National Breach Notification Laws
As a follow-up to a post from February 2009, I’m mostly happy to comment on the recent progress that’s been made toward the establishment of National breach notification laws. As reported on November 5, 2009 by GovInfoSecurity.com, “the Senate Judiciary Committee Thursday approved two companion bills that would require businesses and government agencies to notify [...]
Posted: November 8th, 2009 under Uncategorized.
Comments: none
Fooled by Information Asymmetry
On July 24, 2009 Trina Thompson sued her alma mater, Monroe College for the full cost of her tuition after graduating with a bachelor of business administration degree in information technology. Why? Because she couldn’t find a job. Before sympathizing with Thompson’s claim that “they [the counselors] have not tried hard enough to help me”, [...]
Posted: September 22nd, 2009 under Uncategorized.
Comments: none
Rumors and Preparedness
There are rumors circulating around SANS and full-disclosure circles that there is a 0day SSH exploit in the wild that might be announced sometime around the upcoming Black Hat event. Whether or not it is true is to be seen, but beyond the question of “is it or isn’t it,” it’s interesting to consider the [...]
Posted: July 9th, 2009 under 0day, IDS/IDP, Remediation.
Comments: none
Determine the scope? How?
Not a month after the Heartland breach, we now have reports of another malware-driven payment system breach of as-yet unknown proportions. Despite the proliferation of anti-threat devices and well-intentioned compliance programs such as PCI, we continue to see an increase in the number and cost of reported data breaches. The ITRC reported 656 breaches in [...]
Posted: February 26th, 2009 under Audit.
Comments: 2