Commentaries and Analyses – Page 852

UK Information Commissioner (ICO) Enforcements and Website Hacks

Posted on August 31, 2010 by Dissent

“alexisfitzg” blogs: I did a brief analysis of the enforcement notices that have been handed out by the UK Information Commissioner (ICO) to organisations found to be in breach of the Data Protection Act. The idea was to see how many incidents were a result of a website hack (SQL Injection, XSS etc.) About 100…

Network security challenges faced by universities

Posted on August 28, 2010 by Dissent

H. Peter Felgentreff, President & CEO of NCP Engineering, discusses challenges faced by universities in balancing a secure and open network and makes some suggestions in this article on Help Net Security.

NC Office of the State Auditor: ESC employees violating copyright law on state computers

Posted on August 27, 2010 by Dissent

An audit by the North Carolina Office of the State Auditor indicates that what at least one employee in the Employment Security Commission (ESC) was doing on state computers and state time was, well, illegal. The report (pdf), released yesterday, reveals: Our examination of computers and disk drives assigned to a Systems and Operations Analyst (Systems…

Info privacy still lags in India: Deloitte

Posted on August 27, 2010 by Dissent

Though Indian organisations have gradually started to realise the importance of data privacy and security focus on employees and other internal security, information privacy is lagging behind in India, according to a survey by Deloitte Touche Tohmatsu India. Almost half of the Indians experienced at least one internal security breach during the past one year…

Connecticut Insurance Commissioner Announces Data Breach Notification Mandate

Posted on August 27, 2010 by Dissent

Joseph Lazzarotti of Jackson Lewis writes: On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any “information security incident.” This post provides a brief summary of this new requirement. […] What is an “information security incident”? Under this Bulletin, an information security…

3 areas where FUD needs to stop

Posted on August 26, 2010 by Dissent

Joan Goodchild writes: There is a new breed of animal appearing in the infosec community, according to Dr. Jimmy Blake, chief security officer for Mimecast, a cloud-services company based in London, and host of the blog Cloud Computing and Bad Behavior. The new breed is what he calls the “attention monger” (he actually used a…