Author: admini

The results suggests that while most companies are aware of the need for mobile device security and a robust code of practice for employees, a failure to effectively implement and manage such policies may be exposing the corporate network to viral attack and cybercrime. Kaspersky Lab is committed to help bridge the disconnect between business and personal devices by improving the management of UK businesses mobile security solutions.

‘The growing trend towards using a single mobile device for both business and personal use can represent a significant security headache for companies, particularly when people start downloading potentially infected or insecure applications onto ‘authorised’ and network connected devices,’ said Andrew Lintell, corporate sales director for UK and Ireland, Kaspersky Lab.

The YouGov research conducted on behalf of Kaspersky Lab, interviewed more than 150 IT leaders across Britain, representing firms with 250 or more employees, found that one in four IT managers and directors (25%) have downloaded an application onto a mobile device provided for them by their organisation.

http://4g-wirelessevolution.tmcnet.com/news/2011/04/20/5457977.htm

Gorman was most recently a senior executive adviser at Booz Allen Hamilton, a consulting firm hired by Bank of America after whistleblower Web site WikiLeaks late last year said it planned release thousands of insider documents that it had obtained from a former bank worker.

Gorman will be responsible for overseeing the bank’s overall information security strategy; he will report to CTO Marc Gordon, according to a Bank of America statement issued on Thursday. The bank has been in damage-control mode since WikiLeaks founder Julian Assange disclosed last November that WikiLeaks held more than 5GB of internal data, including tens of thousands of sensitive internal documents, from an unnamed major U.S. bank. In fact, in a 2009 interview with the IDG News Service, Assange said WikiLeaks had obtained some 5GB of data that had been stored on the hard drive of a Bank of America executive.

In January, the New York Times reported that the bank had assembled a 15-to-20-person team to develop a damage-control plan in the event that WikiLeaks followed through on its threat. The team, which is headed by Bruce Thompson, Bank of America’s chief risk officer, was tasked with conducting a broad internal investigation to determine what documents might have been leaked.

In February, WikiLeaks released a document that appeared to show that the bank had hired three intelligence firms to help develop a strategic plan of attack against WikiLeaks.

And last month, a group known as Anonymous, which is a loose affiliation of hackers who support the WikiLeaks cause, released email messages and documents that purportedly prove mortgage fraud.

http://www.computerworld.com/s/article/9215426/Bank_of_America_moves_to_further_ramp_up_security_with_new_CISO?source=CTWNLE_nlt_pm_2011-04-01

The action against Cignet represented the first time since HIPAA became law that such a fine has been imposed on an organization in the healthcare field over a privacy violation. HHS said the fine was levied on Cignet for two reasons: It did not give 41 patients access to their medical records when they asked for it, and it did not subsequently cooperate with an investigation into the matter by HHS’s Office for Civil Rights (OCR).

HIPAA’s privacy rules require covered entities to provide patients with copies of their medical records no later than 60 days after they request the records, HHS noted.

Cignet’s failure to do so earned it a $1.3 million penalty under HIPAA rules. An additional $3 million penalty was assessed against Cignet for its failure to cooperate with OCR investigations and for its repeated refusal to produce records in response to HHS demands.

The HHS settlement with Massachusetts General Hospital stems from a March 2009 incident in which documents containing protected health information on 192 patients were lost when an employee inadvertently left them on a subway train.

…Both HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act, which was passed as part of the 2009 stimulus package, contain provisions for protecting the privacy and security of patient data.

…The penalties indicate that HHS is taking a hard look at business process failures that can result in privacy violations, said Peter MacKoul, president of consulting firm HIPAA Solutions LC.

Both of this week’s actions stemmed from business process issues and not technology failures, MacKoul said. Weak business processes — such as a failure to ensure that data on laptops is encrypted, or a failure to protect against the use of USB flash drives, or the improper handling of hard copies — often result in privacy breaches, he said.

…The latest HIPAA enforcement actions follow news this week that the number of people whose healthcare data is lost or stolen continues to soar. A report released earlier this week by the accounting firm Kaufman, Rossin & Co. showed that in the first year since the HITECH Act was passed, about 5 million people had their personal health information compromised, either as a result of theft or because the data was lost.

…The largest incident involved a lost laptop containing unencrypted protected health information on 1,222.000 individuals, the report said.

http://www.computerworld.com/s/article/9211359/HIPAA_privacy_actions_seen_as_warning?source=CTWNLE_nlt_dailyam_2011-02-25

In recent years, many organizations have moved to centralize their help desk operations and establish a single point of contact for workers, said Roy Atkinson, an analyst at HDI, whose members represent a help desk community of about 50,000 people. Atkinson said another part of the explanation could be the fact that IT complexity is actually increasing, especially as users seek to connect multiple devices, including mobile phones, tablets and laptops to corporate networks.

Earl Begley, who heads HDI’s desktop advisory board and is an IT project manager at the University of Kentucky, said incident volumes for the university’s healthcare help desk, which serves the UK hospital, have increased by 15% to 20% a year.

For those organizations reporting an increase in help desk calls, about 41% attributed the uptick to infrastructure or product changes, upgrades or conversions; 26% cited expanded service offerings by the support center; and 22.5% said they have more customers, according to the HDI study.

The increase in the number of help desk support requests is happening at the same time IT managers are cutting money spent on supporting help desks, according to another new study that was released recently by Computer Economics.

In its survey of IT organizations, the IT research firm found that help desk employees now represent about 6% of the total IT staff, after accounting for about 6.9% of the average IT staff for the past several years.

The report said that this decrease “represents a relatively substantial dip and indicates that providing high-quality support to users assumed a lower priority amid the wave of operational budget-cutting and staff reductions that accompanied the official end of the recession.” Computer Economics also said that a number of factors affect the size of a help desk, including the use of outsourcing, an increase in the number of workers with smartphones, ITIL adoption, and improvements in applications and devices.

“Some of these trends are working to diminish the size and function of the help desk, while others are putting more pressure on help desk staff,” the research organization said in its report.

http://www.computerworld.com/s/article/9203218/Help_desk_calls_on_the_rise?source=CTWNLE_nlt_dailyam_2011-01-05