Data Breach Costs now Average $154 per Record

In a recently published benchmark research report it was found that executives in 2015 – motivated by growing concerns from ongoing data breaches and other cyber-attacks to their organizations – are now paying greater attention to the security practices of their organizations. To that point, research from that report also indicated that the average total cost of a data breach for the 350 companies participating in this research increased from $ 3.52 to $ 3.79 million US dollars (e.g. a 23% increase in total cost of data breach since 2013). The average cost paid for each lost or stolen … [Read more...]

Cyber Intelligence Sharing Website Newly Launched

Our staff would like to bring your attention to the fact that U.S. retailers have recently joined forces and have launched a website called “Retail Cyber Intelligence Sharing Center”. In order to create a structure for this website and to better address the needs of the retail industry, the R-CISC was developed with input from more than 50 of America’s largest retailers, and in consultation with key stakeholders including federal law enforcement, government agencies and subject matter experts. For the record, the R-CISC is an independent organization, the focus of which is a Retail … [Read more...]

Disaster Preparedness Teams Can Benefit from a Recent World Economic Forum 2014 Risks Report

In an earlier posting on this website, our staff published a story reviewing the consensus for listing the threats of 2013 which impacted many organizations.  In this posting, the point addressed is that very often risks of threats or incidents can impact an organization because of the occurrence of some global size event that would appear to be beyond the scope of an organization’s disaster preparedness planning. With that thought in mind, our staff would like you to be aware of a recently released World Economic Forum report which attempts to size up the impact of some all-too-real … [Read more...]

NIST Offers Free Download of SP 800-53, Rev 4

The National Institute of Standards and Technology (NIST) has now made available the Final Release of SP 800-53 Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations – representing the most comprehensive update to the security controls catalog since its inception in 2005. This update was motivated primarily by the expanding occurrences of cyber security threats – looking at the increased sophistication of those cyber-attacks; the growing frequency of such attacks; the professionalism of the attackers, and the persistence of targeting by … [Read more...]

Risk Assessment Guidance Document Released by NIST

Risk assessments are part of an organization's total risk management process. To better assist those organizations in conducting effective risk assessments, the National Institute of Standards and Technology (NIST) has released a final version of its risk assessment guidelines that can provide senior leaders and executives with the information they need to understand and make decisions about their organization's current information security risks and information technology infrastructures. "Risk assessments are an important tool for managers," explains Ron Ross, NIST fellow and one of … [Read more...]

Security Central Exchange Launched to Bring Security Minded People Together to Improve Their Security Posture

The distinguishing lines and points of differences between physical and technical or network security are becoming harder to find – in fact, the convergence of these areas of security disciplines has been happening at an accelerated rate for nearly ten years. And, given the escalation of threats facing many companies today, there is a strong belief that this continued convergence of security disciplines may in fact be causing potentially new challenges for businesses, consumers and the “average person” having to respond to such security related  risks or threats in a timely manner. The … [Read more...]

National Preparedness System Description Announced by FEMA

Craig Fugate, Administrator, FEMA recently announced the next step to be taken regarding the Presidential Policy Directive on National Preparedness. That next step in FEMA’s ongoing efforts to improve levels of preparedness against a wide range of threats and hazards, such as acts of terrorism, cyber-attacks, pandemics and catastrophic natural disasters, was to release a description of the National Preparedness System. FEMA recognizes that the nation will be most prepared for threats and hazards when we work together, and to that point the National Preparedness System has now outlined in … [Read more...]

“Duqu” Trojan Threat Info Request Addressed

In response to increased reader's comments and requests for updates regarding the Duqu Trojan threat, our staff has organized a series of links to articles addressing the Duqu threat for our readership. To attempt to put the threat from the Duqu virus in proper perspective, our staff also agrees with Bulent Teksoz, Chief Security Strategist for Emerging Markets with Symantec, when he states that, “.... while Duqu does not directly target industrial control systems; its discovery has reignited fears about cyber-attacks targeted at power plants, water treatment facilities, and chemical … [Read more...]

Cyber Security Guidance Document Released by SEC

As part of this website’s efforts to educate our readers about this October being National Cyber Security Awareness Month (NCSAM), and to support NCSAM’s theme of Week 3 of this month – e.g. to focus our attention on national and local efforts to prevent identity theft and other cybercrimes --- our staff has organized some additional content and comments regarding the recent release by the Securities and Exchange Commission (SEC) of a cyber security related guidance document. This document is entitled “CF Disclosure Guidance: Topic No. 2” and provides the SEC’s Division of Corporation … [Read more...]

Test Your Awareness of Recent Cybersecurity Threats and Events

Given the recent significant increase in the number of data breaches reported by both businesses and governments around the globe, many concerns still exist and solutions remain to be found regarding these potential threats of violations of privacy rights. For an example, some internet users are questioning whether the increase in recent reports is due to a real increase in the actual number of attacks or are these events an indication that legal and regulatory requirements are forcing more reporting of these events. Since it appears that these recent breaches are nearly impossible to … [Read more...]