Category: Should Have Known Better

Lessons Not Learned – Public-Private non-communication in CyberSecurity

One of the deficiencies that came to light in the aftermath of the 9/11 terrorist attacks was the communication failure between competing intelligence agencies.  A report released this past Monday from the Government Accountability Office shows that the same failure to communicate is happening in the cybersecurity arena.  The breakdown in this arena is between [...]

Friday August 20th, 2010 in National and State Privacy/Security Law, Should Have Known Better | No Comments »

Be an Agile Defender

Anti-virus software is based on signatures of known viruses.  It’s a reactive product by nature and it should be known by now that these products are ineffective against new viruses and new variants.    That said, why test AV products against attacks they haven’t seen and then make a stink about it in a ComputerWorld article?  [...]

Thursday March 18th, 2010 in Business and Security, Should Have Known Better | No Comments »

Lawsuit, breaches and bashing… oh my!

Though it seems obvious that corporations have an obligation to protect the sensitive information they use for business it still amazes me that corporate behavior in this regard is still quite dismissive.  Lawsuits and public embarrassment seem to be the only catalyst for action for many organizations.  That is kind of sad.  Not only is [...]

Tuesday January 19th, 2010 in Business and Security, National and State Privacy/Security Law, Should Have Known Better | No Comments »

Failures in Leadership, Ethics, and Security

A breach of patient personal information at University Medical Center has all the makings of a made for TV movie or at least provides an opportunity to examine issues in security, leadership, ethics, and even the knee-jerk reaction of ignorant politicians trying to use the opportunity to score some free publicity.  The story “FBI looking [...]

Wednesday November 25th, 2009 in Business and Security, Ethics, Should Have Known Better | 1 Comment »

Learning From Someone Else’s Breach

A subsidiary of manged health care provider Health Net Inc, just reported the loss of personal information for 1.5 million customers that occurred six months ago according to a ComputerWorld article.  Without knowing all the details of the situation, I can only speculate as to some of the security controls and thoughts of the Health [...]

Friday November 20th, 2009 in Business and Security, Should Have Known Better | No Comments »

Patch Management Only 1/2 the Battle

An audit of cybersecurity for DHS’ nine most frequently visited Web sites found that although general security protocols were followed, there were still a number of vulnerabilities and gaps in security, including inconsistent management of security patching and security assessments.  Lipowicz, Alice.  “DHS Web sites vulnerable to hackers, IG says”, Federal Computer Week, 09Oct2009. It [...]

Wednesday October 14th, 2009 in Business and Security, Should Have Known Better | 2 Comments »

Ex-Lover Busted, But Not Totally to Blame

A 38-year-old Avon Lake, Ohio man is set to plead guilty to federal charges after spyware he allegedly meant to install on the computer of a woman he’d had a relationship with ended up infecting computers at Akron Children’s Hospital.   (Misdirected spyware infects Ohio hospital.  McMillan, Robert. 17 September 2009. ComputerWorld.) Graham certainly gets what [...]

Monday September 21st, 2009 in Business and Security, Should Have Known Better, Workstation Security | No Comments »

Small Business – a Target

Organized cyber-gangs in Eastern Europe are increasingly preying on small and mid-size companies in the United States, setting off a multimillion-dollar online crime wave that has begun to worry the nation’s largest financial institutions. European Cyber-Gangs Target Small U.S. Firms”  Washington Post August 25th Launching these attacks from “safe havens” against organizations that tend to [...]

Wednesday August 26th, 2009 in Business and Security, PCI, Should Have Known Better | No Comments »

It’s Just One Little E-mail…

How often is e-mail used to send documents and information that contains sensitive information?  I’ve seen consultants share sensitive information about clients this way as well as staff members just “trying to be helpful”.  I’m sure this happens all the time and it can be mitigated through training and providing staff the tools necessary to [...]

Thursday August 6th, 2009 in Should Have Known Better | No Comments »

More Useless Legislation

“File Sharing Leaks Sensitive Federal Data, Lawmakers Are Told” – Washington Post Another politician jumps into high gear with more useless legislation and finger pointing after sensitive information was leaked via P2P software on federal computers.   Policy already dictates that P2P software shouldn’t be used but these agencies lacked the technical controls to implement the [...]

Monday August 3rd, 2009 in Should Have Known Better | No Comments »