Joseph Lazzarotti of Jackson Lewis writes: On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any “information security incident.” This post provides a brief summary of this new requirement. […] What is an “information security incident”? Under this Bulletin, an information security…
Category: Commentaries and Analyses
3 areas where FUD needs to stop
Joan Goodchild writes: There is a new breed of animal appearing in the infosec community, according to Dr. Jimmy Blake, chief security officer for Mimecast, a cloud-services company based in London, and host of the blog Cloud Computing and Bad Behavior. The new breed is what he calls the “attention monger” (he actually used a…
Longer passwords not solution to better security
Vivian Yeo reports on industry responses to a recent research report from the Georgia Tech Research Institute suggesting users should create longer, 12-character, passwords: … Ronnie Ng, Symantec’s systems engineering manager for Singapore, told ZDNet Asia that the username-and-password application is the “first and only layer of defense” for many information systems in organizations today….
Data breach fines will not stop the rot
Over in the U.K., John E. Dunn discusses some hefty fines that have been levied following data breaches, but comments: The public gets to hear about the punishment but a lot is left behind a curtain of secrecy. This is wrong and possibly dangerous. What the UK lacks is not punishments but a basic data…
Confessions of an ATM Hacker
Tracy Kitten writes: I caught up this week with Barnaby Jack, the so-called ethical hacker who cracked the operating systems of two retail ATMs during last month’s Black Hat Technical Security Conference in Vegas. Jack, who heads research for IOActive Labs, a privately held computer and network security firm in San Francisco, hacked two commonly…
Banks Complicit in Fraud — Is it Systemic?
Naomi Wolf has followed up on her recent column about her experiences with WaMu and fraud by describing her shock at discovering how widespread such problems are and the e-mails she received from readers. Well, I certainly now felt less alone — but far more outraged and alarmed, on behalf of all of us, especially…