Security Policies

Australian gov't wins U.S. security award from SANS

Darren Pauli, editor, SC Magazine, Australia/New Zealand October 27, 2011

An Australian government agency that instituted patching, whitelisting and account control as the foundation of its targeted attack defense took home a U.S. award from the SANS Institute.
 

NIST releases continuous monitoring guidance

October 05, 2011

The National Institute of Standards and Technology late last week published new guidance to help organizations develop and implement an information security continuous monitoring (ISCM) program. This initiative can help companies better provide ongoing awareness of threats and vulnerabilities, assess the effectiveness of deployed security controls and support risk management decisions, according to the 80-page guidance document. A mature ISCM program, which requires the use of both automated and manual processes, will enable companies to move from compliance-driven to data-driven risk management.
 

Federal security incidents shoot up 650 percent

October 05, 2011

Agencies reported a total of 41,776 cybersecurity incidents, compared to just 5,503 in 2006, according to a new GAO report.
 

Most businesses lack social media security controls

September 29, 2011

Just 32 percent of U.S. IT and IT security practitioners said their company has a policy that addresses the acceptable use of social media by employees in the workplace.
 

Breach law passes hurdle, but faces opposition

July 21, 2011

Another federal data breach notification bill has cleared a U.S. House subcommittee, but both parties are clashing over what constitutes personal information.
 

SC Congress Canada: Privacy can be embedded into legacy systems

June 14, 2011

By embedding privacy controls into legacy systems, organizations can minimize the risk of data loss and achieve greater levels of protection, Ann Cavoukian, information and privacy commissioner of Ontario, said Tuesday at SC Congress Canada in Toronto.
 

ETSI releases identity management specifications

March 25, 2011

The European Telecommunications Standards Institute (ETSI), a nonprofit that produces standards for information and communications technologies, has completed a set of identity management specifications which outline how users can safely gain authorized access to data and services. The free specifications, which are aimed at network operators, internet service providers and systems designers, address access control issues related to third-parties and cloud environments. The specifications were created by ETSI's identity and access management for networks and services group, whose members include Nokia Siemens Networks, Alcatel Lucent, the University of Patras in Greece, and the University of Murcia in Spain.
 

Tax season: The IRS is the least of your concerns

Frank Kenney, vice president of global strategy at Ipswitch File Transfer March 21, 2011

With the April 18 tax deadline looming, security isn't top-of-mind for the employees in your finance, audit and operations departments.
 

FTC finalizes settlement with Twitter over privacy

March 15, 2011

The Federal Trade Commission late last week finalized a proposed settlement with Twitter, resolving charges that the social networking site failed to failed to properly safeguard the data and privacy of its users. As part of the settlement, announced in June, Twitter must create and maintain a comprehensive information security program and succumb to a third-party audit biennially for 10 years. Twitter was also barred for 20 years from misleading consumers about its security and privacy protections. Each subsequent violation may result in a penalty of up to $16,000. - AM
 

The cloud's dirty secret

Jeff Nielsen, VP of engineering, BeyondTrust March 01, 2011

Enterprise security teams need to get involved early in the decision-making process in cloud initiatives.
 

Red Flags Rule will not apply to certain professions

December 21, 2010

Services providers such as lawyers, doctors and accountants will not have to comply with the Federal Trade Commission's Red Flags Rule.
 

Penn. Medicaid recipients' information on missing flash drive

October 22, 2010

Two health insurers said a flash drive containing the personal health information of hundreds of thousands of Pennsylvania Medicaid recipients has gone missing.
 

Internal threats double as attackers shift strategy

July 28, 2010

Cybercriminals are partnering with malicious insiders, according to a report from Verizon Business and the U.S. Secret Service.
 

FTC delays Red Flags Rule enforcement until end of year

May 28, 2010

The Federal Trade Commission is, for the fifth time, pushing back the deadline for financial institutions and creditors to comply with the Red Flags Rule.
 

Report: Federal cybersecurity plan facing barriers

March 09, 2010

Federal agencies have overlapping and uncoordinated responsibilities for cybersecurity, according to a report released on Friday from the Government Accountability Office.
 

RSA Conference: White House declassifies U.S. cybersecurity initiative details

March 02, 2010

Howard Schmidt, the newly appointed White House cybersecurity coordinator, unveiled details on a Bush-era program to help secure the United States in cyberspace.
 

Study finds cyberthreats to be largest security concern

February 22, 2010

More than traditional crime, natural disasters and terrorism, the security threat that enterprise IT departments are most concerned with is cybercrime, according to a study by Symantec.
 

U.S. and Russian officials talk cyberissues

December 14, 2009

American and Russian officials recently met to discuss cybersecurity issues, such as collaboration among law enforcement bodies and the use of cyberweapons, the New York Times reported in its Saturday editions.
 

DHS secretary: Cybersecurity is shared burden

October 20, 2009

Cybersecurity is not the responsibility of one person or group since no one person is in charge of the internet, Department of Homeland Security Secretary Janet Napolitano said Tuesday.
 

House subcommittee passes cybersecurity R&D bill

September 25, 2009

The Cybersecurity Research and Development Amendments Act of 2009 would require federal agencies to develop cybersecurity research-and-development plans, as well as authorize grant funding and establish a scholarship program.
 

Security considerations critical in the cloud

September 17, 2009

IT departments are increasingly realizing the benefits of cloud security, but businesses must ask themselves a few questions before handing over control to a third-party.
 

Microsoft disputes password-stealing SQL Server bug

September 02, 2009

Researchers at a security company say they have discovered a vulnerability in Microsoft's SQL Server, but the software giant disputes the claim.
 

Can the president shut down the internet?

August 31, 2009

A revision to the Cybersecurity Act of 2009, the Rockefeller-Snowe draft bill in Congress, has drawn criticism because of concerns that it would give the president power to shut down the internet.
 

Purported malicious CD-ROMs actually part of pen test

August 31, 2009

A package sent to a credit union last week containing supposedly malicious CD-ROMs prompted a fraud alert from the National Credit Union Administration, but it was actually part of a penetration test.
 

Small businesses largely not PCI compliant

August 12, 2009

Though 83 percent of small businesses are familiar with the PCI DSS, just 62 are compliant, according to a recent survey.
 

US-CERT director resigns, plans to work for RSA

August 10, 2009

Another top cybersecurity leader has stepped down - news that comes in the wake of similar high-profile government resignations and a still-vacant federal cybersecurity coordinator post.
 

Energy companies say NERC standards inadequate

August 05, 2009

Updated: Respondents in a recent survey noted a number of issues with NERC's cybersecurity standards, including ambiguity over what they require and a need for further strengthening.
 

2010 budgets to fund app security and DLP, study shows

August 04, 2009

If security budgets go up next year, pros will be using the additional cash to buy application security and DLP technologies, a new study shows.
 

DoD might reblock Facebook, Twitter

August 03, 2009

Three months ago after an Army order lifted the ban on certain social networking sites, the Department of Defense said it is again questioning whether it should restrict access to popular web destinations.
 

Red Flags delay

July 30, 2009

The Federal Trade Commission on Wednesday announced that it will, for the third time, push back the enforcement deadline of the Red Flags Rule, which requires financial institutions and creditors to develop identity theft prevention programs. The new enforcement deadline is Nov. 1. In addition, the FTC will ramp up its efforts to educate small businesses about how to comply because many are still confused about their obligations, the FTC said. — AM
 
Powered by Disqus
Popular Topics
Analyst Reports & Industry Surveys Android Anonymous Breaches & Exposures Canada Data Breaches DNS Education Finance Government Hackers Hacktivism Health Care Lawbreakers & Cybercrime Lawsuit Legislation LulzSec Malware Mobile Applications Mobile Devices Phishing Retail Rootkits SC Awards 2012 Trojans