ISR News Feed

• 17th Edition SOX Compliance Evolution
  17th Edition: SOX Compliance Evolution - Streamlining Your SOX Processes in a Cost-Effective Manner with Strategic Scoping, Automated Monitoring of Controls and Strong External Auditor Relationships. Join the SEC, Coca-Cola and Continental Airlines as they deliver insightful knowledge on streamlining SOX Practices in today’s Economic Environment. Event Coverage by Information-Security-Resources.com - Anthony M. Freed, Featured Journalist.
• Scam Alert: Rogue Gmail Account Phishing
  Anthony M. Freed, Editor and Publisher of Information Security Resources One of the penalties of having a well published email address is that I receive dozens of phishing emails, scam letters, and other nefarious material en masse daily. Most of these are the typical inheritance, lottery, and sweepstakes scams - but then there are the ones that at first glance may seem legitimate. Take for instance the following email I received over the holiday weekend.
• Photo of Operating Room a HIPAA Violation?
  By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI It is possible that, if such policies exist and were created specifically for HIPAA compliance, your organization is viewing this policy noncompliance as being a HIPAA infraction because of the HIPAA requirements to have security/privacy policies and enforce them.
• Anti-Malware Strategy Crucial for Businesses
  By Steven Fox, Founder of SecureLexicon This is the first part of my Black Hat interview with Andrew D. Hayter, Anti-Malcode Program Manager for ICSA Labs. In this installment, Mr. Hayter highlights the challenges businesses face in mitigating malware-related risks.
• Internet Security Alliance September Events
  From The Internet Security Alliance ANSI Identity Theft Standards Panel webinar "Lessons from the Data Breach at Heartland" by Bob Carr, CEO of Heartland Payment Systems; Carnegie Mellon University Software Engineering Institute Insider Threat Workshop; U.S. Department of Homeland Security Critical Infrastructure and Key Resources; ISAlliance/NIST/DHS VoIP & Unified Communications Automated Security and Assurance Project; IT Sector Coordinating Council Protective Programs and Research and Development (PPRD)...
• DHS, DoD, and FAA Discuss Cybersecurity
  By Kevin L. Jackson, Vice President at Dataline Greg Schaffer, Assistant Secretary for CyberSecurity & Communications for the US Department of Homeland Security, sees Trusted Internet Connections, EINSTEIN, and front line defense of the nation's networks as top cybersecurity priorities for the department.
• Sun Tzu Part 5: Methods and Sound Tactics
  By Fred Leland, Founder of LESC Here we focus on methods which are developed and learned based our organizational and individual philosophy, and how that philosophy is emboldened by strong character leadership, which in turn influences our perception and understanding of the climate on the ground, and directly affects the decisions and actions we take in a given situation.
• PCI Virtualization Will Alter QSA Perspective
  By Dwayne Melancon, Tripwire’s VP of Corporate and Business Development QSA’s (auditors) policing the PCI-DSS (credit card data security standards) need to adjust their mindset when auditing virtualized card processing infrastructure...
• Securing Hardware for Storage and Disposal
  By Bozidar Spirovski, CISSP, MCSA, MCP Any organization should have a simple and brief procedure to treat information carriers for systems that are to be discarded. All that hardware contains a lot of confidential information, and it is essential that such data is properly erased so it cannot be recovered. Here is a brief summary of the crucial information disposal procedure elements.
• Network Admission Control’s Swan Song
  By Richard Stiennon, Chief Research Analyst, IT-Harvest With the perspective of six years of data breaches, the rise of cyber crime, phishing, identity theft, and information warfare - it seems laughable that the big issue of employees bringing malware infested laptops into the office spawned so many companies.
• California Fires - Federal Request for Info
  From The Internet Security Alliance Please respond directly to DHS via the contacts below if you have any relevant information: The Station Fire in northern Los Angeles County, CA is threatening the Mount Wilson Communications Facility. Some other facilities determined to be of significant critical infrastructure and key resources (CIKR) are the NASA Jet Propulsion Lab, Mount Lukens and Mount Disappointment Communications Facilities, 33Kv, 220Kv power lines, and Gould power substation. The National Coordinating Center (NCC) needs input from its NCS partners regarding anticipated impacts to Federal communications systems and assets.
• Four Simple Rules to Improve Internet Safety
  By David Alexander, Fraud and Economic Crime Expert Safety online is a controversial issue, one that is debated to death with little results that the average person can use without an advanced IT qualification. Here are my four simple rules for improving internet safety:
• Securing Your Email and Controlling IM Risks
  By Simon Heron, CISSP Internet Security Analyst Currently, people rely on obscurity to keep their data safe. But with progressively more intelligent search engines available that can churn through vast amounts of data and make sense of it – even your email – security is something that needs to be addressed.
• Medical Data Breach Reports Likely to Soar
  By Doug Pollack, Chief Marketing Officer for ID Experts In recent years, the number of reported data breaches at healthcare organizations has soared, despite laws requiring the groups to protect patient information. In May, a hacker stole more than 500,000 patient records from a state-run database that tracks drug prescriptions in Virginia — and then demanded a ransom to return the information.
• Radisson Hotels Customer Data Breached
  By Cara Garretson, Veteran Business and Technology Journalist Radisson Hotels & Resorts has posted an open letter to its guests, informing them of a recent data breach but offering little additional information. The data that was accessed includes guests' names and their credit card or debit card number and expiration date.
• Identifying Sensitive Data Liabilities for Biz
  By Rebecca Herold (The Privacy Professor) CIPP, CISSP, CISM, CISA, FLMI Any business, of any size, in any industry, in any location, is a possible target for PII theft and cybercrime if they possess any type of employee, customer or other consumer PII. Most businesses have PII. All businesses with PII need to make sure they provide due diligence to protect that PII.
• Evaluating Identity Theft Protection Products
  By Rachel James, Author and Cybercrime Authority Spoiler alert: There isn’t an effective identity theft protection product. Typically, a company claiming to be an identity theft protection company will provide one or all of these services; access to credit reports, credit monitoring, and database monitoring. Unfortunately, these services cause security problems themselves.
• Navy Plunges into Secure Cloud Computing
  By Kevin L. Jackson, Vice President at Dataline This week in San Diego, CA the US Navy held the initial planning conference for Trident Warrior '10. The Trident Warrior series is the premier annual FORCEnet Sea Trial Event sponsored by Naval Network Warfare Command (NETWARCOM). FORCEnet’s experimental results are incorporated into a definitive technical report used to develop Military Utility Assessment (MUA) recommendations.
• Critical Steps to Prevent Your Identity Theft
  By everlife.com's Landon McGehee Identity theft is "America's fastest growing problem" according to a statement made by the Federal Bureau of Investigation. The Federal Trade Commission (FTC) estimates 10 million Americans are affected each year. Knowing how to protect yourself is vitally important to avoid becoming a victim. The following are arenas where thieves prey:
• Internet Security Alliance Review 8-22-09
  From The Internet Security Alliance Twitter used to manage botnet; Nasty malware attack targets web developers; Obama site only offers malware; Exploding iPhone/iPods; Old-school virus threatens Delphi files; Attacks may come from inside computers; Study warns of cyberwarfare during military conflicts; Russian hackers stole US IDs for Georgian attacks...