Here is another example of what a worker, entrusted with access to business files, can do…and also provides a lesson about business continuity…
I just watched a CNN clip, “Cyber Sabotage” that provides a very good example of how costly the insider threat can be.
Posts Tagged ‘insider threat’
Insider Threat: Worker Deletes 7 Years of Files; Lesson? Make Backups!!
Friday, January 25th, 2008Insider Threat Example: Programmer Sentenced To 30 Months In Jail And $81,200 Fine
Sunday, January 13th, 2008Here’s a case I blogged about amost exactly a year ago, but it is worth revisiting since the sentencing for the crime was just handed down and it was significant. If you haven’t already, put this in your file of actual examples to incorporate into your information security and privacy awareness and training activities and content.
On January 8 a federal court in Newark, New Jersey, sentenced Yung-Hsun “Andy” Lin, a former systems administrator for Medco Health Solutions Inc., to 30 months in prison for transmitting computer code intended to wipe out data stored on Medco’s network; composed of more than 70 servers.
California Privacy Breach Law Changes Go Into Effect January 1, 2008: Redefines & Broadens “Personal Information” Definition
Wednesday, December 5th, 2007California’s privacy breach notification law SB1386 started the ball rolling with regard to what is now at least 40 U.S. states, including the District of Columbia, that have breach notice laws. Most of the subsequent state laws largely based theirs upon SB1386, including how the law defines “personal information.”
Effective January 1, 2008, the definition of “personal information” changes when AB1298 goes into effect in California.
Insider Threat, the Value of Computer Logs & the Need for Consistent Policy Enforcement
Monday, December 3rd, 2007In recent years many organizations have implemented the use of computer logs on their networks to be in compliance with multiple laws. However, here’s a perfect example of the value of computer logs beyond just to be in compliance; using them for one of the things they were meant to do…catch inappropriate activity and provide evidence that a specific person is doing something inappropriate or outright wrong.
A current news story documents how computer logs will likely cost a cop his pension and could point to evidence for his missing wife.
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
Monday, November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Insider Threat Lessons: Posting Threats And Personnel PII On The Internet Establishes Federal Jurisdiction
Monday, November 5th, 2007Here’s another insider threat example to know and to discuss with your legal counsel and HR folks. It highlights the need for information security and privacy policies, shows how information security and privacy must work with multiple areas on an ongoing basis, and demonstrates the sanctions that can be brought against those who break them.
Microsoft’s Charney Agrees That Information Security and Privacy Pros Must Work Together
Thursday, October 25th, 2007Yesterday (Wednesday) was the final day of the IAPP Privacy Academy, and it was a great conference for me! I have been preaching about information security and privacy collaboration within a 2-day training seminar over the past 2 years, so it is good to finally start hearing others recognize and promote the need for information security and privacy practitioners to work together.
Average Cost of ID Theft Per Victim is $31,356
Wednesday, October 24th, 2007Finally, a report that looks much more accurate with regard to how much identity theft costs the VICTIMS of a privacy breach. Most reported victim costs that I have seen in the past seemed much too low considering all the time that victims talked about trying to repair and recover from identity theft, and how much resources it took, the many years it often takes, and so on.
Data Will Always Be Less Safe In The Future…I Don’t Want To Get Gussied Up To Talk On The Phone
Wednesday, October 17th, 2007I have a blog problem…there are way too many things I want to blog about and not enough hours in the day to do it! Throughout each day I note news items from the TV, or website news articles, or research, or reports, or just observations while at businesses or in public, and I only have a chance to blog about a small fraction of them. Today I think I’ll just briefly mention five of the topics I’ve planned to blog about, along with a brief note about each, and then maybe I’ll be able to revisit them sometime in the near future and discuss them at greater length.
New FTC Report Provides Organizations Good Guidance For Protecting PII
Tuesday, September 18th, 2007Today the U.S. Federal Trade Commission (FTC) released a report, “Combating Identity Theft: Implementing a Coordinated Plan.”