There’s been enough interesting information security and privacy news here in my own frigid (subzero) snowy back yard in central Iowa to keep me from looking beyond the state for discussion material. Well yes, I did look beyond anyway…what I found will wait until another day.
Yesterday was interesting in that the Iowa Department of Education announced a security breach into their GED database and the Microsoft versus Comes/Iowa class action lawsuit was settled out of court.
Archive for the ‘Information Security’ Category
Privacy Breach, Hackers and Lawsuits: Iowa Department of Education, Microsoft and Perkins Omelettes; Oh My!
Thursday, February 15th, 2007HSPD-12 and U.S. Government Agency Authentication and Access Controls
Wednesday, February 14th, 2007Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.
HSPD-12 and U.S. Government Agency Authentication and Access Controls
Wednesday, February 14th, 2007Creating technologies that authenticate users with a high degree of confidence has always been a challenge, not only because of the typical complexity of the systems, but also because of the amount of confidence that must be placed within the end-user to appropriately secure his or her own user authentication information, most commonly the user ID and password.
Over the past several years the U.S. Government Accountability Office (GAO) has identified the historically poor authentication and access control practices as barriers for successful information sharing between not only government entities, but also with the private sector.
Privacy Breach: Johns Hopkins University Lost Personal Information on 135,000 Individuals
Sunday, February 11th, 2007There now seem to be so many privacy breaches that it is hard to choose which one to discuss…
Last Wednesday, 2/7, Johns Hopkins University reported personal information on 135,000 employees and patients on nine backup tapes were missing that had been given to a contractor, Anacomp Co. Inc., to make microfiche backups.
FTC: Speech Highlights Need for All Organizations To Address Information Security and Privacy & Education On These Topics
Friday, February 9th, 2007The transcript of FTC Chairman Deborah Platt Majoras’ keynote on February 6 at the RSA conference, “ID Theft and Cyber-crime: Where Thieves Victims, Industry and Government Intersect” is available on the FTC site.
I’ve often stressed how the FTC Act basically applies to all organizations of all sizes in all industries doing business in the U.S. that have been entrusted to handle personal information. Too many organizations still believe that information security privacy issues only need to be handled by healthcare or financial organizations. The FTC has made many published statements to demonstrate that all organizations had better get their act together and implement safeguards for personally identifiable information (PII). Some of the statements within Majoras’ keynote emphasize this.
Identity Theft: More Info On Fallout From The TJX Breach
Wednesday, February 7th, 2007The Akron Beacon Journal reported February 5 more impacts of the massive TJX breach that occurred late in 2006 that may have impacted over 40 million individuals according to the Wall Street Journal.
Software Licensing: Free Tools from the BSA & 10 Steps To Compliance
Tuesday, February 6th, 2007I saw an article published on February 1, “United States: 10 Simple Steps To Ensure Software Licensing Compliance.”
Software Licensing: Free Tools from the BSA & 10 Steps To Compliance
Tuesday, February 6th, 2007I saw an article published on February 1, “United States: 10 Simple Steps To Ensure Software Licensing Compliance.”
PCI DSS and GLBA Compliance & Privacy Breach: Lawsuits Filed Against TJX
Sunday, February 4th, 2007Let’s look at the events that have occurred with the recent TJX computer hack and resulting privacy breach and identity thefts:
Free Awareness from the FTC: Phishing
Friday, February 2nd, 2007I ran across this on the FTC site, an email to send to folks that links to an animation to help make them aware of phishing messages; isn’t this cool!? The FTC sight provides this as an awareness raising communication. It’s a little long, and hopefully the folks going to this link will have their sound turned off so it doesn’t shock their desk neighbors, but all in all it is a great, FREE (paid for by U.S. tax dollars), awareness communication to warn about the threats involved with phishing messages.
