Commentaries and Analyses – Page 841

The DOJ Criminal Division’s Laptop Computer Encryption Program and Practices – Audit Report

Posted on April 2, 2010 by Dissent

From the summary of findings in The Criminal Division’s Laptop Computer Encryption Program and Practices, Audit Report 10-23, March 2010: Criminal Division-Owned Laptop Computers Our review found that of the 40 laptops we tested for encryption software, 10 did not have encryption, and 9 of those 10 did not have Windows passwords enabled. All of…

Reconsidering the retailers’ attempts to keep their identities secret

Posted on March 31, 2010 by Dissent

Over on The Tech Herald, Steve Ragan takes a somewhat more sympathetic view to J.C. Penney than I have generally taken. Steve writes, in part: Most of the media reports are painting the picture that J.C. Penney suffered a breach and did nothing. That isn’t entirely true. The company cooperated fully when asked and it…

Organizations Rarely Report Breaches to Law Enforcement

Posted on March 30, 2010 by Dissent

Kelly Jackson Higgins has a column on why organizations do not rush to share information with the FBI and why the FBI wants them to share more: …. the FBI will protect victim organization’s privacy, data, and will share what information it can from its investigation, he said, rather than continue with the mostly one-way…

OIG Audit: The DOJ’s efforts to combat identity theft

Posted on March 30, 2010 by Dissent

Although identity theft is a significant public concern, a new audit report by the U.S. Department of Justice Office of the Inspector General indicates that it has become less of a priority instead of more of one over the past few years. Noting that the President’s Identity Theft Task Force (created in May 2006 by…

Federal Information Security and Data Breach Notification Laws

Posted on March 27, 2010 by Dissent

From Congressional Research Service: Federal Information Security and Data Breach Notification Laws Gina Stevens Legislative Attorney January 28, 2010 The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health…

GAO Report: Information Security: Concerted Response Needed to Resolve Persistent Weaknesses

Posted on March 25, 2010 by Dissent

The summary of GAO-10-536T report, Information Security: Concerted Response Needed to Resolve Persistent Weaknesses, March 24, 2010: Without proper safeguards, federal computer systems are vulnerable to intrusions by individuals who have malicious intentions and can obtain sensitive information. The need for a vigilant approach to information security has been demonstrated by the pervasive and sustained…