Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS systems and is not operating in compliance with state cyber security policies. OITS does not have established policies and procedures for backup of key DCJS systems. Also, ITS does not have an active regional backup site,…
Category: Commentaries and Analyses
Does Clapper Silence Data Breach Litigation? A Two-Year Retrospective
Andrew Hoffman writes: This February 26, 2015, marks the two-year anniversary of the U.S. Supreme Court’s decision in Clapper v. Amnesty International USA,[1] which required plaintiffs to allege that a threatened injury is “certainly impending” in order to constitute an injury-in-fact sufficient to convey Article III standing. In this time, federal district courts in at least twelve data…
Documentary on Identity Theft Features ID Thieves
From their press release: Experian’s ProtectMyID® and The Identity Theft Council worked together to launch a disturbing new documentary, In The Company of Thieves, that chronicles the exploits of several notorious identity thieves and how they were brought to justice, available at http://thieves.identitytheftcouncil.org. The documentary gives viewers an unflinching look into identity theft, described by criminals who tell all about…
Journal Times editorial: Paying ransom to computer hackers not the way to go
In response to a recent news story out of Midlothian (noted here), an editorial in The Journal Times reminds law enforcement that they should take their own advice and not pay ransom to hackers who lock up police files. As the editors note, the Midlothian incident is not the first time law enforcement has paid ransom: Last…
Financial Industry Regulatory Authority Report on Cybersecurity Practices
via BeSpacific: FINRA Report on Cybersecurity Practices, February 2015 – Executive Summary: Like many organizations in the financial services and other sectors, broker-dealers (firms) are the target of cyberattacks. The frequency and sophistication of these attacks is increasing and individual broker-dealers, and the industry as a whole, must make responding to these threats a high priority….
It may look good, but that data breach report is not necessarily accurate
Two analyses of data breaches in 2014 have been released within the past month. One is Gemalto’s annual Breach Level Index report (pdf), which is based on 1,541 breach reports resulting in 1,023,108,267 breached records. The other is Risk Based Security’s Data Breach Quick View (pdf), which is based on 3,014 incidents exposing 1,068,191,345 records. How can an analysis that…