Paige Leidig, SC Magazine, Tuesday, October 21, 2014
As concerns continue to mount over data breaches, data security, and regulatory compliance, particularly in public cloud environments, a growing number of cloud service providers (CSPs) are stepping up to the plate with beefed-up encryption offerings to assuage their customers' concerns. The additional encryption these CSPs now provide can certainly aid in protecting sensitive data from some types of attacks, but is CSP-provided cloud data encryption enough to secure your data and achieve compliance?
Russia Direct, Tuesday, October 21, 2014
Russia and China could soon sign an agreement on cooperation in the field of cybersecurity, a move that some see as an attempt to reduce American influence in the information technology field.
Monday, October 20, 2014
The Health Insurance Portability and Accountability Act (HIPAA) regulations govern health information maintained by various entities covered by HIPAA (“covered entities”) and other organizations that receive health information from covered entities when performing functions for them. HIPAA is enforced by the Office for Civil Rights (OCR) in the Department of Health and Human Services (HHS).
Sean Gallagher, Ars Technica, Monday, October 20, 2014
GreatFire.org, a group that monitors censorship by the Chinese government’s national firewall system (often referred to as the “Great Firewall”), reports that China is using the system as part of a man-in-the-middle (MITM) attack on users of Apple’s iCloud service within the country. The attacks come as Apple begins the official rollout of the iPhone 6 and 6 Plus on the Chinese mainland. The attack, which uses a fake certificate and Domain Name Service address for the iCloud service, is affecting users nationwide in China. The GreatFire.org team speculates that the attack is an effort to help the government circumvent the improved security features of the new phones by compromising their iCloud credentials and allowing the government to gain access to cloud-stored content such as phone backups.
Andrea Peterson and Craig Timberg, Washington Post, Friday, October 17, 2014
Mistakes in setting up popular office software have sent information about millions of Americans spilling onto the Internet, including Social Security numbers of college students, the names of children in Texas and the ID numbers of intelligence officials who visited a port facility in Maryland. The security problem, researchers say, has affected many hundreds of servers running popular Oracle software, exposing a peculiar melange of data to possible collection by hackers. Most of the institutions affected have been universities or government agencies, though they hold a wide range of information on individuals and private companies.
Monday, October 13, 2014
In the United States, a variety of different regulators are responsible for overseeing and enforcing different laws that impact different types of information. Some laws are exclusively enforced by agencies. Some are also enforced by state attorneys general. Others are enforced exclusively with a private right of action – the ability of individuals to bring lawsuits. Several laws have criminal penalties, which are typically enforced by the Department of Justice (DOJ). And then there are laws that are enforced by a combination of means, such as the Fair Credit Reporting Act (FCRA) which is enforced by two agencies plus private rights of action.
Thursday, October 09, 2014
Are privacy and security laws being enforced effectively? What kind of sanctions do privacy and security laws use for enforcement? In this post, I will discuss the various tools that are frequently used in the enforcement of privacy/security laws.
John Moore, FCW, Thursday, October 09, 2014
The Continuous Diagnostics and Mitigation program represents a dramatic shift from the government's traditional focus on certifying systems as secure and then rechecking them every so often. An effective cybersecurity strategy requires more than a periodic safety check. That's the thinking behind continuous monitoring, a risk management approach that seeks to keep organizations constantly apprised of their IT security status.
Tuesday, October 07, 2014
How are privacy and security laws enforced? How should they be enforced? What enforcement works well? What doesn’t? What are the various agencies that are enforcing privacy laws doing? How do the agencies compare in their enforcement efforts? I plan to explore these questions in a series of posts. Collectively, I’ll call this series “Enforcing Privacy and Security Laws.”
CloudTweaks, Tuesday, October 07, 2014
Much of the discussion lately has been around the JP Morgan security breach. There are also growing concerns that other companies may have been infiltrated as well which is not a surprise considering the ruthless nature of cyberwar. Security will always be an issue and something businesses must continuously prepare for in order to minimize damage. Here is an infographic discovered at IDG which take a closer look at Cyberwar in the U.S.