Monday, February 02, 2009

Assessing the risks requires that you know the costs.

http://www.pogowasright.org/article.php?story=2009020206365117

Ponemon Study Shows Data Breach Costs Continue to Rise

Monday, February 02 2009 @ 06:36 AM EST Contributed by: PrivacyNews

PGP Corporation, a global leader in enterprise data protection, and the Ponemon Institute, a privacy and information management research firm, today announced results of the fourth annual U.S. Cost of a Data Breach Study. According to the study which examined 43 organizations across 17 different industry sectors, data breach incidents cost U.S. companies $202 per compromised customer record in 2008, compared to $197 in 2007. Within that number, the largest cost increase in 2008 concerns lost business created by abnormal churn, meaning turnover of customers. Since the study's inception in 2005, this cost component has grown by more than $64 on a per victim basis, nearly a 40% increase.

[...]

-- Average total per-incident costs in 2008 were $6.65 million, compared to an average per-incident cost of $6.3 million in 2007.

-- Healthcare and financial services companies experienced the highest churn rate -- 6.5 percent and 5.5 percent respectively, on a total average of 3.6 percent, which reflect the sensitivity of the data collected and the customer expectation that information will be protected.

Source - PR Newswire Press Release


Related

http://www.networkworld.com/news/2009/020209-data-breach.html?page=1

Data-breach costs rising, study finds

By Ellen Messmer , Network World , 02/02/2009

… "For the majority of our companies, it was not their first time," says Ponemon about the 43 U.S.-based companies in the 2008 data-breach study. "84% of the cases were repeat offenders, and only 16% were new."

… In other findings, the Ponemon study said 88% of all the cases for 2008 were traced back to insider negligence. The survey also showed that 44% of data breaches occurred due to external causes involving third parties, an increase from 40% in 2007 and 29% in 2006, the Ponemon report states.

… The most-cited steps that companies took following a breach included training and awareness programs; more manual procedures and controls; expanded use of encryption; identity and access-management deployments; and data-loss prevention products.



“We need to spy on our employees.” They're thinking of moving to the US, I'm thinking of moving to Finland.

http://www.pogowasright.org/article.php?story=20090202062124729

Fi: Vanhanen denies knowledge of Nokia threat over privacy legislation

Monday, February 02 2009 @ 06:21 AM EST Contributed by: PrivacyNews

Prime Minister Matti Vanhanen (Centre) has not heard that Nokia would ever have threatened to leave Finland if Parliament does not pass draft legislation on data privacy.

Helsingin Sanomat wrote an article in its Sunday edition on background work behind a proposed law which has been dubbed Lex Nokia.

The proposed law, aimed at preventing corporate espionage, would allow employers to monitor employees’ use of company e-mail traffic; while the content of employees’ messages would remain confidential, the employer would be allowed to see who the employee has corresponded with through the company’s e-mail system, and what kind of attachment material is linked with each message.

According to the article in Helsingin Sanomat, Nokia had hinted at the possibility that it might leave Finland if it is not given the right to monitor employee e-mail traffic.

Source - Helsingen Sanomat Related - Newsroom Finland



Attention Class Action lawyers: Unidentified software added to my system without my permission requires me to take the time to research it's origin, ways to remove it, and techniques for avoiding reinfection. Now I find it came from the Anti-Christ. Anyone need an expert witness/client?

http://tech.slashdot.org/article.pl?sid=09%2F02%2F01%2F2143218&from=rss

Microsoft Update Slips In a Firefox Extension

Posted by kdawson on Sunday February 01, @10:45PM from the hitch-hiker dept. Microsoft Mozilla Windows

An anonymous reader writes

"While doing a weekly scrub of my Windows systems, which includes checking for driver updates and running virus scans, I found Firefox notifying me of a new add-on. It's labelled 'Microsoft .NET Framework Assistant,' and it 'Adds ClickOnce support and the ability to report installed .NET versions to the web server.' The add-on could not be uninstalled in the usual way. A little Net searching turned up a number of sites offering advice on getting rid of the unrequested add-on."

The unasked-for extension has been hitchhiking along with updates to Visual Studio, and perhaps other products that depend on .NET, since August. It appears to have gone wider recently, coming in with updates to XP SP3. [Another attempt to force users to update to Vista? Bob]


Related? Something all programmers should know?

http://www.bespacific.com/mt/archives/020466.html

February 01, 2009

CWE/SANS TOP 25 Most Dangerous Programming Errors

News release: "...experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime. Shockingly, most of these errors are not well understood by programmers; their avoidance is not widely taught by computer science programs; and their presence is frequently not tested by organizations developing software for sale. The impact of these errors is far reaching. Just two of them led to more than 1.5 million web site security breaches during 2008 - and those breaches cascaded onto the computers of people who visited those web sites, turning their computers into zombies."

The Top 25 Errors are listed below in three categories:



I think there may be something to this, scary as it may seem. After all, these are the folks who will defend you when things go wrong.

http://www.bespacific.com/mt/archives/020469.html

February 01, 2009

New on LLRX.com: In 2009, Your Lawyers Are Your Best Knowledge Management Resource

Ahead of the Curve: In 2009, Your Lawyers Are Your Best Knowledge Management Resource - Gretta Rusanow outlines her recommendations on why this year presents an excellent opportunity to work on those long-desired collections of models, best practice documents, sample clauses and know how files.



Something for CPOs

http://www.bespacific.com/mt/archives/020462.html

February 01, 2009

New Tool Will Help Online Advertisers Develop Stronger Privacy Practices

"Center for Democracy and Technology (CDT) released a new assessment tool to help online advertising companies develop strong, appropriate privacy protections for the users they serve. Released to coincide with Data Privacy Day 2009, the Threshold Analysis for Online Advertising Practices, is the result of extensive consultation among CDT, Internet companies and public interest advocates. It notes a series of simple tests companies can use to determine whether online advertising activities may trigger the need for additional privacy protections. The document also provides suggestions on how companies can begin putting those protections in place."


Related

http://www.pogowasright.org/article.php?story=20090202063323738

Ontario's Privacy Commissioner, Dr. Ann Cavoukian, releases new tool to help protect privacy and manage online identity among multiple players

Monday, February 02 2009 @ 06:33 AM EST Contributed by: PrivacyNews

Ontario's Information and Privacy Commissioner, Dr. Ann Cavoukian, is releasing a new assessment tool tomorrow, intended for use by companies that will be sharing their online identity management systems. Calling it the "Federated Privacy Impact Assessment" or F-PIA, it will serve to ensure end-to-end privacy across all members of an association or federation.

Source - CNW Press Release



Serious tool or just another toy to play with?

http://mobile.slashdot.org/article.pl?sid=09%2F02%2F01%2F216242&from=rss

Local Police Want To Jam Wireless Signals

Posted by kdawson on Sunday February 01, @06:34PM from the hope-you-like-jammin'-too dept.

The Washington Post is reporting on the growing pressure from state and local law enforcement agencies for permission to jam wireless signals the way the Secret Service and the FBI can. Officials especially want to be able to drop a no-call blanket over local prisons around the country from time to time.

"...jamming remains strictly illegal for state and local agencies. Federal officials barely acknowledge that they use it inside the United States, and the few federal agencies that can jam signals usually must seek a legal waiver first. The quest to expand the technology has invigorated a debate about how widely jamming should be allowed and whether its value as a common crime-fighting strategy outweighs its downsides, including restricting the constant access to the airwaves that Americans have come to expect. ... Critics warn of another potential problem, 'friendly fire,' when one agency inadvertently jams another's access to the airwaves, posing a safety hazard in an emergency. [CTIA spokesman Joe] Farren said there are 'smarter, better and safer alternatives,' such as stopping inmates from getting smuggled cellphones in the first place or pinpointing signals from unauthorized callers."



This is not an “education problem” – it's a “change the culture” problem. Bill discovered that it is easier (more effective) to start from scratch rather than try to change existing practices/habits.

http://news.slashdot.org/article.pl?sid=09%2F02%2F01%2F2237217&from=rss

A Gates Foundation Education Initiative Fizzles

Posted by kdawson on Monday February 02, @08:10AM from the seemed-like-a-good-idea-at-the-time dept. Education The Almighty Buck

theodp writes

"Three years ago, Sarah-Palin-bogeyman William Ayers published a paper questioning the direction the small school movement was taking (PDF) with the involvement of would-be education reformers like the Bill and Melinda Gates Foundation. And now, after $2 billion in grants, Bill Gates concedes that in most cases his foundation's efforts in that area fell short. 'Many of the small schools that we invested in did not improve students' achievement in any significant way,' said Gates. Bill does cite High Tech High as one of the few success stories, but even there has to limit his atta-boys to the San Diego branch — the Gates-backed Silicon Valley High Tech High closed its doors abruptly due to financial woes (concerns about the sustainability of Gates-initiated small schools were voiced in 2005). Not surprisingly, some parents are upset about the capital that school districts wasted following Bill's lead."



For my Forensics students...

http://exforensis.blogspot.com/2009/01/talk-forensics-my-new-radio-show.html

Saturday, January 31, 2009

Talk Forensics - My New Radio Show

I am launching an internet based radio show, "Talk Forensics." Each show will feature an expert in one of the many fields of forensics. Listeners will be able to ask questions of the guest expert either by calling in to the show or by using the chat box at the show web page.

I will also have as guests, members of law enforcement and attorneys.

To listen to the show, you will need to go to Blog Talk Radio and register as a user. Then you can listen to any of the hundreds of radio shows available, including mine.

To get to my show, you will go to Talk Forensics Radio. That will take you directly to my show page.

The show airs each Sunday afternoon at 4PM Eastern time.

No comments: