ISR News: Communicating Security’s Value

Excerpts From CIO.com

The biggest challenge security teams face in their organization is one of perception, according to Michael Santarcangelo, founder of Security Catalyst, a New York-based consultancy focused on changing the way people protect information. “They lack relevant context,” said Santarcangelo. “So security people get wrapped up in thinking: ‘The CFO wants an ROI. We better work on ROI.’ But what the CFO is really saying is:’ I don’t understand what you do. So you have to justify it to me.’

ISR News: Cyber-Crime Advice for Obama

From Sysman.com

Critical government, military, and civilian networks have been repeatedly infiltrated to steal our intellectual property and national secrets. So, how do we build a modern, national cyber security policy as we enter into the 44th Presidency? The Center for Strategic and International Studies’ report weighed in on this topic, but I think they missed the point in their technical recommendations,” Aziz said in a blog post.

ISR News: World’s Biggest Data Breach

Excerpts From Forbes.com’s Taylor Buley

Talk about a credit crisis: Heartland Payment Systems, a credit card payment processing firm, may have been the victim of the largest data breach to date. The Princeton, N.J.-based firm said Tuesday that it discovered malicious software in its systems that compromised the security of the data traversing its network. It’s unclear what data may have been tampered with or stolen, but Heartland said no merchant data, cardholder Social Security numbers, unencrypted PIN numbers, addresses or telephone numbers “were involved in the breach.”

ISR News: Obama’s Cyber-Security Push

Excerpts from WSJ.com’s Ben Worthen

While the outgoing Bush administration took steps over the last two years to improve cyber security, “we don’t think it’s keeping pace with the progress necessary to keep the country safe,” says John Stewart, chief security officer for Cisco Systems.

ISR News: UK Ministry of Defense Attacked

Excerpts from CIO.com’s Jeremy Kirk

The U.K. Ministry of Defence is in the midst of an electronic fight with a computer virus that rapidly spread through its computer networks starting Jan. 6. The virus infected computers throughout the military, including those used by the Royal Air Force and Royal Navy, and is one of the most severe attacks the organization has ever faced, according to a Ministry of Defence spokeswoman.

ISR News: 35M Records Breached in 2008

Excerpt from CIO.com’s Jeremy Kirk

It documents 656 breaches in 2008 from a range of well-known U.S. companies and government entities, compared to 446 breaches in 2007, a 47 percent increase. Information about the breaches was collected by tracking media reports and the disclosures companies are required to make by law.

ISR News: SSI Numbers Breached

Excerpt from the Louisville News BizJournal

RBS WorldPay, a subsidiary of Citizens Financial Group Inc. said law enforcement agencies are investigating a Nov. 10 breach of the company’s cyber security. The breach affected the personal information of 1.5 million cardholders. Up to 1.1 million Social Security numbers could have been accessed, according to the company.

ISR News: 16,000 Katrina Records Posted

Excerpt from The Times-Picayune’s Gwen Filosa

FEMA has confirmed that an “unauthorized breach of private information” resulted in the information release of 16,857 names, Social Security and phone numbers, and other private details of people who had applied for benefits. The information was flashed on a pair of privately run Web sites, but for how long was unclear.

ISR News: “Paring Down” Security

Excerpt from CIO.com’s Jaikumar Vijayan

“The intensive projects that require a lot of capital outlay and work on the integration side are probably going to be throttled back,” Hochmuth said. He also expects companies to look more closely at integrating their security, networking and operations teams and reducing their staffing levels.

ISR News: Employee Arrested for ID Theft

Excerpt by the LA Time’s Alexandra Zavis

Hospitals’ increasing reliance on computerized record-keeping has provided new avenues for identity theft and invasions of medical privacy. As recently as May, a Glendale man was convicted of using the names of hundreds of Los Angeles County and city employees to submit fraudulent claims for diagnostic services amounting to more than a quarter-million dollars.

Next Page »

• Categories

  • Anthony M. Freed (25)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (539)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (103)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (591)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (300)
  • Fame Foundry (1)
  • FEATURE ARTICLE (427)
  • Financial (577)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (363)
  • Greg George (5)
  • H1N1 (15)
  • hackers (529)
  • healthcare (124)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (525)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (28)
  • Insider Threat (480)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (61)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (491)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (201)
  • national security (443)
  • PCI (299)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (542)
  • Rachel James (10)
  • reach (2)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (492)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (7)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (13)
  • Tripwire (18)
  • Uncategorized (620)
  • virtualization (91)
  • Webcast (48)

• ISR Headline Index

  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers
  • Risk Based Enterprise Compliance Programs
  • Data Loss Prevention Has Jumped the Shark
  • File-Sharing Software Threat to Health Privacy

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs