September 2, 2014

IT Security Threats and Attacks Quantified by New Ponemon Institute Report

Photo courtesy of transfirst.com

A newly recently report, entitled “First Annual Cost of Failed Trust Report: Threats and Attacks”, has just been released.  This report presents research from the Ponemon Institute and was underwritten by Venafi.  The objective of this report is to provide the first extensive examination of how failure to control trust (in IT security keys and certificates) in the face of new and evolving threats is placing all global enterprises at risk. Every business and government relies on cryptographic keys and certificates to provide trust for critical electronic communications.  These technologies … [Read more...]

Wireless Network Security Tested in a Unique Way

Photo courtesy of holyroodpr.co.uk

Wireless network security levels were tested recently in Edinburgh Scotland by a cyclist who “war-biked” around the capital trying to find unsecured wireless networks which could be exploited by hackers. Security expert James Lyne utilized a bike equipped with dynamos and solar panels to power a computer which scans for wireless networks which have no or poor security. As our readers well know, hackers can join wireless networks and then become totally capable of directly attacking those computers and other devices to steal money or information. They can also track which websites you … [Read more...]

E-Discovery Newsletter of Notable Cases and Events

Photo courtesy of  ediscoverylawreview.com

In its ongoing effort to provide current and relevant updates regarding developments in the field of e-discovery, our staff would like to recommend a reading of the Sidley Austin LLP firm's current newsletter written by its in-house “E-Discovery Task Force” group. This group from Sidley Austin LLP works to stay abreast of the shifting legal landscape surrounding e-discovery. The most current update addresses the following recent developments and court decisions involving e-discovery issues: 1. A Northern District of Illinois ruling sanctioning a defendant company for failing to … [Read more...]

NIST Offers Free Download of SP 800-53, Rev 4

Photo courtesy of www.livehacking.com

The National Institute of Standards and Technology (NIST) has now made available the Final Release of SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations – representing the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated primarily by the expanding occurrences of cyber security threats – looking at the increased sophistication of those cyber-attacks; the growing frequency of such attacks; the professionalism of the attackers, and the persistence of targeting by … [Read more...]

Online Privacy Rights Remain Under Attack and Unresolved Issues for Many in 2013

Cyber Security

In a recent article, posted by PC World and written by Melissa Riofrio, the topic of online privacy for individuals was addressed in the light of growing threats to that privacy predicted for 2013. And, while a debate may exist about the meaning of privacy between different generations of individuals, the fact is that the data any individual generates on the internet is still a rich trove of information that says more about you than you may realize --- not to mention that it is also a tempting target for marketers and law enforcement officials alike. This year, your online privacy faces … [Read more...]

E-Discovery Predicted to be Business-Critical Operation in 2013

Photo courtesy of easyediscoveryblog.sonian.com

The topic of e-discovery continues to become an important area of enterprise risk management focus and is an area which our staff continues to monitor.  It is with that thought in mind, that brought our staff to recommend a recent posting by Aiith Samuel. Samuel's posting addresses trends and predictions for 2013 in which Samuel summarizes, “…e-discovery practices in 2013 will now involve other critical functions, including information governance, records management, social media and cyber-security, just to name a few.” Of the many postings reviewed regarding e-Discovery trends or … [Read more...]

NIST Updating SP 800-53 Information Security Guidance Document

Photo courtesy of dnssec-deployment.org

Many of our readers – especially associated with government contracting -- may not know that the National Institute of Standards and Technology (NIST) is now a step closer to publishing its 4th version of one of its premier information security guides --- i.e. Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations. More specifically, on Feb 5th 2013, NIST issued the final public draft of the guidance, seeking comments from the public as NIST will then publish the final version of SP 800-53 Rev 4, --- expected sometime this month of … [Read more...]

Cyber Insurance, Data Privacy and Information Security 2013 Trends Report

Photo courtesy of watsec.com

An exclusive 2013 report funded and released by the Cyber Data Risk Managers group offers the opinions of top industry regarding experts on what they think, feel and should happen in 2013 as it pertains to Data Privacy, Information Security and Cyber Insurance, as well as, what steps can be taken to mitigate risk(s) surrounding these cyber security related potential threats. A short summary of some of those observations and trends reported are: Inadequate security measures on government and private sector networks, critical infrastructure and telecommunications represent perhaps the … [Read more...]

SP 800-53 Rev 4 Planned Release for April 2013

NIST LOGO novainfosecportal dot com

Special Publication 800-53: Security and Privacy Controls for Federal Information Systems and Organizations – one of the National Institute of Standards and Technology's (NIST) premier information security guides --- is soon to be published in its 4th revision. Though the guidance is aimed at federal government IT systems, it is frequently followed by local, state and tribal governments as well as private-sector enterprises. Major changes in Revision 4 are planned to include: New security controls and control enhancements addressing the advanced persistent threat, supply chain, … [Read more...]

Social Media Risk Management Becomes Focus of New FFIEC Guidance Draft Document

Photo courtesy of bankinfosecurity.com

The ever growing challenge of social media risk management remains a topic of concern and focus for not only financial institutions but also for many organizations now using social media in a variety of ways, including marketing, providing incentives, facilitating applications for new accounts, inviting feedback from the public and engaging with existing and potential customers --- for example, by receiving and responding to complaints. Very recently, the Federal Financial Institutions Examination Council (FFIEC) released proposed guidance on the applicability of consumer protection and … [Read more...]