Browsing Category: Compliance

Non-profit Hospice Hit with Large Fine for Small Data Breach

Categories: Compliance

An Idaho non-profit hospice has been fined $50,000 for losing a laptop containing unencrypted data on 441 patients.The laptop was stolen in February 2011 from a hospice worker’s car and never retrieved, according to news accounts. But Hospice of North Idaho officials say there is no evidence the personal information has been used to commit identity theft or fraud.

Read more...

Regulator Warns Banks About DDoS Attacks, Encourages Information Sharing

Categories: Compliance, Hacks, SMB Security

In an alert issued by the Office of the Comptroller of the Currency (OCC), Deputy Comptroller for Operational Risk Carolyn G. DuChene warned financial and other critical institutions about the wave of ongoing distributed denial of service (DDoS) attacks targeting their networks. DuChene is urging the banks in particular to share data about the attacks with one another and reiterated the OCC’s expectation that banks have risk management plans designed to mitigate such attacks in place ahead of time.

Read more...

Chris Soghoian on Exploit Sales

Dennis Fisher talks with Chris Soghoian, a principal technologist at the ACLU, about the developing market for buying and selling exploits and vulnerabilities. Soghoian has been a vocal critic of exploit sales and in this podcast he discusses the reasons why and why he thinks the policymakers in Washington need to get involved.

Read more...

SAS70 Needs to Die

Categories: Compliance

By Andrew Storms

Let’s be clear, SAS70 should be sentenced to a quick and painful death in the bottom of a giant pit protected by 20-foot thick concrete walls where it should be buried forever, along-side other IT criminals such as Windows ME and IE6.

Read more...

Report: Advanced Malware Targeting Organizations up Nearly 400 Percent

There’s been a huge jump in malicious, web-based infections targeting companies in the last year, a nearly 400 percent increase from last year, according to research released today by network security company FireEye. The company’s “Advanced Threat Report – 1H 2012,” blames the jump on attackers’ ability to penetrate organizations’ usual security infrastructures.

Read more...

10 Tips for Getting Started With Security Metrics

Categories: Compliance

By Joe GottliebIt’s becoming evident that security practitioners have to take on a metrics mentality to improve security operations, reduce risks and better advise their critical decisions. There are several steps an organization can take to ensure that they are on the right path.There are some must-haves that need to be in place – or at least discussed—in order for a security metrics initiative to have any chance of success:

Read more...