Today, “Internet failure hits two continents”
Were you impacted? If you were, then you probably aren’t reading this right now… 🙂
Archive for the ‘Information Security’ Category
Were You Taken Offline?
Thursday, January 31st, 2008Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!
Friday, January 25th, 2008Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.
Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!
Friday, January 25th, 2008Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.
Clearly Justify Your Information Security and Privacy Policies
Wednesday, January 16th, 2008I’m helping one of my clients with updating their information security and privacy policies, aligning them with ISO 27002, and creating new policies to fill gaps as necessary based upon the organization’s risks. I was speaking with the CISO this week and he made a statement that I’ve heard many times over the years that really is a blockade to advancing information security within most organizations.
“I wish when the CEO rejects a policy he would tell me why. I know he’s short on time, but it would help me do my job so much better if he’d just explain why.”
Man Pleads Guilty To Loading Keylogger Software On Public Computers Worldwide To Collect PII and Commit Fraud
Monday, January 14th, 2008Here’s another good example of an actual cybercrime that was allowed to occur because poor of safeguards on computers provided for public use.
On January 9, 2008, Mario Simbaqueba Bonilla plead guilty to installing keylogger software on hotel business center and Internet cafe computers located in hotels throughout the world that allowed him to access the bank and other financial accounts of over 600 individuals.
Insider Threat Example: Programmer Sentenced To 30 Months In Jail And $81,200 Fine
Sunday, January 13th, 2008Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
New FTC Spam & Phishing Report
Wednesday, January 9th, 2008On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.
FTC Fines Mortgage Co. For Tossing PII Into Dumpster: FACTA/FCRA, GLBA, & FTC Act Violations
Wednesday, December 26th, 2007On December 17 the U.S. Federal Trade Commission (FTC) fined and penalized American United Mortgage Company for throwing the personally identifiable information (PII) and financial information of its customers and consumers into an open, publicly-accessible dumpster.
Under the terms of the penalty, American United Mortgage Company must:
New Wireless = New Vulnerabilities = More Incidents?
Thursday, December 20th, 2007Most folks are looking at what’s coming in 2008. Heck, let’s go a bit further and look at some potentially big changes slated for 2009!
I just read an interesting Business Week story, “Just Ahead: A Wider Wireless World.”
In February, 2009 analog television broadcasting will be terminated.
