Commentaries and Analyses – Page 715

PERSONNEL SECURITY CLEARANCES: Additional Guidance and Oversight Needed at DHS and DOD to Ensure Consistent Application of Revocation Process

Posted on September 9, 2014 by Dissent

From a newly released GAO report: The Department of Homeland Security (DHS) and the Department of Defense (DOD) both have systems that track varying levels of detail related to revocations of employees’ security clearances. DHS’s and DOD’s data systems could provide data on the number of and reasons for revocations, but they could not provide…

Earthquake data privacy breach ‘avoidable’

Posted on September 7, 2014 by Dissent

Charles Anderson reports: A review of the Earthquake Commission’s handling of the privacy breach that revealed the details of all Canterbury claimants found the error could have been avoided. The breach might not have happened if EQC had learned lessons from a similar breach at another government agency, the review said. In early 2013, 83,000…

Don’t value stolen computer only by its cover

Posted on September 7, 2014 by Dissent

There was an editorial in the Sun Sentinel on September 2 that caught my eye. It discussed the implications of a recent appellate court ruling: In a decision sure to confound the prosecution of thieves, the Fourth District Court of Appeal ruled last week in favor of a burglar. That a crime occurred wasn’t the…

Home Depot, Other Retailers Get Social Engineered

Posted on September 4, 2014 by Dissent

Kelly Jackson Higgins writes: In the end, it may have been a foreshadowing of sorts: The team assigned to squeeze potentially sensitive information from Home Depot employees in cold calls during this year’s Social Engineering Capture the Flag (SECTF) competition at DEF CON 22 won the famed contest. The social engineering competition held last month…

Harry Barker, Omega Net, Geekface, SuperValu Data Breaches Measured

Posted on September 3, 2014 by Dissent

I’ve covered three of these breaches on this blog before, but idRADAR has some new details and includes a breach I hadn’t covered, involving HarryBarker.com: It’s often tough to know how serious a data breach is in the days immediately following discovery. Some companies like to dance around the specifics. In other cases, there are…

The unknown cyber threats sweeping Sweden

Posted on September 3, 2014 by Dissent

Melanie Watson writes: Over a four-week period earlier this year, KPMG studied [14 organizations] in Sweden to gather information relating to malicious traffic. During this time period, 15,586 security alerts were recorded. […] Astonishingly, 93% of those organisations that took part were ‘breached’ in the given time frame. The word ‘breached’ in this report has been defined by…