Items Tagged with "breaches"
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
July 12, 2012 Added by:Headlines
“Evidently, active vulnerability scanning can cause huge management headaches due to its disruptive nature and information overload, so scanners tend to be used primarily for ‘spot checks’ that aren’t effective at minimizing risks. Critical vulnerabilities have to be identified, prioritized, and remediated daily..."
July 11, 2012 Added by:Matthijs R. Koot
In 2012, Netherlands will establish mandatory breach notification for vital sectors, giving the government increasing sectoral intervention possibilities. This includes the authority to obtain information, administrative enforcement of designations and the authority to appoint an officer on behalf of the government...
July 02, 2012 Added by:Fergal Glynn
Businesses often assume they are safe from cyber attacks because they are too small to be of interest to hackers, or mistakenly assume they have taken adequate measures to protect themselves. This infographic highlights the risks faced by small businesses and gives a few tips to help safeguard against attacks...
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
June 23, 2012 Added by:Allan Pratt, MBA
“Spokeo, which compiles dossiers on consumers, agreed to pay $800,000 to settle allegations by the Federal Trade Commission that it sold personal information in violation of the law. From 2008 to 2010, Spokeo sold millions of consumer profiles to human resources departments and recruiters..."
June 21, 2012 Added by:Jayson Wylie
It does not seem like the top leaders at organizations are as concerned with others' information as they might be with the bottom line. If organizations do not respond to fear of embarrassment for failing at security, should we start taking them to court to formulate better consumer protections?
June 21, 2012 Added by:Rebecca Herold
Information disposal is now a legal requirement for basically all businesses of all sizes, and it simply makes sense to dispose of information securely as an effective way to prevent breaches. Having effective disposal policies, procedures and technologies in place demonstrates reasonable due diligence...
June 19, 2012 Added by:Joel Harding
Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...
June 17, 2012 Added by:Rafal Los
In the analysis of it, every organization needs to have someone responsible for the technology-based risk or security of the organization. Whether that's the Technology Manager, the CISO, or the "IT guy". I just want to see better security, more resiliency, and less technical risk....
June 14, 2012 Added by:Headlines
"Though organizations profess a commitment to RBSM... this security practice is still in its infancy. To establish an effective... program, certain barriers need to be addressed. These include securing adequate resources, having employees with the necessary expertise and designating strong leaders..."
June 13, 2012 Added by:PCI Guru
The biggest problem with PCI DSS standards comes down to the fact that humans are averse to being measured or assessed. Why? It makes people responsible and accountable for what they do, and few people want that sort of accountability – we all much prefer wiggle room in how our jobs are assessed...
June 11, 2012 Added by:Ed Bellis
All of these breaches present a great opportunity to learn what does and doesn’t work in information security. But when we get responses like the one posted by Last.FM not only do we not learn anything, we don’t have any reason to believe they have either...
June 05, 2012 Added by:Pierluigi Paganini
It seems that the company was aware of the principal vulnerabilities in their systems, and lack of patching opened the way to the exploit. The hackers discovered in the Warner Bros network a presentation, prepared by the Technical Operations department, for a security audit...
May 29, 2012 Added by:Beau Woods
Gamers have gotten more savvy about giving away information which would allow someone else to access their account. But the attackers have adapted as well and use other ways of getting that information than by sending fake emails. Here are some of the more creative and sophisticated ways the thieves operate...