Browsing Category: Compliance

Categories: Compliance, SMB Security

By David Mortman

After a long 2.5 years Gene Kim, Kevin Behr, George Spafford, the authors of the awesome Visible Ops series, have just launched their latest book, The Phoenix Project.  I was fortunate enough to get to read some early drafts, so I am extra excited that it is finally shipping. When Gene first mentioned the book to me, I was rather surprised that it was a novel. I was a bit skeptical of the choice of genre but dove in anyway, and I am so glad I did.

Read more...

UPDATE – In an attempt to reign in the tendency of indifference toward consumer privacy among mobile application developers, California Attorney General Kamala D. Harris today made public a list of guidelines regulating the ways in which mobile application developers and technology companies handle user data and educate users about what they intend on doing with that data.

Read more...

Categories: Compliance

An Idaho non-profit hospice has been fined $50,000 for losing a laptop containing unencrypted data on 441 patients.The laptop was stolen in February 2011 from a hospice worker’s car and never retrieved, according to news accounts. But Hospice of North Idaho officials say there is no evidence the personal information has been used to commit identity theft or fraud.

Read more...

In an alert issued by the Office of the Comptroller of the Currency (OCC), Deputy Comptroller for Operational Risk Carolyn G. DuChene warned financial and other critical institutions about the wave of ongoing distributed denial of service (DDoS) attacks targeting their networks. DuChene is urging the banks in particular to share data about the attacks with one another and reiterated the OCC’s expectation that banks have risk management plans designed to mitigate such attacks in place ahead of time.

Read more...

Dennis Fisher talks with Chris Soghoian, a principal technologist at the ACLU, about the developing market for buying and selling exploits and vulnerabilities. Soghoian has been a vocal critic of exploit sales and in this podcast he discusses the reasons why and why he thinks the policymakers in Washington need to get involved.

Read more...