Yesterday the U.S. Federal Trade Commission (FTC) handed down yet another penalty against an online retailer, Life is good, Inc., for not properly safeguarding their online ecommerce applications.
The FTC charged they were in violation of the FTC Act because they promised in their online privacy statement that they would safeguard their customer data, but yet a hacker “was able to use SQL injection attacks on Life is good’s Web site to access the credit card numbers, expiration dates, and security codes of thousands of consumers.”
Posts Tagged ‘awareness and training’
FTC Hands Down Another FTC Act Noncompliance Penalty For Bad Online Application Security
Friday, January 18th, 2008A Roadmap For Successful ITIL Implementation
Thursday, January 17th, 2008The final chapter of my ebook, “The Shortcut Guide to Improving IT Service Support through ITIL” was just released!
Clearly Justify Your Information Security and Privacy Policies
Wednesday, January 16th, 2008I’m helping one of my clients with updating their information security and privacy policies, aligning them with ISO 27002, and creating new policies to fill gaps as necessary based upon the organization’s risks. I was speaking with the CISO this week and he made a statement that I’ve heard many times over the years that really is a blockade to advancing information security within most organizations.
“I wish when the CEO rejects a policy he would tell me why. I know he’s short on time, but it would help me do my job so much better if he’d just explain why.”
CMS Hires A Fox To Guard The HIPAA Henhouse
Tuesday, January 15th, 2008I just read a very interesting article, “CMS’ HIPAA watchdog presents potential conflict” that made me go Hmmm!!
The genesis of the article is that the Centers for Medicare and Medicaid Services (CMS), the agency that is responsible for the Health Insurance Portability and Accountability Act (HIPAA) oversight and compliance enforcement, has contracted PricewaterhouseCoopers (PwC) to perform HIPAA Security Rule compliance audits during 2008.
Man Pleads Guilty To Loading Keylogger Software On Public Computers Worldwide To Collect PII and Commit Fraud
Monday, January 14th, 2008Here’s another good example of an actual cybercrime that was allowed to occur because poor of safeguards on computers provided for public use.
On January 9, 2008, Mario Simbaqueba Bonilla plead guilty to installing keylogger software on hotel business center and Internet cafe computers located in hotels throughout the world that allowed him to access the bank and other financial accounts of over 600 individuals.
Insider Threat Example: Programmer Sentenced To 30 Months In Jail And $81,200 Fine
Sunday, January 13th, 2008Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
Terrorists Over 50 Don’t Fly According To The DHS
Friday, January 11th, 2008New FTC Spam & Phishing Report
Wednesday, January 9th, 2008On December 28 the U.S. Federal Trade Commission (FTC) made a new report available to the public, “Spam Summit: The Next Generation of Threats and Solutions.”
The report describes the findings from a July 2007 workshop the FTC hosted, and proposes follow-up action steps to mitigate the damages caused by malicious spam and phishing.
Egregious Privacy Infringment: Fire Chief Emails Photo Of Topless Crash Victim
Tuesday, January 8th, 2008Here is an example of how personnel can take photos and videos and completely invade the privacy of others, particularly those who have no voice to say stop.
A Central Florida fire chief will likely lose his job for widely emailing photos from a crash scene of a female victim that included view of her exposed breasts as paramedics were attending to her.
