admini – Page 142 – CyberSecurity Institute

S’pore data protection enforcement needs bite

Posted on February 2, 2009December 30, 2021 by admini

In response to queries from ZDNet Asia, a spokesperson from the Ministry of Information, Communication and the Arts (Mica), said the inter-ministry committee involves public sector agencies including the Infocomm Development Authority, the Ministry of Trade and Industry, the Ministry of Finance, the Ministry of Home Affairs and the Attorney-General’s Chambers.

According to him, the committee is reviewing various approaches including those of the United States, the European Union and Canada, as there currently is no established, uniform method to deal with data protection.

“In shaping Singapore’s own data protection regime, we will take into account such international perspectives, where relevant, as well as views from the public. “Mica will share the details of the proposed framework at the appropriate juncture,” the spokesperson added.

Joshua Chua, Deloitte & Touche’s security and privacy leader for risk consulting in Southeast Asia, concurred. According to Chua, there is currently no specific data breach notification legislation in Singapore, which mandates that companies notify regulators and the public in the event of a privacy breach, or leakage of personal customer information.

Last year in the United Kingdom and Australia, there were some debate and momentum in handling data breaches. News of an impending data breach notification law surfaced in July when the Information Commissioner’s Office said that the European Union’s ePrivacy Directive would be a catalyst for such legislation in the country. The Hong Kong Monetary Authority, for example, issued a customer data protection circular to all authorized financial institutions on Jul. 10, 2008, he noted. The document contained guidelines requiring banks in the Special Administrative Region to have specific data breach management procedures in place, and also to appoint a senior official responsible for incident management. Instead, data protection and privacy is regulated via industry-specific laws and enforced by industry regulatory bodies, he explained.

Companies, on the other hand, need to ensure they have incident response procedures in place, as poor handling of data breaches can cause further damage.

http://www.zdnetasia.com/news/security/0,39044215,62050547,00.htm

Archer Technologies Acquires Brabeion Software

Posted on January 31, 2009December 30, 2021 by admini

Developed in cooperation with PriceWaterhouseCoopers, the Brabeion content will be added to Archer’s GRC product line and significantly expand Archer’s content offerings to now include more than 130 technical compliance baselines and controls.

This acquisition also gives Archer immediate access to a diversified, blue chip customer base including 12 of the Forbes 350 and 15 Fortune 1000 clients.

As part of our future growth strategy, Archer will actively and selectively seek additional strategic partnerships and acquisitions that enable customers to implement a best-in-class GRC program,” said Jon Darbyshire, Archer President and CEO. “The timing for this deal is perfect. This location offers a strategic hub for Archer’s professional services, client support, business development and sales teams with closer proximity to 40 percent of Archer’s customer base. Most importantly, we are confident they will realize the value that Archer brings to their expanding GRC initiatives outside of IT.”

http://pr-usa.net/index.php?option=com_content&task=view&id=165031&Itemid=96

During Layoffs, Superior ID Management Is an Imperative

Posted on January 30, 2009December 30, 2021 by admini

According to a new study by security vendor McAfee of 1,000 IT decision makers, 41 percent said employee layoffs resulting from the recession represent the greatest threat to their computer security.

Organizations often over-extend their zones of trust to employees since they have a natural inclination to entrust them with privileges until their services are no longer needed or they do something to violate that trust.

For large companies executing mass layoffs—such as the 21,000-plus companies last year did—identity management is a major issue, says Brian Wolfe, co-founder and partner at Laurus Technologies, a solution provider in Itasca, Ill., that—among other things—specializes in security and identity management implementations.

“If you have large layoffs and you don’t have a provisioning system, and you’re going to revoke accounts manually, mistakes will be made,” Wolfe said.

Good identity management platforms—such as those offered by RSA Security, IBM, Courion and BMC Software—are more than just access control and single sign-on (SSO) applications. They create and provision accounts across networks and a broad array of applications based on employees’ specific job functions (role-based) or through group policies, manage accounts through the lifecycle of an account holder’s employment and, when necessary, ensure access rights are properly and thoroughly revoked when the person leaves—voluntary or involuntary—the organization.

Laurus Technologies service a number of enterprise’s identity management needs, and Wolfe says most are reaping the benefits of their investments now that they have to cut their labor forces. “For companies we’ve done implementations for, they’re able to bulk operations; they have a pretty easy time of disposing of a large number of accounts,” Wolfe says.

The situation is critical during a layoff or reduction in force, since an organization needs immediate revocation of network and application privileges to prevent pilfering of data and sabotage of systems.

http://www.channelinsider.com/c/a/Security/During-Layoffs-Superior-ID-Management-is-an-Imperative/

McAfee highlights perils of offshoring sensitive data

Posted on January 29, 2009December 30, 2021 by admini

The security firm surveyed over 800 chief information officers in the US, UK, China and India for its report.

McAfee security analyst Greg Day argued that many firms look to offshoring in order to reduce costs without thinking of the security implications of their intellectual property being stored or processed in other regions.

The research found that Brazil, China and India, for example, are spending more money on security than Germany, the UK, the US and Japan, but that some of the former countries have poor reputations for investigating security incidents, and may be lax at enforcing policies and regulations.

http://www.infomaticsonline.co.uk/vnunet/news/2235374/firms-lost-trillion-dollars-ip

Data breach study ties fraud losses to Hannaford, TJX breaches

Posted on January 21, 2009December 30, 2021 by admini

It studied the impact of data security breaches on Maine banks and credit unions.

More than 700 accounts were used to buy items fraudulently, although five of the 22 institutions that suffered a fraud loss did not report the number of accounts, according to the report.

The Hannaford breach cost some banks as much as $58,000 to reissue credit cards to customers. Communication to customers cost nearly $28,000, some banks and credit unions reported. Investigation expenses were as high as $21,000 for some banks.

Shostack said the rising costs associated with data breach could lead banks and merchants to find alternative payment methods. “What this means for business is that the process of data collection and analysis is starting to produce something better than ‘accepted practice,'” Shostack said.

The Ponemon Institute, which puts out an annual data breach cost report, found that the total average cost of a data breach grew to $197 per compromised record. Ponemon cautioned that the costs listed in the report are only those associated with financial institutions and don’t reflect the total costs incurred by Hannaford’s, victims, and other organizations.

http://searchfinancialsecurity.techtarget.com/news/article/0,289142,sid185_gci1345455,00.html

New Report Predicts Increased Security Spend

Posted on January 16, 2009December 30, 2021 by admini

Organizations are trying to get the most out of their spending and reduce the TCO of their IT investments – efficiency being the name of the game,” Yuval Ben-Itzhak, CTO at Finjan, said in a report summary.

“While 2008 saw IT security departments facing new challenges in protecting valuable business data against an ever-increasing wave of cybercrime attacks, 2009 is adding a further economic challenge to the mix.”

http://securitywatch.eweek.com/virus_and_spyware/new_report_predicts_increased_security_spend.html