Wyoming broadens definition of personal information in amended data breach notification law
\nThe amendment expands the definition of personal information to now include an individual\u2019s first name or first initial and last name in combination with any of the following: (1) Social Security number, (2) driver\u2019s license number, (3) account number, credit card number or debit card number in combination with any security code, access code or password that would allow access to a financial account of the person, (4) tribal identification card, (5) federal or state government issued identification card, (6) shared (login) secrets or security tokens known to be used for data based authentication purposes, (7) a username or email address when combined with a password or security question and answer that would permit access to an online account, (8) a birth or marriage certificate, (9) medical information, meaning a person\u2019s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional, (10) health insurance information, meaning a person\u2019s health insurance policy number or subscriber identification number, any unique identifier used by a health insurer to identify the person or information related to a person\u2019s application and claim\u2019s history, (11) unique biometric data, or (12) an individual taxpayer identification number.
\nLink: http:\/\/www.lexology.com\/library\/detail.aspx?g=5a82bdde-187f-458d-907f-7bb8e010b149<\/p>\n
How to Build a Successful IT Security Awareness Program
\nThe first step towards creating a successful security awareness program is to recognize that this is not a project with a defined timeline and an expected completion date, but is instead a development of organizational culture.
\nSimilarly, the measurements of success are not just found in reduced counts of accidents or exposures but in the base line attitudes and practices of employees as they perform their business functions.
\nLink: http:\/\/www.tripwire.com\/state-of-security\/security-awareness\/how-to-build-a-successful-it-security-awareness-program\/?utm_source=Threat+Brief&utm_campaign=b08684f8ae-Threat_Brief4_1_2015&utm_medium=email&utm_term=0_79bf093b3a-b08684f8ae-388769721<\/p>\n
Should security providers be held liable for data breaches?
\nBlack Hat Asia ended with a discussion started by Black Hat founder Jeff Moss on if security providers, should be held liable for data breaches, because of the critical data they claim to “secure”. The recent number of hacking incidents everywhere have made this a widespread issue and security professionals worldwide have voiced their opinions.
\nA managed security service provider (MSSP), where an information security company such as Paladion is managing the security posture of the enterprise, is involved in maintaining the security products of the organization or uses their own to protect the organization. An MSSP can be held liable if there is a breach if it was an oversight or error by their security analysts that caused the breach. Liability would depend on the service contract that was drawn between the company and the service provider. An outcome based contract will have SLAs and liabilities that commensurate to the value, but a normal manpower based contract will not have this.Paladion provides outcome based information security services and has such contracts with several companies where penalties are defined in case of breaches.” added Rajat
\nLink: http:\/\/www.dnaindia.com\/scitech\/report-should-security-providers-be-held-liable-for-data-breaches-2075017<\/p>\n
8 Steps to Stronger Information Risk Management
\nYour compliance and security teams may be approaching you, as the CFO, to be their advocate in obtaining the funds needed to set up or strengthen your information security or compliance programs. CFOs have historically been risk-averse by nature, focusing on protection of the business and the bottom line. But in the world we are now facing, CFOs will be expected to bring innovative ideas to the table to help their companies remain competitive.
\nAs CFO, you know the risk appetite of the C-suite and the limitations of the budgets. Make sure the investments being recommended are in line with your organization\u2019s strategy and operational needs. It\u2019s important to either establish or strengthen an internal risk management governance council to guide decision-making.
\nLink: http:\/\/ww2.cfo.com\/data-security\/2015\/04\/8-steps-stronger-information-risk-management\/<\/p>\n
Principles of Malware Sinkholing
\nWith malware dependency on domain name systems (DNS) and the use of domain generation algorithms (DGAs) on the rise, we\u2019ve also seen an increase in the use of sinkholing as a defense and intelligence-gathering technique.
\nAlthough sinkholing is simple to execute, complex risks can be involved. First, some obvious legal issues may crop up with external sinkholing; for example, victim machines are now contacting a server you control. If, for instance, you use external sinkholing to control victim machines that do not belong to your organization — even if it\u2019s for benefit — it\u2019s a criminal act in most jurisdictions. This holds true even if there is a \u201cself-destruct\u201d feature in the malware that will uninstall itself when given the command to do so.
\nUltimately, sinkholing is an important tool to have in your arsenal when dealing with emerging threats.
\nLink: http:\/\/www.darkreading.com\/partner-perspectives\/general-dynamics-fidelis\/principles-of-malware-sinkholing\/a\/d-id\/1319769<\/p>\n
Brazil top for Android smartphones infected by malware
\nBrazil was last year among the countries most affected by malicious apps and spies for Android, according to a report released by Google, reports Teletime. In the ranking of infections by Potentially Hazardous Applications (PHA), looking at sites outside of Google Play and including unlocked devices (with root), Japan had the lowest rate of all in 2014, with 0.0702 percent. The global average was 0.7891 percent, and Brazil ranked above with 0.9996 percent. Brazil was only ahead of India, the UAE and Russia, which had highest percentage at 3.8548 percent. When it comes to spyware, the global average was 0.2035 percent and Brazil was again above this figure, placing penultimate with 0.4218 percent. Again, the lowest annual average was Japan, with 0.0141 percent.
\nLink: http:\/\/www.telecompaper.com\/news\/brazil-top-for-android-smartphones-infected-by-malware–1075037<\/p>\n","protected":false},"excerpt":{"rendered":"
Wyoming broadens definition of personal information in amended data breach notification law The amendment expands the definition of personal information to now include an individual\u2019s first name or first initial and last name in combination with any of the following: (1) Social Security number, (2) driver\u2019s license number, (3) account…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1016","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1016","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1016"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1016\/revisions"}],"predecessor-version":[{"id":3503,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1016\/revisions\/3503"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1016"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1016"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1016"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}