As cybercrime continues to occur in more varied ways, as more incidents are reported every day, as new threats emerge, as more vulnerabilities are found within software and systems, often within those products that companies buy to improve security, the more bills, plans, initiatives and laws that emerge worldwide to address these issues.
Archive for June, 2007
New Information Security and Cybercrime Initiatives Planned in the EU
Monday, June 4th, 2007Web Hackers Fined $15 Million by SEC
Sunday, June 3rd, 2007I remember reading in an issue of 2600 The Hacker Quarterly magazine several years back about how easy it is to commit crime, without being noticed, by hacking poorly secured web sites.
Hacking is often viewed to be a safe, almost anonymous, type of crime that is often very hard to pin upon one individual.
If People Aren’t Trained The Best Security Will Go For Naught
Saturday, June 2nd, 2007This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.
It’s Hard to Keep Secrets When You Entrust Them To Others
Friday, June 1st, 2007When you entrust sensitive information to a contracted company or individual, you are also accepting risk. If you do not perform due diligence to ensure your contractor has effective safeguards in place, and understands that your information is sensitive, and if you do not have specific security requirements within your contract, you are opening yourself up to a major embarassment, major incident, or both.
The U.S. State Department entrusts many of their secrets to many different contractors. They have found themselves with yet some more bad press as a result of one of their contractors.
