January 13, 2009 3:34 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Data Breaches,
Database security,
IT auditBruce Schneier's last cryptogram contained a discussion about the purpose of audit. He was commenting on the fact that Barack Obama's phone records, passport file and aunt's immigration status was inappropriately accessed by employees...
December 20, 2008 2:11 AM
Posted by: Arian Eigen Heald
Data Breaches,
Database security,
DataManagement,
Identity theft,
Security,
Tearing My Hair OutFor saying the blindingly obvious:
"Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...
December 17, 2008 4:46 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
Identity theft,
SecurityIt's been an interesting week in "Breachland," with reports of breaches in all sorts of places: eyewear companies,
December 2, 2008 11:48 AM
Posted by: Arian Eigen Heald
Data Breaches,
Identity theftInformation about consumer purchases, habits and history have become multi-billion dollar treasure troves for businesses to sell and mine for others.
Specialized, targeted information from consumer databases held by banks and other financial institutions are being used to develop business...
November 29, 2008 1:47 AM
Posted by: Arian Eigen Heald
Data Breaches,
Identity theft,
SecurityIf you want to experience pain in the corporate wallet, I invite you to go to the Data Loss Cost Calculator. Plug in some numbers and look at the costs in the different regulatory penalties, attorney fees, investigation costs, etc. I recently...
November 27, 2008 2:40 AM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
Identity theft,
SecurityThe core requirements for committing the kind of data theft that leads to identity theft are ability, motivation and opportunity.
Ability means having the skills to do the actions required. Start-up costs for data theft are low, with information readily available, computer...
November 25, 2008 2:57 PM
Posted by: Arian Eigen Heald
Compliance,
Data Breaches,
HIPAA,
Identity theft,
IT audit,
PCI DSS,
SecurityThe most significant financial impact of identity theft has yet to be examined. I believe that the risks to business and other institutions now include legal, reputation, financial and compliance risks that cannot be transferred.
Victims of identity theft are looking to recoup their financial...
November 17, 2008 9:42 PM
Posted by: Arian Eigen Heald
Admins and Auditors,
Compliance,
Data Breaches,
IT audit,
SecurityI can hear the collective eye-rolling from here. But guess what! New federal regulations are requiring security education from organizations as part of compliance:
SEC regulations for financial institutions http://www.sec.gov/index.htm...
November 12, 2008 12:43 AM
Posted by: Arian Eigen Heald
Data Breaches,
Security,
WirelessThe word is out in InfoSec circles that a practical attack method against WPA - enabled wireless access points has been announced and is to be presented at PacSec in Tokyo this week.
It used to be...
