Taylor Armerding writes: The last things an organization needs when launching an investigation into any kind of security breach are confusion and disorganization. If it is not clear who is really in charge, or what responsibilities fall to what departments, that is adding trouble to trouble. But that, according to the Security Executive Council (SEC),…
Category: Commentaries and Analyses
“We take the privacy and security of your information very seriously,” Saturday edition
I’ve been known to get a tad snarky about breach notification letters that begin with how the breached entity takes the privacy and security of our information seriously. Sadly, that line seems to have become a pro forma part of breach notices. Yesterday, though, I read a breach notification from Piedmont Advantage Credit Union about a missing laptop with customer…
NYS Audit: Office of Information Technology Services: Security and Effectiveness of Department of Motor Vehicles’ Licensing and Registration Systems
NYS’s audit of its Office of Information Technology Services Division of Criminal Justice Services’ Core Systems wasn’t the only embarrassing OITS audit released this week. The state also released its audit of the security and effectiveness of OITS’s Department of Motor Vehicles’ Licensing and Registration Systems: Auditors found OITS and DMV are not in compliance with the…
Audit: Office of NYS Information Technology Services (OITS): Security and Effectiveness of Division of Criminal Justice Services’ Core Systems
Auditors found that OITS does not have an established monitoring and oversight process for user access management of DCJS systems and is not operating in compliance with state cyber security policies. OITS does not have established policies and procedures for backup of key DCJS systems. Also, ITS does not have an active regional backup site,…
Does Clapper Silence Data Breach Litigation? A Two-Year Retrospective
Andrew Hoffman writes: This February 26, 2015, marks the two-year anniversary of the U.S. Supreme Court’s decision in Clapper v. Amnesty International USA,[1] which required plaintiffs to allege that a threatened injury is “certainly impending” in order to constitute an injury-in-fact sufficient to convey Article III standing. In this time, federal district courts in at least twelve data…
Documentary on Identity Theft Features ID Thieves
From their press release: Experian’s ProtectMyID® and The Identity Theft Council worked together to launch a disturbing new documentary, In The Company of Thieves, that chronicles the exploits of several notorious identity thieves and how they were brought to justice, available at http://thieves.identitytheftcouncil.org. The documentary gives viewers an unflinching look into identity theft, described by criminals who tell all about…