Sister CISA CISSP:

Data Breaches


January 20, 2009  9:03 PM

Hannaford Redux – Another Break-in From the Inside



Posted by: Arian Eigen Heald
Data Breaches, PCI DSS, Security

The sixth largest US credit card payment processor Heartland Payment Systems, has just acknowledged that their payment systems have been breached. The discovery of...

January 13, 2009  3:34 PM

The Purpose of Audit



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database security, IT audit

Bruce Schneier's last cryptogram contained a discussion about the purpose of audit. He was commenting on the fact that Barack Obama's phone records, passport file and aunt's immigration status was inappropriately accessed by employees...


December 20, 2008  2:11 AM

Thank you, Federal Trade Commission…



Posted by: Arian Eigen Heald
Data Breaches, Database security, DataManagement, Identity theft, Security, Tearing My Hair Out

For saying the blindingly obvious: "Companies and schools should find new ways to authenticate the identities of customers, employees and students that do not involve social security numbers, a U.S. consumer protection agency said on Wednesday as part of recommendations to fight identity...


December 17, 2008  4:46 PM

Nobody is “Too Small” to Get Hacked



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Identity theft, Security

It's been an interesting week in "Breachland," with reports of breaches in all sorts of places: eyewear companies,


December 2, 2008  11:48 AM

“Selling It”



Posted by: Arian Eigen Heald
Data Breaches, Identity theft

Information about consumer purchases, habits and history have become multi-billion dollar treasure troves for businesses to sell and mine for others. Specialized, targeted information from consumer databases held by banks and other financial institutions are being used to develop business...


November 29, 2008  1:47 AM

What does a Data Breach REALLY Cost?



Posted by: Arian Eigen Heald
Data Breaches, Identity theft, Security

If you want to experience pain in the corporate wallet, I invite you to go to the Data Loss Cost Calculator. Plug in some numbers and look at the costs in the different regulatory penalties, attorney fees, investigation costs, etc. I recently...


November 27, 2008  2:40 AM

Where The Thieves Are



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Identity theft, Security

The core requirements for committing the kind of data theft that leads to identity theft are ability, motivation and opportunity. Ability means having the skills to do the actions required. Start-up costs for data theft are low, with information readily available, computer...


November 25, 2008  2:57 PM

Data Breaches and Business Liability Part I



Posted by: Arian Eigen Heald
Compliance, Data Breaches, HIPAA, Identity theft, IT audit, PCI DSS, Security

The most significant financial impact of identity theft has yet to be examined. I believe that the risks to business and other institutions now include legal, reputation, financial and compliance risks that cannot be transferred. Victims of identity theft are looking to recoup their financial...


November 17, 2008  9:42 PM

Educating Users (Yes, I Know….)



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, IT audit, Security

I can hear the collective eye-rolling from here. But guess what! New federal regulations are requiring security education from organizations as part of compliance: SEC regulations for financial institutions http://www.sec.gov/index.htm...

Bookmark and Share     1 Comment     RSS Feed     Email a friend


November 12, 2008  12:43 AM

Wireless: Get Ready to Kiss WPA Goodbye



Posted by: Arian Eigen Heald
Data Breaches, Security, Wireless

The word is out in InfoSec circles that a practical attack method against WPA - enabled wireless access points has been announced and is to be presented at PacSec in Tokyo this week. It used to be...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: