Kim Zettner of Threat Level discusses the different views expressed at a seminar last week on whether data breach notification laws do any good. As expected, the upshot was “we don’t know” because there are not enough data, surveys may not be reliable indicators, etc. Of course, there is another way to frame the issue…
Category: Commentaries and Analyses
Absolute and Ponemon Institute Study Shows Many Employees Undermine Traditional Data Breach Prevention Strategies
From the press release: Absolute(R) Software Corporation and the Ponemon Institute today announced the findings of a new study on the use of encryption on laptops by employees within corporations in the U.S. The study, “The Human Factor in Laptop Encryption: US Study,” revealed that more than half (56%) of business (non-IT) managers polled, disable…
The World Bank’s Data Breach, And Its Sorry Follow-Up
Bob Evans reports: The World Bank (annual IT budget about $250 million) has been hit by a range of data breaches, at least one of which involved info belonging to staffers. So a corporate guy overseeing IT has sent a flaccid memo to the whole organization. Take a look at the memo and ask yourself…
Breach analyses
Edward D. Murphy has an article about the recent Maine breach study in the Portland Press Herald, here. And over on Chronicles of Dissent, I analyze and comment on some of ITRC’s 2008 statistics and year-end roundup here and here.
Vonage customer data on Google Notebook
With all the advice we see these days about hardening security, this might be a good time to remember the importance of both having stringent security standards written into any contractor agreements and actually monitoring compliance with any contracts or policies. A recent breach reported by Vonage serves as a useful example. On December 23,…