From the Summary of GAO-09-546 July 17, 2009, Information Security: Agencies Continue to Report Progress, but Need to Mitigate Persistent Weaknesses : […] Persistent weaknesses in information security policies and practices continue to threaten the confidentiality, integrity, and availability of critical information and information systems used to support the operations, assets, and personnel of most…
Category: Commentaries and Analyses
UK data breach incidents on the rise
Seven in ten UK organisations experienced a data breach incident over the last year, up from 60 per cent in the previous year. The third edition of an annual survey by the Ponemon Institute, sponsored by PGP, also found that 12 per cent of 615 public and private sector organisations probed were hit by five…
State Dept lost track of its laptops
The State Department does not have an accurate accounting of its laptop computers, including ones meant for classified use, and has failed to encrypt machines as it is supposed to do to protect sensitive information, according to a new report by the department’s inspector general. Inspectors found that 27 laptops, worth $55,000 were missing out…
SSN Relatively Easy to Predict
Over on PogoWasRight.org, I’ve posted about a study released by researchers Alessandro Acquisti and Ralph Gross of Carnegie Mellon University. The study has significant implications for the use of SSN and for protecting against identity theft, even though a government spokesperson responded by seemingly downplaying the findings and their implications. If you would like to…
What About Former Employees?
When the Tyco Flow Control Americas office at in Houston was broken into over the weekend of June 6 and 7, burglars stole the Payroll Manager’s laptop computer and gained access to locked rooms that contained payroll and HR documents of current and some former employees. According to a letter sent by Holly Kriendler to…
NV’s New Encryption Law Made Moot?
Rebecca Herold of IT Compliance has a commentary on Nevada’s new encryption law and whether the state’s data breach law makes the encryption law moot. It begins: On May 30, 2009, Nevada enacted a new law, SB 227, which will basically replace NRS 597.970 in January 2010. In many ways the new law is an…