Access Control

FDA calls on manufacturers, hospitals to better protect medical devices

FDA calls on manufacturers, hospitals to better protect medical devices

By

While scenarios in which network-enabled medical devices, such as pacemakers, are hacked has shown to be possible, the U.S. Food and Drug Administration believes the real-life risk is growing.

Students improperly view file that contained personal data

By

A file containing the personal information of current and former Colorado State University-Pueblo students was accessed last spring by unauthorized users.

GAO scolds EPA for poor security

By

In a report released this week, the federal Government Accountability Office (GAO) found that the EPA, which just announced a server breach resulting in the personal information compromise of 7,800 people, is falling short in several areas.

Hospital workers access patient data with fraud in mind

By

Thousands of patients of Memorial Healthcare System in Hollywood, Fla. may be at risk for identity theft after two former employees improperly accessed their records.

Court ruling limits reach of U.S. anti-hacking law

By

A U.S. Circuit Court of Appeals ruling has said employees who violate their organization's user policies do not violate the federal Computer Fraud and Abuse Act (CFAA).

Secure access, authorization among areas still lacking at IRS

By

A favorite whipping boy of the Government Accountability Office, the Internal Revenue Service has yet to clean up its security act, though improvements continue, according to a new audit.

On creating an IAM governance body

On creating an IAM governance body

Identity and access management programs are quite tricky to scale across an organization, but implementing a governance team can go a long way to effectively using the technology to meet compliance and manage user permissions.

Access control

By

As long as we want to allow some users access and deny others, these products will be with us.

GAO again slams IRS over security weaknesses

Despite repeated warnings from the GAO, the IRS has not done much to improve its security posture, and the tax collector was chastised in yet another federal audit.

Facebook rolls out application-specific passwords

By

Facebook on Thursday introduced two new security features to help users better protect their accounts. The first is the ability to create unique passwords for each application a user accesses. (Normally they only need to enter in their standard Facebook credentials). The new capability allows members to create a password, which they won't have to remember each time they login to the app, by visiting Account Settings>Security>App Passwords. Meanwhile, the "Trusted Friends" feature allows a user to select three to five trusted individuals to serve as custodians of codes that can be used to access one's account if he or she is ever locked out.

Australian gov't wins U.S. security award from SANS

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.

Recent attacks cost Energy Department at least $2M

By

The attacks, which occurred at four department locations, were not described in detail, but were deemed "successful" for adversaries, according to the annual audit.

Federal security incidents shoot up 650 percent

By

Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.

UCLA Health System fined over celebrity patient snooping

By

UCLA Health System must pay $865,500 as part of a settlement with the U.S. Department of Health and Human Services (HHS) over complaints that employees snooped on the health records of two celebrities.

More than 30 hospital workers fired for snooping

By

Thirty-two employees were fired from two hospitals in Minnesota after they viewed electronic records belonging to patients who were hospitalized after overdosing at a house party, according to a report in the Minnesota Star-Tribune. The employees, who worked at Unity Hospital in Fridley and Mercy Hospital in Coon Rapids, do have access to certain records, but in this instance, had no legitimate reason to view the documents. As hospitals transition to electronic health care records, more instances of unauthorized access, such as cases last year in California, have cropped up.

Facebook announces two-factor authentication

By

Facebook is rolling out two-factor authentication to fight against the possibility of unauthorized account access.

Wind power company disputes alleged SCADA hack

By

A major U.S. energy supplier has found no evidence of breach despite claims by a former employee that he hacked into the company's New Mexico wind turbine facility as revenge for being fired.

White House finalizes online identity strategy

By

The Obama administration released the final version of its National Strategy for Trusted Identities in Cyberspace, the goal of which is to create a so-called identity ecosystem where online transactions are more trustworthy.

Former Gucci insider charged with hacking network

By

A former network engineer at Gucci has been charged with hacking into the company's network, deleting data and shutting down servers and networks.

ETSI releases identity management specifications

By

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.

Security experts, DHS, lawmakers react to RSA hack

By

Five days after RSA announced that its systems were breached by a sophisticated attack, details remain scant about how customers of its SecurID two-factor authentication products may be affected.

GAO slams IRS for data protection missteps

By

With the tax filing deadline a month away, the IRS is feeling the heat from the U.S. Government Accountability Office over lax data security practices.

Cloud computing brings a chance of showers

Cloud computing brings a chance of showers

Monitoring those with access to virtual machines running in the cloud is an important step to successful deployment.

The domino effect of Gawker's poor password practices

The domino effect of Gawker's poor password practices

Poor authentication standards encourage bad passwords and enable the data breach at Gawker to harm security across the web.

IT security budget issues: Fiscal reality

IT security budget issues: Fiscal reality

By

The financial crisis will have a lasting impact, but some organizations have found ways of doing more with less.

Facebook unveils new logout capability

By

Facebook on Thursday announced the launch of a new security feature that allows members to log out of any active sessions from a central control. The function is aimed at users who may have accidentally remained logged in when using a computer or mobile device that wasn't their own. However, according to a Facebook Security blog post, the feature also can be used to sign off individuals who may have gained unauthorized access to an account. The new tool complements a feature announced in May that allows users to approve the devices that can access their accounts. — DK

CA continues cloud buying spree with $200 mil Arcot buy

CA continues cloud buying spree with $200 mil Arcot buy

By

Continuing its cloud computing buying spree, IT management software provider CA Technologies announced Monday that it plans to acquire authentication solutions provider Arcot for $200 million.

Control corporate financial risk

Control corporate financial risk

Entitlement reporting can help organizations control risk and meet compliance mandates, while accounting for employee access.

Implications of desktop virtualization for secure remote access

Implications of desktop virtualization for secure remote access

Many organizations may be considering server virtualization, but next on the horizon is desktop virtualization, which promises to deliver secure remote access and WAN optimization, among other benefits.

Opinions mixed about White House's online identity plan

By

Critics of the White House's proposed national internet identity authentication plan, intended to improve online privacy and security, say the strategy may do just the opposite. Proponents, meanwhile, believe it represents a major step toward establishing online trust.

Sign up to our newsletters

POLL