data protection | paulmudgett.com

Posts tagged: data protection

Cyber Risk being disclosed in SEC filings

A June 8 Bloomberg Businessweek article noted that publicly traded companies have started including the “material risk” of computer attacks in their SEC filings. It’s interesting to see the admission of some major companies that the threat of targeted attacks can impact the bottom line. In what will undoubtedly become the trend in risk reporting [...]

Tuesday June 15th, 2010 in , data protection, information security, security vision, strategic asset | No Comments »

Thousands of Businesses had an Uneventful Day

I guess that headline wouldn’t sell too many papers but in most cases this is the reality that drives many decisions related to information security investment. For most executives, the sky isn’t always falling and a security team that tries to operate under that premise is soon thought of as the Boy Who Cried Wolf. [...]

Thursday May 27th, 2010 in , data protection, information security, strategic asset | No Comments »

NJ Supreme Court impacts privacy expectation

The New Jersey Supreme Court recently ruled that a company shouldn’t have read an ex-staffer’s private e-mails even though they were sent from her employer’s computer. NorthJersey.com article. Interesting ruling which will certainly change some thoughts as to personal use of work computers. While I’m a proponent of privacy rights, I’m torn on this particular [...]

Monday April 5th, 2010 in , data protection, disgruntled employee, endpoint security, information security, insider threat, PII | No Comments »

Fail to plan, plan to fail… incident response preparation

Consider this: A review of an application or database that processes and stores customer information, including personally identifiable information, has been compromised. What are you going to do? Many organizations fail to plan for a compromise and unfortunately, often exacerbate the damage while attempting an “on the fly” response to an incident. The absolute worst [...]

Thursday March 25th, 2010 in , data protection, incident response, information security | No Comments »

Be an Agile Defender

Anti-virus software is based on signatures of known viruses. It’s a reactive product by nature and it should be known by now that these products are ineffective against new viruses and new variants. That said, why test AV products against attacks they haven’t seen and then make a stink about it in a ComputerWorld article? [...]

Thursday March 18th, 2010 in , data protection, information security, security enabler, security scotoma, security vision | No Comments »

Cyber Shockwave – A Bust

CNN recently broadcast a cyber-attack simulation meant to demonstrate the potential cascading effects of a widespread attack on our nation’s infrastructure. The exercise included former federal officials who played the role of key positions in the executive branch to show how the government would respond to the escalating incident. They even had a flashy headline: [...]

Tuesday February 23rd, 2010 in , cyber czar, data protection, hackers, hacking, information security, National Cyber Security | 1 Comment »

House passes Data Breach legislation… jury still out

The U.S. House of Representatives has passed HR 2221, the Data Accountability and Trust Act. This sets nationwide breach notification requirements that trump the patchwork of State laws that have been in effect with California leading the way in 2002. The passage was written about in a Federal Computer Week article “House passes bill to [...]

Monday December 14th, 2009 in , data protection, information security, National Cyber Security, PII | No Comments »

Lessons in Due Diligence

An article by Kim Zetter on Wired.com caught my attention: “Restaurants Sue Vendor for Unsecured Card Processor”. The gist is that several restaurants purchased Point-of-Sale (POS) systems from a particular vendor. These POS systems that were sold were apparently not Payment Card Industry – Data Security Standard (PCI-DSS) compliant and that resulted in a breach [...]

Wednesday December 2nd, 2009 in , breach, data protection, due diligence, information security, PCI, security mistakes, vulnerability management | No Comments »

Failures in Leadership, Ethics, and Security

A breach of patient personal information at University Medical Center has all the makings of a made for TV movie or at least provides an opportunity to examine issues in security, leadership, ethics, and even the knee-jerk reaction of ignorant politicians trying to use the opportunity to score some free publicity. The story “FBI looking [...]

Wednesday November 25th, 2009 in , breach, data protection, Ethics, information security, insider threat, PHI | 1 Comment »

Learning From Someone Else’s Breach

A subsidiary of manged health care provider Health Net Inc, just reported the loss of personal information for 1.5 million customers that occurred six months ago according to a ComputerWorld article. Without knowing all the details of the situation, I can only speculate as to some of the security controls and thoughts of the Health [...]

Friday November 20th, 2009 in , data protection, encryption, information security, PHI, PII, policy, security mistakes | No Comments »

paulmudgett.com

Information Security & Business Leadership