Security costs now, breach costs later. That's what risk analysis is about!
http://www.informationweek.com/news/showArticle.jhtml?articleID=199000222
Security Breaches Cost $90 To $305 Per Lost Record
Forrester Research surveyed 28 companies that had some type of data breach and found it difficult to calculate the expenses that resulted.
By Sharon Gaudin, InformationWeek April 11, 2007
While security breaches can cost a company dearly when it comes to a marred public image and a loss in customer confidence, the actual financial costs can be staggering.
The average security breach can cost a company between $90 and $305 per lost record, according to a new study from Forrester Research. The research firm surveyed 28 companies that had some type of data breach.
"After calculating the expenses of legal fees, call centers, lost employee productivity, regulatory fines, stock plummets, and customer losses, it can be dizzying, if not impossible, to come up with a true number," wrote senior analyst Khalid Kark in the report. "Although studies may not be able to determine the exact cost of a security breach in your organization, the loss of sensitive data can have a crippling impact on an organization's bottom line, especially if it is ill-equipped, and it's important to be able to make an educated estimate of its cost."
Kark said calculating the cost of a breach is murky territory and he did the survey to shed some light on the costs associated with breaches, which seem to be reported with increasing frequency.
A recent Forrester survey found that 25% of respondents do not know, or do not know how to determine, the cost of data security breaches. Kark said the majority of organizations will incur a wide array of associated costs, sometimes significant enough to even put them out of business
... He reported that discovery, response, and notification costs can be substantial. He averaged them out to be about $50 per lost record.
... Lost employee productivity also is a significant cost.
... The report also noted that managers need to plan ahead for possible regulatory fines, loss in the company's customer base, restitution fees, and additional security and audit requirements.
Looks like the first case study of the TJX breach, and it's only $1250.00
http://www.pogowasright.org/article.php?story=20070411123643776
Study: Data Breaches Break Consumer Trust
Wednesday, April 11 2007 @ 12:36 PM CDT - Contributed by: Lyger - Breaches
E-commerce sites that have not been diligent in protecting their consumer information from attacks may find their customer bases drop off as a result.
If you want to keep people visiting your site, you need to provide them with a secure environment and take steps to keep it that way. A study from Javelin Strategy showed that breached merchants will be hard-pressed to keep customers.
Source - SecurityProNews
Naked justice? (There are so many potential jokes I could make...)
http://www.pogowasright.org/article.php?story=20070411130750528
CO: See-through machine installed at courthouse
Wednesday, April 11 2007 @ 01:07 PM CDT - Contributed by: Lyger - State/Local Govt.
Technology normally used at the airport has made its way to the El Paso County Courthouse. Starting April 18, the Terry R. Harris Judicial Complex will begin using its new $140,000 body scanning machine to check for security threats. The ProVision Body Scanning Checkpoint Security System uses radio waves to see through clothing in search of weapons.
However, the nature of this technology raises privacy concerns. ProVision Vice President of International Sales John Marsala says the public should not be worried about exposing themselves to security screeners.
Source - KOAA
Why would anyone want to be an identity thief?
http://www.ajc.com/metro/content/metro/stories/2007/04/11/0411metmortgage.html
ID theft 'poster child' nets $7 million
By BILL TORPY The Atlanta Journal-Constitution Published on: 04/11/07
He drove sports cars, took European vacations, got hair plugs for himself and breast augmentation surgery for a girlfriend.
For nearly four years, Matthew Cox lived the high life by assuming other people's identities and committing mortgage fraud on a massive scale.
The former University of South Florida art student's spree was remarkable: He stole more than $7 million. He did it in at least four states, including Georgia. He assumed nearly 50 identities. His scams included 125 properties, some of which he took out several loans against.
... "The homeless are underutilized," he once told some friends, said Paula Hutchinson, a defense attorney for one of Cox's co-defendants.
This could be true. Consider that the RNC has a policy with a faster “time-to-delete” requirement than the White House. An e-Discovery consideration?
http://thinkprogress.org/2007/04/11/rnc-claims-it-lost-white-house-emails/
White House Claims It Lost RNC Emails
“The White House said Wednesday it had mishandled Republican Party-sponsored e-mail accounts used by nearly two dozen presidential aides, resulting in the loss of an undetermined number of e-mails concerning official White House business.”
White House spokesman Scott Stanzel “could not say what had been lost, and said the White House is working to recover as many as they can. The White House has now shut off employees’ ability to delete e-mails on the separate accounts, and is briefing staffers on how to better make determinations about when — and when not — to use them, Stanzel said.”
UPDATE: The Politico has more details:
This is a big problem for the White House, and Waxman said it raised ’serious legal and security concerns’ about the e-mail related activities of Bush administration aides.
Waxman’s staff are supposed to meet with RNC officials on Thursday about the “rnchq” and “gwb.43″ e-mail accounts, which some White House officials, like Deputy Chief of Staff Karl Rove, use for authorized political work. Waxman suspects that White House aides were using the accounts to evade presidential record-keeping requirements.
The Politico also reports that the White House held a private briefing on the situation for some reporters, who relayed the message, “it’s really bad for the White House.”
Remember the exploding battery story?
http://www.eweek.com/article2/0,1759,2112974,00.asp?kc=EWRSS03119TX1K0000594
Sanyo Sees $17 Million Loss from Battery Recall
By Reuters April 11, 2007
TOKYO (Reuters)—Japan's Sanyo Electric Co. Ltd. said on Wednesday it is set to book a loss of 2.04 billion yen ($17 million) in its earnings for the year that just ended to cover part of the cost to recall mobile phone batteries.
The downside of success...
Google Faces Brain Drain As Anniversaries Hit
SAN JOSE, Calif. -- Less than three years after going public, Google is confronting one of the more confounding consequences of its phenomenal success: a potential brain drain if its earliest -- and richest -- employees quit after earning the right to cash in the last of the stock options that made them millionaires.
Hundreds of the 2,300 Googlers hired before the Internet juggernaut's initial public offering in August 2004 are hitting their fourth anniversary. When they do, they'll be free to cash in the final portions of their pre-IPO options, collectively worth an estimated $2.6 billion before taxes.
Nothing in government can move this fast...
http://www.bespacific.com/mt/archives/014519.html
April 11, 2007
DNI Announces 100 Day Plan for Integration and Collaboration
Press release: "Today, as in the past, the United States and our allies face dangerous challenges to our security, freedom, and way of life. The current global environment, however, is more interconnected, complex, and dynamic than the bipolar world of the Cold War. The advance of globalization has enabled, amplified, and accelerated threats stemming from international terrorism, weapons of mass destruction (WMD) proliferation, failed states, and illegal drug trafficking. These threats, among others, move at increasing speeds due to technology and across geographic and organizational boundaries, blurring the distinction between foreign and domestic threats, and between strategic and tactical events."
United States Intelligence Community (IC) 100 Day Plan for Integration and Collaboration, April 11, 2007 (11 pages, PDF)
How can you use data mining? (why would anyone want to do this? See next article...)
http://yro.slashdot.org/article.pl?sid=07/04/11/239243&from=rss
Xeroxing Personal Data From Your Browsing History
Posted by samzenpus on Wednesday April 11, @10:27PM from the xerox-knows dept.
grease_boy writes "Xerox has filed a patent covering a technique to recover demographic information like your age, sex and perhaps even your income by analysing the pattern of web pages you browse. They want to license the technique to online advertisers and shops. Read the full patent here."
There's gold in them thar clicks!
http://techdirt.com/articles/20070410/140020.shtml
ISPs On Selling Your Clickstream Data: No Comment
from the move-along-now-nothing-to-see-here dept
Last month there was a story floating around about how ISPs are making a lot of money selling off your clickstream data -- something they don't advertise, but which could have tremendous privacy implications. ISPs stayed pretty quiet following that and hoped the story would blow over -- but Broadband Reports points us to the news that the intrepid reporters over at Wired are calling up various ISPs to try to get a straight answer as to whether any of the big names are selling data on what you do online. So far, there seem to be an awful lot of "no comments" (or similar answers) on the list. While the ISPs seem to hope that this story will disappear, it has the makings of something that will come back to bite them in the future. Generally speaking, if ISPs are unwilling to admit to a reporter that they're selling customer data to third parties, that probably means they shouldn't be doing it...
New term?
http://techdirt.com/articles/20070411/101656.shtml
US Air Force Aims High With Bluespam
from the droppin-bombs dept
It seems that more and more brands and companies are trying to market themselves via Bluespamming -- sending out unsolicited messages and requests for connections to nearby mobile phones via Bluetooth. Marketers that use the practice, of course, don't call it Bluespam, and see it as a wonderful mechanism to use, even though the vast majority of people that receive the messages aren't interested in them. Now, it's the US Air Force that's turning to Bluespamming, as it plans to use the method to harass mobile phone users at a NASCAR race this weekend. A rep says Bluespamming will help prove the Air Force's high-tech chops to impressionable kids, while somebody from its ad agency says that it will help attract "tech savvy" recruits. Would they say the same things about email spam? Probably not. It's hard to see how annoying just about anybody with a Bluetooth phone in a particular area is a good way to market yourself, and never mind the horrific user experience of delivering content via mobile marketing. Needless to say, it's great to see the US government getting into the spamming business.
Using technology to get the word out...
http://www.pogowasright.org/article.php?story=20070411224745742
ANNOUNCE: New video on REAL ID
Wednesday, April 11 2007 @ 10:47 PM CDT - Contributed by: PrivacyNews - Fed. Govt.
Sent to us by the ACLU:
The ACLU has put out a new video short on the Real ID issue.
The piece (about 90 seconds long) stars Bill Cattorini, a retired Chicago fireman who's been caught in a bureaucratic limbo because of a discrepancy between the birth date listed on his driver's license and the date on his social security card. That was never an issue until Illinois began trying to comply with some parts of Real ID. Now Cattorini can't drive.
Cattorini is hardly unusual in having a quirk or discrepancy in his bureaucratic records. He represents the millions of others who will face similar problems, and worse, if Real ID goes into effect.
The ACLU has also set up an action center, where activists can see what's going on in their state - in states where legislation is moving, it lets activists shoot a message to their state legislators.
There are innocent people?
http://www.bespacific.com/mt/archives/014527.html
April 11, 2007
Tarlton Law Library Announces Actual Innocence Awareness Database
"The Tarlton Law Library has compiled an Actual Innocence awareness database which contains citations (and links, where possible) to current articles, scholarship, legislation and other materials in the dynamic world of wrongful convictions. The materials are classified into what are considered the primary causes of wrongful conviction: forensics/DNA; eyewitness identification; false confessions; jailhouse informants; police and/or prosecutorial misconduct; and ineffective representation. There is also a “general” category for those items which defy further categorization. The website will be updated as new resources become available. Please direct any questions or comments about this service to Melissa Bernstein."
Could it be that they have more money?
http://techdirt.com/articles/20070411/154713.shtml
Why Is It That Online Services Companies Need To Be Moral -- But Individuals Don't?
from the just-wondering dept
And here we go again. The latest politician to point the blame gun at the wrong target is the UK's education secretary, Alan Johnson. He was out complaining about cyberbullying and said that websites that host videos have a "moral obligation" to filter such content and take it down. There's been a lot of overreacting to cyberbullying lately, including things like banning YouTube in schools because it's been used for cyberbullying. However, again, the blame-placing is totally misguided. It's not YouTube or any other site's fault or "moral responsibility" to deal with the sophomoric actions of kids. It's the kids themselves and their parents. If YouTube has a "moral responsibility" to guard against this type of thing, then why don't the kids themselves have a much larger moral responsibility? Why isn't the education secretary focused on, I don't know, actually educating students about bullying, so they can learn how to better deal with it, rather than pretending he can hide it by asking online sites to deal with the problem. He also seems somewhat confused (someone should educate him) about how the internet actually works, and why it's really not reasonable or feasible for these sites to monitor and filter such content. Finally, the focus on the "cyber" part of the bullying is also misguided. Bullying is bullying -- and why should it matter if it's done online or done in person? The focus should be on bullying, period, without worrying about whether or not it involves the internet. Pretending that you've solved bullying just because you've taken it offline is a head-in-the-sand approach, where you pretend that just because you can no longer see it, it's gone away.
FUD as driver of law?
http://it.slashdot.org/article.pl?sid=07/04/11/1952247&from=rss
The Myth of the Superhacker
Posted by CowboyNeal on Wednesday April 11, @04:49PM from the scourge-of-the-internet dept. Security The Internet
mlimber writes "University of Colorado Law School professor Paul Ohm, a specialist in computer crime law, criminal procedure, intellectual property, and information privacy, writes about the excessive fretting over the Superhacker ( or Superuser, as Ohm calls him), who steals identities, software, and media and sows chaos with viruses etc., and how the fear of these powerful users inordinately shapes laws and policy related to privacy and digital rights."
Dilbert on e-discovery...
http://www.unitedmedia.com/comics/dilbert/archive/images/dilbert2007458210412.gif
No comments:
Post a Comment