing tools, applications and services should be viewed no differently. If your business is entrusting critical processing and data to another entity, you should first ensure it is trustworthy, secure and will meet your organization’s compliance obligations…
http://information-security-resources.com/2010/01/20/on-privacy-and-cloud-computing-challenges/Businesses need to scrutinize the information security and privacy programs and... more
-
-
These types of attacks are typically launched from computer robots (bots) which are exploited computers which have an Internet connection. These bots are then directed by central controllers to do the tasks assigned. These tasks vary but can include initiating a DDoS attack on a specified target. Now when the combined bandwidth of thousands of bots comes into play, any company can have their Internet connectivity partially or completely blocked.
http://information-security-resources.com/2010/01/20/dos-attacks-and-continuity-of-operations/These types of attacks are typically launched from computer robots (bots) which are... more
-
-
Microsoft HealthVault is designed to let us collect, store, and share health information critical to our family’s well-being and Google Health allows us to organize our health information all in one place, gather our medical records from doctors, hospitals, and pharmacies, and share our information securely with a family member, doctors or caregiver. For now, I probably won’t start trusting my medical history to either Microsoft or Google…
http://information-security-resources.com/2010/01/11/on-managing-your-own-health-records/Microsoft HealthVault is designed to let us collect, store, and share health... more
-
-
The way most of the vendors do PC security makes it very easy for the bad guys to circumvent their software pretty quickly, said John Viega, vice president of engineering at McAfee and author of a new book, The Myths of Security: What the Computer Security Industry Doesn’t Want You to Know. The technologies generally have not gotten good enough fast enough, and there hasn’t been the best collaboration between vendors, even though they do collaborate, he added. They are getting better, but some vendors, who market by publicly announcing vulnerabilities in popular software packages, do more to hurt than help…
http://information-security-resources.com/2010/01/10/broadcasting-vulnerabilities-hinders-security/The way most of the vendors do PC security makes it very easy for the bad guys to... more
-
-
-
In China today, there are thousands of people in a sustained effort to collect intelligence, many of them on an entrepreneurial basis within a competing bureaucratic structure. China understands that a strategic vulnerability of the United States is its soft cyber underbelly. I believe they seek to ‘own’ that space, says Mike McConnell, former director of National Intelligence and director of the NSA.
http://information-security-resources.com/2009/12/13/report-china-probing-soft-cyber-underbelly/In China today, there are thousands of people in a sustained effort to collect... more
-
-
This week’s revelation that the Transportation Safety Administration exposed its rules for airport security screening online is outrageous. As holiday travel ramps up, the possibilities and repercussions are horrifying. Coupled with the huge rise in information security breaches across many sectors and rampant identity theft, the TSA’s breach sets the stage for potential disaster.
http://information-security-resources.com/2009/12/09/tsa-breach-is-a-nightmare-for-holiday-travel/This week’s revelation that the Transportation Safety Administration exposed its... more
-
-
-
CIOs are starting to embrace the idea of protecting against the risk that comes about as the unintended consequence of Web 2.0 technology. At the same time, data is becoming increasingly regulated, which is creating new exposures, particularly in the areas of data privacy and reputational risk,” Drew Bartkiewicz, vice president of cyber and new media risk at The Hartford, tells CIOZone’s Latom McCartney.
http://information-security-resources.com/2009/12/07/cyber-liability-insurance-mitigates-exposure/CIOs are starting to embrace the idea of protecting against the risk that comes about... more
-
-
Every week for the past four years the Privacy Rights Clearing House has been chronicling data breaches on a weekly basis. “These are the mega-breaches that can skew the figures in terms of the number of people victimized,” says Paul Stephens, PRCH’s director of policy and advocacy. Here are the ten biggest, most damaging and most embarrassing breaches to date this year.
http://information-security-resources.com/2009/12/04/ten-most-damaging-data-breaches-of-2009/Every week for the past four years the Privacy Rights Clearing House has been... more
-
-
-
Access to live energy use data can reveal if people are in the dwelling, what they are doing, where they are in the dwelling, and access to data use profiles that can reveal specific times and locations of electricity use in specific areas of the dwelling can also indicate the types of activities within the dwelling over a period of time. The information revealed is a type of surveillance. We need layers of privacy protections throughout the entire smart grid to effectively address privacy concerns and prevent privacy invasions and breaches.
http://information-security-resources.com/2009/11/30/smart-grid-privacy-standards-proposed/Access to live energy use data can reveal if people are in the dwelling, what they are... more
-
-
-
Wouldn’t it be a good idea to have privacy certifications for the organizations that are part of the large smart grid and for the smart meters to help ensure they are appropriately addressing privacy and providing households with informed decision-making capabilities for how the information collected from their homes through these devices are used?
http://information-security-resources.com/2009/11/15/fifteen-more-smart-grid-privacy-concerns/Wouldn’t it be a good idea to have privacy certifications for the organizations... more
-
-
These new regulations come at a time when healthcare breaches are on the rise; according to the 2009 ITRC Breach Stats Report healthcare breaches account for over 66 percent of all records breached this year, up from 20 percent in 2008. In fact, some of the largest names in healthcare suffered data breaches.
http://information-security-resources.com/2009/11/12/hitech-act-and-protecting-health-privacy/These new regulations come at a time when healthcare breaches are on the rise;... more
-
-
A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong finger of a patient, and now the hospital must install video cameras in all of its operating rooms. Of course video surveillance will not PREVENT such incidents from happening, but knowing such recordings are being made will likely make surgeons much more careful…
http://information-security-resources.com/2009/11/09/hipaa-and-video-surveillance-of-surgery/A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong... more
-
