Government
It’s ‘Defense in Depth’, not ‘Dense in Depth’
December 18, 2009 Added by:Bill Wildprett, CISSP, CISA
I sit, dumbfounded with amazement after reading that insurgents in Iraq have been intercepting Predator drone video feeds and that the Pentagon has known about this for a year now.
Comments (1)
From the Web
If DOD can do this, why can’t they manage to remove SSNs?
December 03, 2009 from: Office of Inadequate Security
The Defense Department will not meet its end-of-the-year deadline for removing Social Security numbers from military ID cards as they are issued or renewed, the Pentagon has confirmed.
Comments (0)
From the Web
Many More Government Records Compromised in 2009 than Year Ago, Report Claims
December 03, 2009 from: Office of Inadequate Security
If you’re bummed about the data in your department that just got breached, you have some cold comfort. Although the combined number of reported data breaches in the government and the military has dropped in 2009 compared to last year, many more records were compromised in those breaches, according to recent figures compiled by a California nonprofit.
Comments (0)
From the Web
Government accused of ‘cover up’ over lost farmer tapes
November 06, 2009 from: Office of Inadequate Security
The Department of Environment Food and Rural Affairs (Defra) has been accused of a “cover up” after two back-up tapes went missing containing the banking details of around 100,000 farmers.
Comments (0)
From the Web
Senate Panel Clears Data Breach Bills
November 05, 2009 from: Office of Inadequate Security
The Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify individuals of security breaches involving sensitive personally identifiable information. Both bills go to the Senate for consideration.
Comments (0)
Good enough security?
October 29, 2009 Added by:Christopher Hudel
We have had 802.1x -- CISCO + Active Directory Integration -- in place for over a year know and it is largely a success; windows systems automatically obtain machine certificates (machines automatically receive certificates when they join the domain), supplicants exist for our IP Phones, and those devices (i.e.: printers) that are currently incapable of 802.1x are split off in a tightl...
Comments (2)
IT Security - Defense in Depth Protection using a Data-centric Model
October 29, 2009 Added by:Mike Cuppett
Start aligning your security strategy to better protect your organization's most critical asset - data. While many security proponents lean toward an outside-in strategy - protect every computer in the company from the outside world first - we really need to understand that the data is the asset that must be protected first and foremost. The outside-in strategy starts at a macro level and ov...
Comments (5)
From the Web
Whitehouse Drupal and The Open Source Security Model
October 25, 2009 from: Rsnake's blog at ha.ckers.org
Have you heard the news? The Whitehouse has decided to go open source. They have decided to switch from their own proprietary in-house CMS system to Drupal. You heard me right, Drupal. The same Drupal with 12 pages of vulnerabilities at OSVDB since it’s inception. I’m sure this made the Open Source community jump for joy, but I see this as a big mistake if you take it on face value and...
Comments (0)
Are the days numbered for Chinese handsets in India?
October 09, 2009 Added by:Sudha Nagaraj
In a country with over 400 million mobile phones in use where ten million new phones are being sold every month, a security scare over cheap and illegal handsets imported from China, threatens to silence over 25 million handsets by end November.
Comments (0)
Where are the DBAs?
October 07, 2009 Added by:Michael Menefee
What I really want to know is this: Where are the Database Admins (DBAs) these days? I cant tell you how many times in the past 18 months that I’ve found real enterprises running vulnerable databases with default passwords, weak passwords and no real permissions management.
Comments (3)
From the Web
City admits lapse in data release
October 07, 2009 from: Office of Inadequate Security
On Tuesday, New York City rolled out the next phase of its NYC BigApps competition, an initiative that will supply local programmers and developers with a stockpile of raw municipal data sets to build applications for the Web and mobile phones.
Comments (0)
The Business of Blogging
October 07, 2009 Added by:Sudha Nagaraj
Bloggers beware! You can no longer go berserk promoting this gizmo over that, vouching for X software over Y or push traffic on to a website through social marketing tools like tweets and Facebook posts.
Comments (0)
From the Web
Probe Targets Archives’ Handling of Data on 70 Million Vets
October 01, 2009 from: Office of Inadequate Security
The inspector general of the National Archives and Records Administration is investigating a potential data breach of tens of million of records about U.S. military veterans, after the agency sent a defective hard drive back to its vendor for repair and recycling without first destroying the data.
Comments (0)
From the Web
IT security breaches In Canada more than triples in 2009
September 30, 2009 from: Office of Inadequate Security
IT security breaches cost the average Canadian organization an estimated $834,000 in 2009 – a 97 per cent increase from the $423,000 reported by the study last year. Similarly, the average number of reported IT security breaches also increased 276 per cent to 11.3 per organization in 2009 – compared with an average of three in 2008.
Comments (0)
From the Web
Auditor: Bullitt lacked proper controls to prevent online theft
September 16, 2009 from: Office of Inadequate Security
Bullitt County [Kentucky] Fiscal Court did not have sufficient online banking controls in place at the time of the June online theft of $415,989, according to a report by the state auditor.
Comments (0)
From the Web
Postal inspectors uncover MassMutual customer data during ID theft investigation
September 15, 2009 from: Office of Inadequate Security
Massachusetts Mutual Life Insurance Company (”MassMutual”) recently discovered that an insider had printouts of customer data that might have been used for fraudulent purposes.
Comments (0)
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)
- Complimentary IT Security Resources [May 13, 2013]
- Steps Toward Weaponizing the Android Platform
- Mobile Security Processes Could Be Applied to Medical Devices: Bluebox