Sister CISA CISSP:

Data Breaches


October 21, 2008  1:58 PM

ATMs with Bugs – At the Grocery Store



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Hardware & InfoSec, Security, Wireless

From the Wall Street Journal comes the disturbing news that a high-tech wireless "bug" has been found in hundreds of grocery store ATMs in five different European countries. According to WSJ: Examining...

October 10, 2008  2:12 PM

ATMs Redux – Why I Don’t Use My Debit Card



Posted by: Arian Eigen Heald
Automatic Theft Machines, Data Breaches, Hardware & InfoSec, PCI DSS, Security

In a previous post about Automatic Theft Machines I commented on the worrisome rise in skimming with these machines. Now, to add to our pain, we should be concerned about gas station pumps,...


September 29, 2008  9:43 PM

Do You know Where Your Previous Mobile Phone Is?



Posted by: Arian Eigen Heald
Data Breaches, Eigen's Rules of Thumb, Hardware & InfoSec, Mobile, Security

Cell phone companies are tempting us more and more with phones that act as PDAs (Personal Data Accessory??), send and receive email, surf the Web, have bigger capacity to store documents, are music players, cameras and oh, by the way: a phone. And in the coming years some have proposed utilizing...


August 27, 2008  4:27 PM

“Over-Reacting” to Data Breach Reports



Posted by: Arian Eigen Heald
Compliance, Data Breaches, Security

After Benjamin Wright's comments on my previous post about Best Western, I hopped on over to his blog and took a look at his point of view. Speaking from a consumer point of view, I find cold comfort...


August 25, 2008  6:33 PM

European Hotel Chain Has Their Customer Data For the Past Year Accessed



Posted by: Arian Eigen Heald
Data Breaches, Database, Database security, Identity theft, Security, Security Devices

Visited Europe in the last year and used a Best Western Hotel? Your credit card, expiration date, the company that employs you, your name, address and future bookings may be in the possession of a Russian Mafia website. An enterprising Scottish newspaper, the Sunday Herald, noticed on Thursday...


August 21, 2008  3:48 PM

How to Audit Databases: Part I



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

Databases are enormous, powerful repositories of data. They can hold payroll, HR personnel data (think social security numbers) stock prices, Accounts Receivable, Client Relationship Management, and customer information. Banks can't live without them. Most medium and many small sized businesses...


August 19, 2008  1:20 PM

I Can Make Your Database Lie to You



Posted by: Arian Eigen Heald
Admins and Auditors, Compliance, Data Breaches, Database, Database security, DataManagement, Identity theft, IT audit, Oracle, PCI DSS, SAP, SAS 70, Security, SOX, SQL Server

So many financial auditors, CEOs, CFOs and others rely on electronic data to understand the complexities of General Ledger, Accounts Payable, etc. In this era of SAP, ADP, electronic time clocks, etc., the one common denominator is the database underlying each application. Applications...


August 14, 2008  10:19 PM

Let’s Not Overuse “Identity Theft”



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Identity theft

I've noticed lately that the press has started applying this term liberally when data is stolen. Data theft is NOT the same thing as identity theft. (And when did we start capitalizing it, by the way?) Data theft does not equal identity theft, because not all data that is stolen is used to...


August 13, 2008  1:53 AM

Monitoring Insider Access to Databases



Posted by: Arian Eigen Heald
Admins and Auditors, Data Breaches, Database, Database security, DataManagement, Security

The recent report on the Countrywide data theft got me thinking again about how to monitor insider access to databases. The story is that the thief had access to the...


August 7, 2008  4:39 PM

Kill Your WEP Now



Posted by: Arian Eigen Heald
Compliance, Data Breaches, PCI DSS, Security, Wireless

The announcement on Tuesday that indicted 11 people for "the largest data breach in history" was an interesting read: The indictment returned Tuesday by a federal grand jury in Boston alleges that the suspects hacked into the wireless computer networks of retailers including TJX Cos., BJ's...


Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: