By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security, Regulatory Compliance

Another data breach involving more than 500,000 records and Network Solutions is yet another organization that claims they were PCI compliant.  How can this be happening?  How does an organization know if they are PCI compliant with all 12 sections of PCI Security Standards which include hundreds of processes, roles and responsibilities that people must be following and implementing on a daily basis? Maybe what PCI really needs is a new focus and a new three letter acronym to go with all their other three letter acronyms.  If you visit the PCI Security Standards web site, you will find a whole bunch of three letterRead More →

By:
On:
In: *Connecting the Dots Blog*, Emergency Management, Incident Reporting, Information Privacy, Information Security, School Safety

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Secret Service Information Revealed in P2P Data Leak On July 29th, it was revealed that files including information about a Secret Service safe house for the President’s family, details regarding the Pentagon’s network infrastructure, and specific details about every nuclear facility in the US were found on the LimWire file-sharing network.  As a result, a bill has been introduced that would ban P2P sharing on all government computers and networks. Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

According to a recent survey released by the Messaging Anti-Abuse Working Group (MAAWG), about 1 in 6 consumers have at some point acted on a spam message.  Those who admitted to opening a spam message said they “were interested in a product or service” or “wanted to see what would happen if they opened it.” Wanted to see what would happen if they opened it!?   These people are not 6-year olds wanting to see what would happen if they touched the hot stove or stuck their tongue to a flag pole during an ice storm! Nearly 2/3 of the people surveyed felt they were veryRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Privacy, Information Security

Keeping You Out of the Headlines and out of this blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… NYPD…New Typewriters? The New York Post reported that the New York City Police Department had signed a nearly $1 million contract with a vendor to purchase thousands of new manual and electric typewriters during the next three years. The NYPD’s typewriters are a shocking reminder of just how much more change needs to be implemented across government agencies and organizations to eliminate the status quo. Kaiser Hospital Privacy Violation KaiserRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

An article in The Washington Post and comments from Avivah Litan, vice president at the market research firm Gartner Inc, regarding fraudsters targeting commercial business accounts caught my attention….and if you run a business, you should pay attention too. Apparently the bad guys have figured out yet another way to steal real money and they are targeting business accounts rather than personal accounts.  The fraud involves mules and mule recruiters, some keylogger software planted on the PC of an unknowing person inside a bank, some social engineering and some fake, but real looking websites.  Notice how the bad guys are focusing on people and theirRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

Received e-mail below this week…Wouldn’t it be great if all phishing attempts were this obvious? How are you doing and your family? I shall require from you , your  full names, address and phone numbers to start the process of claim in this regard. Do send me these details to barwonglee@******.com.hk for prompt and needed action Again I guarantee that all is under control and you have nothing to worry about, Just grant to me your full cooperation and keep this transaction close at heart. Regards, Wong Lee. Of course many phishing attempts are more sophisticated and more professional looking and unfortunately more successful atRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Risk Management

I was reading a report the other day (The Evolution of Data-Centric Protection) from InformationWeek Analytics presented by Security Dark Reading (requires registration) and written by technology expert Joe Hernick.  The report includes a survey of 384 business technology decision-makers at North American companies and the purpose of the report was to determine the role of endpoint protection in enterprise data security strategies.  The opening line of the report was great: “Think sophisticated attackers are your biggest problem?  Our survey says clueless and malicious end users are more likely to stymie even the best-laid defensive plans.”  I have experienced and observed similar results for years,Read More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, School Safety

Lessons Learned Review…Keeping You Out of the Headlines and out of this Blog… Please take a moment to consider how these Lessons Learned could be implemented by managers within your organization to avoid expensive and embarrassing situations… Law would require monthly school security drill A new New Jersey bill would mandate that all public and nonpublic schools conduct monthly school security drills for non-fire evacuation, lockdown and active shooter response. Currently, all schools have emergency security plans in place, but many schools are not comfortable with the procedures due to a lack of implementation.  Spam Survey According to a recent survey released by the MessagingRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security

As People continue to accumulate numerous passwords for their online social networking sites, personal e-mail and online banking, most People seem to have no problem logging in with different passwords for different applications to protect THEIR PERSONAL information. So we know People can handle passwords!  The key then for Managers (including IT Managers) is to help People (boards, employees, vendors, contractors, partners, etc.) understand the importance of THEIR ORGANIZATION’s information. However, a recent survey by Credant Technologies revealed that 35% of IT Security professionals do not use a password on their business phones or smartphones, even though they contain sensitive and confidential information!  Information mayRead More →

By:
On:
In: *Connecting the Dots Blog*, Information Security, Legal

A new Computer Security Audit Report was released by Legislative Division of Post Audit State of Kansas in July 2009 providing an overview of computer and network security for five state agencies.  The audit found weak password controls and missing security patches for servers and 39 percent of one unnamed agency’s passwords were cracked within five minutes using free software that can be easily downloaded from the Internet. To breach an agency’s passwords, hackers scan vulnerable servers that may not have the latest security patches applied and then locate an encrypted list of passwords they can copy and use password cracking software to reveal users’Read More →