Highlights from the GAO Report, “INFORMATION SECURITY: VA Needs to Address Long-Standing Challenges (GAO-14-469T): The Department of Veterans Affairs (VA) continues to face long-standing challenges in effectively implementing its information security program. Specifically, from fiscal year 2007 through 2013, VA has consistently had weaknesses in key information security control areas (see table). Control Weaknesses for…
Category: Commentaries and Analyses
U.S. notified 3,000 companies in 2013 about cyberattacks
Ellen Nakashima reports: Federal agents notified more than 3,000 U.S. companies last year that their computer systems had been hacked, White House officials have told industry executives, marking the first time the government has revealed how often it tipped off the private sector to cyberintrusions. The alerts went to firms large and small, from local…
Maricopa County Community College District sued to compel public records production (update 1)
You may not be reading much in the news recently about the breach involving Maricopa County Community College District (MCCCD), but there’s a lot going on. Unfortunately, MCCCD has reportedly not been particularly forthcoming with records that might shed light on what really happened back in 2011 when MCCCD was informed by the FBI that…
Prosecutors Admit They Don’t Understand What Weev Did, But They’re Sure It’s Like Blowing Up A Nuclear Plant
Perhaps one of the stupidest things a prosecutor trying to defend criminal prosecution under CFAA can say is to admit that they have no understanding of what the alleged “hacker” did that made his conduct a hack or violation of CFAA. But that’s pretty much what happened in a Philadelphia courtroom yesterday during Weev’s appeal…
If you receive a breach notification letter offering you free credit monitoring….
Then Brian Kreb’s column today is a MUST READ for you. Find out what these services do – and don’t do – and what your alternatives are.
N.Y. Court: Zurich Not Obligated to Defend Sony Units in Data Breach Litigation
Young Ha reports: A New York trial court recently ruled in a commercial general liability (CGL) policy coverage case that Zurich American Insurance Co. has no duty to defend Sony Corp. of America and Sony Computer Entertainment America in litigation stemming from the April 2011 hacking of Sony Corp.’s PlayStation online services. Ruling on the…