Blog Posts Tagged with "Personally Identifiable Information"
Data Breach Definitions, Costs and Security
April 11, 2012 Added by:Fergal Glynn
Companies that suffer a data breach lose more than just confidential information. Their reputation, productivity, and profitability can all be negatively impacted in the aftermath of even a single incident. The organization may face fines, civil or criminal prosecution...
Comments (0)
P2P File Sharing Security Concerns for Small Businesses
April 04, 2012 Added by:Robert Siciliano
In my own P2P security research, I have uncovered tax returns, student loan applications, credit reports and Social Security numbers. I’ve found family rosters which include usernames, passwords and Social Security numbers for entire family...
Comments (0)
NIST: Technical Guidance for Evaluating Electronic Health Records
April 03, 2012 Added by:Infosec Island Admin
“This guidance can be a useful tool for EHR developers to demonstrate that their systems don’t lead to use errors... It will provide a way for developers and evaluators to objectively assess how easy their EHR systems are to learn and operate, while maximizing efficiency...”
Comments (0)
Is a W-2 Considered PHI Under HIPAA?
March 25, 2012 Added by:Rebecca Herold
The question was framed as meaning the entire W-2 form was being “submitted” for financial assistance to pay for healthcare, so with this in mind, we will consider it as one document containing several information items that are necessarily grouped together...
Comments (0)
What do Credit Card Companies do with Your Personal Info?
March 23, 2012 Added by:Allan Pratt, MBA
The types of personal information companies collect and share depends on the product or service you get from them. This info can include: Social Security number and income, account balances and employment details, and credit history and transaction history...
Comments (0)
Hackers Target Social Media for Social Engineering Attacks
March 22, 2012 Added by:Dan Dieterle
Hackers are getting much better at their craft, and people are making it very easy for them. A Social Engineer will use information gathered about a person, place or business in specially crafted attacks that play on people’s thoughts, beliefs or emotions...
Comments (0)
Transborder Data Flows at Risk
March 22, 2012 Added by:David Navetta
The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries...
Comments (0)
ISA / ANSI: Financial Impact of Breached Health Information
March 20, 2012 Added by:Marjorie Morgan
Webinar participants will hear from industry experts who will highlight strategies for health care organizations and findings from the recently released report, The Financial Impact of Breached Protected Health Information: A Business Case for Enhanced PHI Security...
Comments (0)
It’s Back: March Madness Higher Education Data Breach Brackets
March 12, 2012 Added by:Alexander Rothacker
The method to our ‘Madness’ is simple – based solely on the number of reported records breached in 2011, we put together brackets. For each U.S.-based institution of higher learning that reported a data breach in 2011, we seeded (ranked) them based on number of records affected...
Comments (0)
Data Classification and Controls Policy for PCI DSS
March 01, 2012 Added by:Danny Lieberman
The first step in protecting customer data is to know what sensitive data you store, classify what you have and set up the appropriate controls. Here is a policy for any merchant or payment processor who wants to achieve and sustain PCI DSS 2.0 compliance and protect data...
Comments (0)
A Better Path for Applications: Respecting Users
February 20, 2012 Added by:Electronic Frontier Foundation
Even with industry standard security practices in place, data is still vulnerable to a breach or a subpoena. Companies collecting personal data have an obligation to keep as little personally identifiable data as necessary to provide their services...
Comments (0)
Google Wants to Get to Know You Better... Uh-Oh
February 19, 2012 Added by:Kelly Colgan
The company that started out as a little search engine has grown into a behemoth that dabbles in everything from social networking to picture sharing to 3D modeling. And it plans to integrate information pulled from all of those Google services you use to learn more about you...
Comments (0)
Information Security Relief is Spelled ISO-27001
February 15, 2012 Added by:John Verry
No matter the industry or service offering, organizations processing data on behalf of clients are experiencing the pain of proving they are secure and compliant with client standards and the myriad of regulations which their clients are obligated. ISO-27001 spells relief...
Comments (0)
One in Three Massachusetts Residents’ Records Breached
February 15, 2012 Added by:Robert Siciliano
Massachusetts has one of the most stringent data protection laws on the books. Companies are now reporting when even a single individual’s information has been compromised. Despite strict security requirements, companies are continually being hacked in record numbers....
Comments (0)
Your Name and SSN - All a Thief Needs for Tax Fraud
February 14, 2012 Added by:Kelly Colgan
The IRS has seen a significant increase in the number of fraud cases involving identity theft, according to Steven Miller, IRS deputy commissioner for services and enforcement. Addresses don’t mean anything. All a thief needs is your name and Social Security number...
Comments (0)
What Actually Changed in Google’s Privacy Policy
February 14, 2012 Added by:Electronic Frontier Foundation
Google did a great job of informing users that the privacy policy had been changed through emails and notifications. Unfortunately, while the policy might be easier to understand, Google did a less impressive job of publicly explaining what in the policy had actually been changed...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)