Posts tagged as:
Meanwhile, in BotNet news, we learn of the apparent rising from the ashes of the proverbial bitwise pyre by Kelihos, and it’s nefarious blunderings out and about; regardless of the declared morte of this pesky bit of code, it is evidently the new gift that just keeps on giving… Oops.
{ Comments on this entry are closed }
We love the Totally Transparent Research process. Times like this – where we hit upon new trends, discover unexpected customer uses cases, or discover something going on behind the scenes – are when our open model really shows its value. We started a Database Activity Monitoring 2.0 series last October and suddenly halted because our research showed that platform evolution has changed from convergence to independent visions of database security, with customer requirements splintering.
These changes are so significant that we need to publicly discuss them so can you understand why we are suddenly making a significant departure from the way we describe a solution we have been talking about for the past 6+ years. Especially since Rich, back in his Gartner days, coined the term “Database Activity Monitoring” in the first place. What’s going on behind the scenes should help you understand how these fundamental changes alter the technical makeup of products and require new vocabulary to describe what we see.
With that, welcome to the reboot of DAM 2.0. We renamed this series Understanding and Selecting Database Security Platforms to reflect massive changes in products and the market. We will fully define why this is the case as we progress through this series, but for now suffice it to say that the market has simply expanded beyond the bounds of the Database Activity Monitoring definition.
Click here for full article >>
{ Comments on this entry are closed }
{ Comments on this entry are closed }
Austin-based Stratfor, which lost information on thousands of its customers in computer hacking attacks against its website in December, now finds itself under legal fire.
Stratfor this week responded in a Texas court to a federal class action suit filed against it in New York.
The suit seeks more than $50 million in damages on behalf of customers whose personal and credit card information was lost in the hacking incidents of Dec. 7 and Dec. 24.
Click here for full article >>
{ Comments on this entry are closed }
The greatest challenge to database security may actually come from organizational issues, rather than nefarious or accidental acts, according to a survey presented by Application Security.
In most cases, database security is overseen by both database and security teams, thereby yielding a disconnect in ownership responsibilities as well as a lack of consensus on top priorities. According to respondents, Management, while showing increasing signs of threat awareness, continues to offer inadequate financial support.
Click here for full article >>
{ Comments on this entry are closed }
Excellent write-up at NextGov’s Bob Brewin, discussing the highly focused efforts committed by United States Department of the Navy’s Space and Naval Warface Systems Command [SPAWAR] personnel targeting ship-board information assurance systems.
“…Last year, the Navy installed host-based security systems on 348 ships to monitor, detect and deter network cyberattacks. Rear Adm. Jerry Burroughs, program executive officer for command, control, computers, communications and intelligence at the Space and Naval Warfare Systems Command headquartered here, said SPAWAR remains “crushed” by demands from the fleet to maintain a secure environment for Navy computers, which he considers his top priority…” - via NextGov’s Bob Brewin
{ Comments on this entry are closed }
Midlothian Council has been handed the largest fine yet for five data protection breaches, including one where a failure to keep its database updated meant sensitive documents were sent to the wrong people.Click here for full article >>
{ Comments on this entry are closed }
As we conduct business in an increasingly cloudy, mobile, and social world, it’s more important now than ever to take data security and privacy into consideration. Data is everywhere and its value is growing exponentially. But with data moving in and out of your organization so quickly—how can you keep it safe?
This is the perfect time of year to ask that question—today is Data Privacy Day. The National Cyber Security Alliance has coordinated various events in the United States and Canada to help facilitate discussions and raise awareness of data privacy and security issues.
In my opinion, the public and private sector must work together to combat the rising tide of data-hungry cyber criminals. Government legislation is and has been making strides toward mitigating cyber crime. In the U.S., 48 out of 50 states now enforce data breach notification laws, which require companies that collect or store personal identifiable information to notify customers if their information is compromised.
And, in Canada, mandatory data breach notification may soon become federal law. The Canadian Parliament is currently reviewing Bill C-12, a proposed update to Canada’s existing privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA). At present, PIPEDA currently does not contain any breach notification provisions.
However, as we all witnessed in 2011, legislation alone cannot protect data. According to an upcoming study from the Identity Theft Resource Center (ITRC), previewed in advance by Information Week, in 2011, there were 419 breaches publicly disclosed in the U.S., affecting a staggering 22.9 million records.
This means we still have A LOT of work to do. And, consumers are losing patience. They hold businesses directly accountable for the loss of their personal data and continue to bring class action lawsuits against organizations. This consumer unrest is likely to fuel additional legislation that may punish companies financially for losing customer data. Corporations have to take responsibility.
Here are three key recommendations for protecting customer data:
...(read more)
{ Comments on this entry are closed }
All companies storing personal data on Massachusetts residents have just over a month to ensure that their contractors, suppliers, technology providers and other third parties comply with a provision of a state data breach law that went into effect in March 2010.
The law is designed to ensure that companies holding data on Massachusetts residents have certain security controls in place .
Over the past two years, most of the provisions of the bill have al
ready gone into effect. The last one, which deals with third-party compliance, takes effect on March 1.
Click here to read full article >>
{ Comments on this entry are closed }
Short (mercifully), yet informative C-SPAN video, this time with Greg Wilshusen, Director, Information Security Issues, within the United States Government Accountability Office’s (GAO). In which, Director Wilshusen details Federal government accountability related to the information security realm. Enjoy.
{ Comments on this entry are closed }
