A New Year is always a good time to reflect on the past and make plans for the future. 2008 was a very busy year for security breaches, with 656 reported breaches exposing up to 35 million customer records according to a recent report by the Identity Theft Resource Center (ITRC). This was nearly a [...]
Author Archives: David Lineman
How mature is your information security policy program? Do you have a set of outdated documents stored in a binder or intranet site? Or do you have a documented management program that keeps your policies up to date, your users informed and your internal auditors sleeping at night? This is the first article in the [...]
The events of 2007 and 2008 have led to an increased focus on governance, security and privacy within the financial services market. One increasingly common scenario is when a third-party service provider must have their security program validated by the financial institution that it serves. Historically, these audits were based on the BITS framework and [...]
New PolicyShield Service Provides Security Policy Updates Based on the Latest Threats HOUSTON, Texas – February 1, 2008 - Information Shield (www.informationshield.com), a leading developer of information security policy and security awareness products, today announced the release of the new PolicyShield information security policy subscription service. PolicyShield is the first service that enables organizations to [...]
Some organizations still receive little management support or funding for a sound information security policy program. Within the last several years, however, numerous federal, state and international regulations have been passed that require the protection of information. Many organizations are now enhancing their information security policies in response to legal and regulatory requirements. In some […]
Companies that have their identities used in phishing scams have little recorse in stopping the attacks. However, new legislation proposed by the Justice Department would expand the ability of enforcement agencies to prosecute identity theft, and adds provisions that may help corporations who are used in phishing scams. The “Identity Theft Enforcement and Restitution Act […]
Social Networking sites present some unique challenges for organizations that must attract and keep young workers. Is the use of social networking sites at work a necessary perk or an unacceptable risk to corporate information? Some argue that organizations must allow access to social networking and other Web 2.0 sites to help attract a more […]
Legal precedents are beginning to dictate a new standard for the notification of policy changes to your customers and employees. In the “old days” organizations would post changes to information security policies on the corporate intranet, and perhaps even notify employees that these changes occurred via email or some other means. However, in legal actions […]
In July 2007, several contractors of Los Alamos National Laboratory were fined a total of $3.3 million for failing to adequately protect data as required in their contracts. The Department of Energy (DOE) initiated formal enforcement actions against specific current and former contractors, the reports said that investigations revealed that the contractors failed to prevent […]
A number of recent surveys indicate that an increasing number of attacks are targeting applications, rather than operating systems. Hackers have discovered that applications are patched far less frequently than operating systems and web servers. For example, the recent release of the SANS Top 20 vulnerabilities of 2005 points to a number of problems related […]