On June 1 the U.S. Office of Management and Budget (OMB) released recommended language for all federal government chief information officers for required common security configurations for Windows computer operating systems that should be included in acquisitions solicitations to information technology providers.
Archive for the ‘government’ Category
OMB Sets Security Configuration Contracts Language for Acquisitions
Wednesday, June 13th, 2007“Getting Tough” With Information Security Is Really Just Getting Smart
Tuesday, June 5th, 2007Today I saw the headline, “Energy gets tough on laptop use” in Government Computer News and I was curious to see that the story was about how the U.S. Department of Energy (DOE) is going to start actually enforcing their security practices by accurately inventorying and tracking their mobile computing devices after having “lost” 1,415 laptops in the past 6 years. The DOE also indicates they are going to start enforcing their security policies and procedures.
New Information Security and Cybercrime Initiatives Planned in the EU
Monday, June 4th, 2007As cybercrime continues to occur in more varied ways, as more incidents are reported every day, as new threats emerge, as more vulnerabilities are found within software and systems, often within those products that companies buy to improve security, the more bills, plans, initiatives and laws that emerge worldwide to address these issues.
Web Hackers Fined $15 Million by SEC
Sunday, June 3rd, 2007I remember reading in an issue of 2600 The Hacker Quarterly magazine several years back about how easy it is to commit crime, without being noticed, by hacking poorly secured web sites.
Hacking is often viewed to be a safe, almost anonymous, type of crime that is often very hard to pin upon one individual.
If People Aren’t Trained The Best Security Will Go For Naught
Saturday, June 2nd, 2007This week there has been much talk in the U.S. news about how Andrew Speaker, the now notorious TB patient (more specifically extensively drug-resistant tuberculosis, or XDR-TB), apparently very easily circumvented security controls to come back into the U.S. via Canada.
My heading is a paraphrase of a longer quote I really like from Charles Schumer that he made about this incident, but that also applies very nicely to all information security practices.
It’s Hard to Keep Secrets When You Entrust Them To Others
Friday, June 1st, 2007When you entrust sensitive information to a contracted company or individual, you are also accepting risk. If you do not perform due diligence to ensure your contractor has effective safeguards in place, and understands that your information is sensitive, and if you do not have specific security requirements within your contract, you are opening yourself up to a major embarassment, major incident, or both.
The U.S. State Department entrusts many of their secrets to many different contractors. They have found themselves with yet some more bad press as a result of one of their contractors.
Outsourced Company’s Unsecure Application Makes U.K. Passport Applicant PII Available to Everyone On the Internet
Wednesday, May 30th, 2007A Twist Within a New State Breach Notice Law: Maryland’s Also Requires Information Security Safeguards
Monday, May 28th, 2007Here’s something that you don’t see in other states…
On May 17, Maryland Governor Martin O’Malley signed into law two identical bills, one from the House and one from the Senate, that require businesses to notify state residents if their unencrypted or unredacted personal information, whether in electronic or paper form, is breached. In addition to mandating breach notification, the new law contains data security and data destruction requirements for companies doing business in the state.
More Reason to Strengthen Information Security: New MN Law Restricts How Long Merchants Can Retain Purchase Information
Monday, May 28th, 2007To date we have at least 37 U.S. states that have enacted breach notice laws, (Maryland’s new breach notice law was signed May 17th), but these address how to react AFTER personally identifiable information (PII) has been compromised. Multiple federal-level bills proposed but none yet passed.
