The good folks at Open Security Foundation have created a database of cloud computing incidents. The incidents are tagged as “AutoFail,” “DataLoss,” “Hack,” “Outage,” or “Vulnerability,” permitting researchers and professionals to analyze different types of incidents. As of this morning, there are 222 incidents in the database as they have backfilled some earlier incidents…
Category: Commentaries and Analyses
Unauthorized Computer Access and the California Penal Code
Attorney Andy Serwin writes: California Penal Code Section 502 regulates unauthorized access to computers and computer networks and has implications for employers with employees in California. It is an offense if any person: knowingly accesses and without permission alters, damages, deletes, destroys, or otherwise uses any data, computer, computer system, or computer network in order…
Wake up calls: some still hitting the ‘snooze’ button
Robert Lemos of Dark Reading writes: The recently revealed abuse of insiders’ system privileges to commit fraud at Sprint could be a wake-up call for other enterprises to implement more stringent security practices, experts said this week. How many times have we seen a similar statement in the past five years? How many times have…
The emotional impact of cybercrime
A new study by Norton reveals the staggering prevalence of cybercrime: 65% of Internet users globally, and 73% of U.S. Web surfers have fallen victim to cybercrimes, including computer viruses, online credit card fraud and identity theft. As the most victimized nations, America ranks third, after China (83%) and Brazil and India (76%). The first…
Ie: Behind the scenes and inside workings of a CERT
Regular contributor Brian Honan was interviewed by Help Net Security’s Mirko Zorz: Brian Honan is the founder and head of Ireland’s first Computer Emergency Response Team (CERT) team as well as owner of BH Consulting. In this interview he discusses the inside workings of Ireland’s CERT and how it was formed. This particular CERT differs…
Article: Once More Unto the Breach: An Analysis of Legal, Technological and Policy Issues Involving Data Breach Notification Statutes
Dana Lesemann of the Howard University School of Law has an article of note in the Akron Intellectual Property Journal, Vol. 4, p. 203, 2010. Here’s the abstract: Companies facing the loss of a laptop or a compromised server have long waged battles on several fronts: investigating the source of the breach, identifying potentially criminal…