Report: China Probing Soft Cyber Underbelly

By Tom Groenfeldt, Technology Journalist - Contributor at CIOZone

In China today, there are thousands of people in a sustained effort to collect intelligence, many of them on an entrepreneurial basis within a competing bureaucratic structure. China understands that a strategic vulnerability of the United States is its soft cyber underbelly. I believe they seek to ‘own’ that space, says Mike McConnell, former director of National Intelligence and director of the NSA.

TSA Breach is a Nightmare for Holiday Travel

Laura Wilson, JD, CISA

This week’s revelation that the Transportation Safety Administration exposed its rules for airport security screening online is outrageous. As holiday travel ramps up, the possibilities and repercussions are horrifying. Coupled with the huge rise in information security breaches across many sectors and rampant identity theft, the TSA’s breach sets the stage for potential disaster.

Massive TSA Security Breach Revealed

By BRIAN ROSS and MATT HOSFORD of ABC News

In a massive security breach, the Transportation Security Agency (TSA) inadvertently posted online its entire airport screening procedures manual, including some of the most closely guarded secrets regarding special rules for diplomats and CIA and law enforcement officers.

Cyber Liability Insurance Mitigates Exposure

By Laton McCartney, Editor at CIOZone

CIOs are starting to embrace the idea of protecting against the risk that comes about as the unintended consequence of Web 2.0 technology. At the same time, data is becoming increasingly regulated, which is creating new exposures, particularly in the areas of data privacy and reputational risk,” Drew Bartkiewicz, vice president of cyber and new media risk at The Hartford, tells CIOZone’s Latom McCartney.

Ten Most Damaging Data Breaches of 2009

By Laton McCartney, Editor at CIOZone

Every week for the past four years the Privacy Rights Clearing House has been chronicling data breaches on a weekly basis. “These are the mega-breaches that can skew the figures in terms of the number of people victimized,” says Paul Stephens, PRCH’s director of policy and advocacy. Here are the ten biggest, most damaging and most embarrassing breaches to date this year.

Symantec CEO Optimistic About IT Spending

By Cara Garretson, Veteran Business and Technology Journalist

Symantec isn’t the only company to forecast improved enterprise IT spending based on quarterly results in the past few weeks; executives at EMC, IBM, and Intel all spoke positively about IT budgets rebounding in the coming months.

Top Ten Email Related Disasters of 2009

BY Mel Duvall, Chief Content Officer at CIOZone

Forget about vampires, ghouls and zombies. You were much more likely to receive a fright this year from something lurking in your e-mail. There were the usual crop of Trojan horses and phishing expeditions, and as the surprising list points out, some of the scares go all the way up to White House and the FBI.

Major Security Hole in Time Warner Routers

By Cara Garretson, Veteran Business and Technology Journalist

An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the DNS address that redirects traffic from trusted sites to malicious ones, and possibly even infect other routers automatically. Chen says he informed Time Warner’s security department of the hole; they responded that they were aware of the problem but couldn’t do anything about it.

The Truth About Regulatory Compliance

By Steven Fox, Founder of SecureLexicon

Given the business impact of regulations like PCI DSS, Sarbanes Oxley, and GLBA, this is understandable. While savvy business leaders understand the limitations of these guidelines, there are among us less enlightened individuals who view these as a cure for organizational security issues.

Black Hat: Articulating the Value of Security

By Steven Fox, Founder of SecureLexicon

How do we market security? The cyber-bullies among us might still use Fear, Uncertainty, and Doubt. While this may produce short term acquiescence, that approach ultimately alienates us from the decision makers. Ultimately, security professionals must identify what is valuable to the business and then associate the need for security with those assets

Next Page »

• Categories

  • Anthony M. Freed (26)
  • Bill Brenner (2)
  • Bob Violino (1)
  • Bozidar Spirovski (23)
  • Breach (540)
  • Britt Womelsdorf (5)
  • By Dr. InfoSec (2)
  • Cara Garretson (7)
  • CCCNews (1)
  • Chorey Taylor & Feil (8)
  • Christophe Veltsos (2)
  • Christopher Burgess (7)
  • CIOZone (26)
  • Class Action Lawsuit (111)
  • Cloud computing (106)
  • Coby Royer (5)
  • CTO Forum (9)
  • D&O Liability (594)
  • Daniel Wallace (5)
  • Danny Lieberman (11)
  • DataLine (10)
  • David Alexander (2)
  • Derek Crawford (1)
  • Doug Pollack (7)
  • due diligence (303)
  • Fame Foundry (1)
  • FEATURE ARTICLE (428)
  • Financial (580)
  • Fred Leland (7)
  • Gene Kim (3)
  • Government (366)
  • Greg George (5)
  • H1N1 (15)
  • hackers (532)
  • healthcare (127)
  • Heather Bourgoin (1)
  • HomeATM (8)
  • identity-theft (528)
  • IDExperts (17)
  • Ike Z. Devji (1)
  • Infosec Island Network (31)
  • Insider Threat (483)
  • Internet Crime Complaint Center (1)
  • Internet Security Alliance (64)
  • ISR News (321)
  • Jacqueline Herships (2)
  • Jenni Hesterman (3)
  • John M. Salomon (2)
  • John Watkins (7)
  • John-Patrick Skaar (2)
  • Kaliber Data Security and Compliance Consultants (3)
  • Kat Sanders (2)
  • Ken Leeser (3)
  • Kevin L. Jackson (10)
  • Kevin M. Nixon (21)
  • Larry Ketchersid (1)
  • Laton McCartney (7)
  • Lauren Taylor (1)
  • Linda McGlasson (1)
  • malware (494)
  • Mark Smail (1)
  • Mark Wright (1)
  • Mel Duvall (3)
  • Michael Eggebrecht (3)
  • Michael Lohr (1)
  • Michael O'Conner (4)
  • MicroSolved (1)
  • Mike Duncan (3)
  • Mike Meikle (4)
  • Mike Spinney (1)
  • Military (204)
  • national security (446)
  • PCI (301)
  • PCI Security Standards Council (32)
  • Physical Security (11)
  • privacy (545)
  • Rachel James (10)
  • reach (4)
  • Rebecca Herold (16)
  • Richard Stiennon (44)
  • Robert Siciliano (34)
  • Sarbanes-Oxley (495)
  • ScamStop (2)
  • Sean Wilkins (2)
  • Semyon Dukach (1)
  • Simon Heron (14)
  • Software Associates (11)
  • Steven Fox (19)
  • SUPERAntiSpyware (3)
  • Sybase (6)
  • Symplified (5)
  • The Jester (8)
  • The Privacy Professor (16)
  • Thomas R. Fox (8)
  • Tom Groenfeldt (2)
  • Tom McLain (2)
  • Trefis (14)
  • Tripwire (18)
  • Uncategorized (621)
  • virtualization (94)
  • Webcast (49)

• ISR Headline Index

  • Quick Tips for Using Secure Shell
  • Consolidate Compliance With Open Source
  • DoS Attack Reveals Widespread Vulnerabilities
  • Study Shows Employees Put Data at Risk
  • Tracking Google’s Script Kiddie Hackers
  • Newbie Introduction to Digital Forensics Part 2
  • Simple Log Review Checklist Released
  • Press F1 for Help? Microsoft Zero Day Threat!
  • A Newbie’s Introduction to Digital Forensics
  • Security Best Practice: Trust But Verify…
  • Google, Adobe, and Big Oil Under Attack!
  • Building your OWN Malware Lab (Part 2)
  • How Twitter Spam Steals From Google, Yahoo!
  • Tech Stocks Week in Review Featuring iPad
  • DoD Endorses Certification for Hackers

• Recent Comments

  • Ryan Aslett on Data Loss Prevention Has Jumped the Shark
  • Tom on (Lack Of) Encryption and The HITECH Act
  • ADMIN on Patriot Hacker Hits Jihad With DDoS Attacks
  • Robert Siciliano on Data Loss Prevention Has Jumped the Shark
  • Karen J. Cox on Data Loss Prevention Has Jumped the Shark
  • Scot McLeod on Outsourcing Breach Response Lowers Costs
  • John Marke on Gartner Tells CIOs to Embrace Social Media
  • Social Engineering and Enterprise Security | CIO – Blogs and … | Enterprise Engineering Addict on Gartner Tells CIOs to Embrace Social Media
  • From Russia, With Smartphones on Top 8 Social Media Security Threats
  • Judith Hoffman on Scam Alert: Rogue Gmail Account Phishing
• 
  

  Information Security Resources

  Top network security blogs