April 2011 – Page 2 – CyberSecurity Institute

Kaspersky -IT Security Policies Still Don’t Work According to New Research

Posted on April 20, 2011December 30, 2021 by admini

The results suggests that while most companies are aware of the need for mobile device security and a robust code of practice for employees, a failure to effectively implement and manage such policies may be exposing the corporate network to viral attack and cybercrime. Kaspersky Lab is committed to help bridge the disconnect between business and personal devices by improving the management of UK businesses mobile security solutions.

‘The growing trend towards using a single mobile device for both business and personal use can represent a significant security headache for companies, particularly when people start downloading potentially infected or insecure applications onto ‘authorised’ and network connected devices,’ said Andrew Lintell, corporate sales director for UK and Ireland, Kaspersky Lab.

The YouGov research conducted on behalf of Kaspersky Lab, interviewed more than 150 IT leaders across Britain, representing firms with 250 or more employees, found that one in four IT managers and directors (25%) have downloaded an application onto a mobile device provided for them by their organisation.

http://4g-wirelessevolution.tmcnet.com/news/2011/04/20/5457977.htm

Kerry-McCain privacy bill: What you need to know

Posted on April 13, 2011December 30, 2021 by admini

If this bill becomes law, companies would have to explain why they want to collect, use and store your personal data.

The bill would forbid companies from collecting data that isn’t necessary to deliver or improve a service, or to make a transaction. If data is transferred to a third party, that party would have to sign a contract agreeing to the terms of the bill.

Last year, the Federal Trade Commission called for a “Do Not Track” list that would prevent Internet companies from following users around the Web, and all browsers would be required to offer this feature. The bill from Kerry and McCain ignores the FTC’s advice, leaving the issue of “Do Not Track” in the hands of individual Web browsers, all of which tackle the problem differently. If you discover that a company was covertly gathering your personal information and sending it to who-knows-where, you wouldn’t be allowed to take the case to court. The FTC and state attorneys general would be the only entities that could take action against a company for privacy violations.

Consumer groups that take a hard line on user privacy don’t think the Kerry-McCain bill goes far enough. … And they don’t like how the Commerce Department, which primarily promotes the interests of businesses, can make exceptions for businesses that come up with alternative privacy plans. … The consumer groups also claim that Facebook and other “social media marketers” get special treatment because they can continue to gather data without sufficient safeguards.

http://www.csoonline.com/article/679529/kerry-mccain-privacy-bill-what-you-need-to-know?source=CSONLE_nlt_update_2011-04-14

Bank of America moves to further ramp up security with new CISO

Posted on April 1, 2011December 30, 2021 by admini

Gorman was most recently a senior executive adviser at Booz Allen Hamilton, a consulting firm hired by Bank of America after whistleblower Web site WikiLeaks late last year said it planned release thousands of insider documents that it had obtained from a former bank worker.

Gorman will be responsible for overseeing the bank’s overall information security strategy; he will report to CTO Marc Gordon, according to a Bank of America statement issued on Thursday. The bank has been in damage-control mode since WikiLeaks founder Julian Assange disclosed last November that WikiLeaks held more than 5GB of internal data, including tens of thousands of sensitive internal documents, from an unnamed major U.S. bank. In fact, in a 2009 interview with the IDG News Service, Assange said WikiLeaks had obtained some 5GB of data that had been stored on the hard drive of a Bank of America executive.

In January, the New York Times reported that the bank had assembled a 15-to-20-person team to develop a damage-control plan in the event that WikiLeaks followed through on its threat. The team, which is headed by Bruce Thompson, Bank of America’s chief risk officer, was tasked with conducting a broad internal investigation to determine what documents might have been leaked.

In February, WikiLeaks released a document that appeared to show that the bank had hired three intelligence firms to help develop a strategic plan of attack against WikiLeaks.

And last month, a group known as Anonymous, which is a loose affiliation of hackers who support the WikiLeaks cause, released email messages and documents that purportedly prove mortgage fraud.

http://www.computerworld.com/s/article/9215426/Bank_of_America_moves_to_further_ramp_up_security_with_new_CISO?source=CTWNLE_nlt_pm_2011-04-01