Leadership Solutions

Strategic News


Chase Ramps Up Security: Is It Enough?

The nation's largest financial institution, JPMorgan Chase, is taking an appropriate leadership role by describing how it's ramping up its security efforts, say analysts, who assess the bank's plans for three cybersecurity centers.
Bank info Security

Heartbleed Bug: The Latest Alerts

Mobile applications can be as vulnerable to the Heartbleed bug as websites, warns security vendor Trend Micro.
Bank info Security

National Retail Federation to Establish Cybersecurity Program

The National Retail Federation (NRF), the world’s largest retail trade association, has announced plans to create a retail and merchant industry information sharing and analysis center that will help companies deal with cyber threats.
Softpedia

All the passwords you should change because of Heartbleed, in one handy graphic

The Heartbleed security flaw was fixed in the newest version of OpenSSL, but you should still change your passwords on all of the sites affected by the bug.
VB News

These Sites Tell Which of Your Accounts Have Been Hacked

Heartbleed, the massive flaw in web encryption recently made public, is just one of the unending stream of vulnerabilities that enables hackers to steal personal details and passwords from companies with which you do business.
Forbes

KKR CIO Surveys Cyber Risk Among Private Equity Holdings

BitSight, a company that collects large quantities of data every day from sensors located in public servers and from partners, recently conducted a cyber vulnerability survey for KKR that examined the levels of cyber risk for 75 of the private equity firm's portfolio companies.
Wall Street Journal

Survey: Small Retailers Feeling Insecure

A new survey commissioned by ADT has found that only a third of small- and medium-sized retailers have complete confidence in their current security systems.
Security Director News

2 Regulators Issue Guidelines on Sharing Cybersecurity Information

Sharing data between companies about cybersecurity threats will not cause antitrust concerns, according to guidelines issued by the Federal Trade Commission and Justice Department on Thursday.
New York Times

Federal Energy Regulator to Take Steps to Protect Grid

Federal Energy Regulatory Commission (FERC) acting Chairwoman Cheryl LaFleur told lawmakers Thursday that her agency will perform a full review of the chain of custody of all documents following the release of sensitive information about the impact of a physical attack on the nation's electric power grid.
Wall Street Journal

56 Percent of Employees Still Receive no Security Awareness Training

A new EMA survey of employees in government, public and private companies, and nonprofits conducted found a majority still receive no security awareness training whatsoever.
Help New Security

Advanced Attackers Go Undetected for 229 Days

Organizations are generally discovering cybersecurity breaches earlier, and they are increasingly having to turn to outside help to do so, according to a new FireEye report.
Help Net Security

Trove of Software Flaws Used by U.S. Spies at Risk

Trove of Software Flaws Used by U.S. Spies at Risk
BloombergBusinessweek

Cybersecurity Is a Puzzle—Where Does Your Piece Fit?

Cindy Fornelli, the executive director of the Center for Audit Quality, writes that deepening collaboration and ensuring effective communications among key players is the key to effectively fighting cybercriminals.
Pulse

Aviation Industry and Government to Share Cyber Threats in New Intelligence Center

The U.S. government and the aviation industry on April 15 launched the Air Domain Intelligence Integration Center and an analysis center, which will be used by government and industry officials to share information on cyber threats.
Wall Street Journal

113 People Detained and 70 Arrested in Action Day Tackling Airline Fraud

On 8 and 9 April 2014 law enforcement agencies from across the world, supported by the European Cybercrime Centre (EC3) at Europol, joined forces with the airline, travel and credit card industries in the largest ever attack upon online fraud and illegal immigration.
Europol

Sharing cyber threat details not antitrust violation, U.S. says

The U.S. government on Thursday urged companies to share information with each other about cyber threats and issued guidance making clear that doing so would not violate antitrust laws.
Reuters

Power Companies Struggle to Maintain Defenses Against Cyber-Attacks

When experts rank U.S. industries' abilities to ward off potentially damaging cyberattacks, the electric utilities are normally near the bottom.
insurancenewsnet.com

PrecisionHawk's drones collect data on crops from hundreds of feet above.

These companies are mining the world’s data by selling street lights and farm drones.
Quartz

DHS Turns to Mentors to Strengthen Cyber Workforce

The U.S. Department of Homeland Security (DHS) has adopted a rotation and mentorship strategy to find and develop qualified cybersecurity professionals.
Federal News Radio

With Rare Support, Chemical Security Legislation Advances in House

A bill that provides long-term authorization for the Department of Homeland Security's chemical-facility antiterrorism security (CFATS) standards was approved by the House Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies on Thursday.
National Journal (DC)

Experian Faces Connecticut, Illinois Probes of Data Breach

Representatives for Connecticut Attorney General George Jepsen and Illinois Attorney General Lisa Madigan have confirmed that they are investigating Experian following a breach of a company database by Hieu Minh Ngo, a Vietnamese man who has pleaded guilty to selling credit-card data, Social Security numbers and other personal information to fraudsters that had been taken from the Experian database.
Wall Street Journal

Pentagon to Triple Cyber Staff to Thwart Attacks

U.S. Defense Secretary Chuck Hagel recently made his first major speech on cyber policy, which focused on significantly growing the ranks of the Pentagon's cyberwarfare unit in an effort to defend against foreign attacks on important U.S. networks.
Associated Press

Cost of Advanced Evasion Techniques in Recent Data Breaches

There is a great deal of misunderstanding, underestimation, and ignorance of advanced evasion techniques (AETs) among CIOs and security managers, according to a new McAfee report.
Help Net Security

Internet of Things: Mitigating the Risk

Tony Sager, chief technologist of the Council on Cybersecurity and former COO of the U.S. National Security Agency's information assurance directorate, has turned his attention to mitigating the cybersecurity threats facing Internet-connected embedded devices, the Internet of Things.
GovInfoSecurity.com

Law Firms are Pressed on Security for Data

Large corporations and banks are increasingly pressing the law firms they work with to demonstrate that their computer systems are using the best technologies to identify and mitigate online intrusions and to take extra steps to ensure that their systems are well protected.
New York Times

NIST, DHS Push for More Engagement Around Cyber Framework

The White House's cybersecurity framework to safeguard the nation's critical infrastructure was implemented six weeks ago, and federal officials say they are seeing progress but need Congress to address liability protection for companies.
Federal News Radio

Security Firm Trustwave Says Target Data Breach Claims Baseless

Credit-card security firm Trustwave Holdings, which has been sued along with Target over a sweeping data breach, says it did not process cardholder data for the retailer or handle Target's data security as a lawsuit alleges.
Reuters

Credit Card Issuers Seek Out New Ways to Increase Data Security

Reports of major data breaches continue to rise even though major retailers are required to comply with cybersecurity guidelines set by the credit card industry.
US Finance

Navy-Base Shooting Raises Concerns Over Port-Security Program

Sen. Mark Warner (D-Va.) sent a letter to Homeland Security Secretary Jeh Johnson and Navy Secretary Ray Mabus on March 28 to express his concerns about the effectiveness of the Transportation Worker Identification Credential (TWIC) program in the aftermath of a shooting at a Norfolk, Va., naval base last week.
Wall Street Journal

Could Our Food Supply be a Target for Terrorists?

The Food and Drug Administration has proposed new rules that would require domestic and foreign companies that process and manufacture food and ship it to the U.S. to take steps to mitigate the risk of potential terrorist attacks against their facilities.
NPR Online

Cargo-Theft Recovery Program Launched in Canada

On March 18, the Insurance Bureau of Canada (IBC) and the Canadian Trucking Alliance (CTA) introduced a new phase of the Cargo Reporting Program, which was designed to help combat the country's growing $5 billion cargo theft problem.
Security Director News

Defense Firms Find Work Battling Corporate Hackers

Defense contractors that have traditionally served the federal government are now hoping to help corporate clients defend against cyberattacks through software or consulting services.
Wall Street Journal

Banks' Suit in Target Breach a 'Wake Up Call' For Companies Hiring PCI Auditors

Trustmark National Bank and Green Bank filed a lawsuit in federal court against Target and Trustwave Holdings on Monday in response to the massive data breach the retailer suffered last year.
CSO Online

Visa's Chief Risk Officer on the Future of Credit Card Fraud

Visa Chief Risk Officer Ellen Richey acknowledges it will take several years for the U.S. to achieve widespread use of credit cards with embedded chips.
MarketWatch

US Not Waging Industrial Espionage

Senior U.S. intelligence officials speaking on condition of anonymity say that the U.S. is not spying on foreign companies in order to give American firms a competitive advantage, despite claims by Edward Snowden to the contrary.
Sky News

Target, Visa Say Fraud Limited in Wake of Data Breach

Target has seen relatively little fraudulent activity on its payment cards since the massive data breach last year, said chief financial officer John Mulligan, speaking at a Senate Commerce Committee hearing on Wednesday.
Wall Street Journal

Half of IT Execs Don't Tell Boards Truth About Breaches

According to a survey of 1,083 IT and IT security workers conducted by Ponemon Institute in January, half of CIOs and CISOs do not tell executives at their companies the truth about cybersecurity breaches.
Wall Street Journal

Changes Proposed to US CFATS Facility Security Rules

According to Pharmaceutical Research and Manufacturers of America (PhRMA), it is too early to predict the impact that changes to the Chemical Facility Anti-Terrorism Standards (CFATS) proposed by Rep. Patrick Meehan (R-Pa.) will have on the pharmaceutical industry.
in-Pharma Technloogist

Why Identity is the New Firewall

Identity management is becoming the new firewall that keeps out those who are not allowed to gain access to an area within a building, facility, or campus.
Security Magazine

U.S. Utilities Tighten Security After 2013 Attack

Two electric utilities have announced that they are taking steps to improve the security of their facilities following increased concerns about the possibility of terrorist attacks on the nation's power grid.
Wall Street Journal

Big Data Analytics: The Enterprise's Next Great Security Weapon

The use of big data analytics by companies to better protect data and secure networks will more than triple in the next two years, according to a new Gartner report.
ZDNet

Can Threat Modeling Keep Security a Step Ahead of the Risks?

Cybersecurity experts say it is important for organizations to perform threat modeling on a regular basis in order to stay ahead of potential threats.
CSO Online

Study Shows Those Responsible for Security Face Mounting Pressures

IT security professionals are increasingly feeling stress in their jobs, according to a new Trustwave survey of 833 security decision makers in the U.S. and several other countries.
CSO Online

Microsoft Takes to the Front Lines in the War on Cybercrime

Stepping up to fight the cyber war, Microsoft unveiled a new state of the art Cybercrime Center specifically designed to battle botnets, malware and other various forms of internet crime.
Entrepreneur

Assault on California Power Station Raises Alarm on Potential for Terrorism

Former Federal Energy Regulatory Commission (FERC) Chairman Jon Wellinghoff and others are warning that a little-known attack on an electric substation in Santa Clara County, Calif., last year could be a herald for larger attacks aimed at causing widespread power outages.
Wall Street Journal

Point of Sale System Attack Campaign Hits More Than 40 Retailers

The ChewBacca Trojan has infected more than 40 merchants and stolen payment card and personal information from approximately 50,000 customers by targeting point of sale systems (POS), according to RSA FirstWatch.
Dark Reading

Data Security Is Not Their Responsibility, Say 23 Percent of Employees

A new survey of employees by Absolute Software finds that nearly a quarter believe that data security is not their responsibility.
Computer Weekly

Security Professionals Identify IT Risks Associatied With Cloud Computing

ESG recently surveyed 211 enterprise security professionals about what they saw as the biggest security risks associated with using cloud infrastructure services.
Network World

Target Traces Security Breach to Stolen Vendor Credentials

Target spokeswoman Molly Snyder confirmed that the company's ongoing investigation into the recent data security breach has revealed that hackers were able to gain access to Target's systems by using a vendor's credentials which they had stolen.
ZDNet

The Economics of a National Cyber Immune System

At the recent Cyber Innovation Forum in Baltimore, White House cyber czar Michael Daniel spoke about the need to strengthen the federal government's "cyber immune system."
Federal Computer Week

Stumbling Blocks That Faceplant Security Analytics Programs

here are a number of obstacles that often prevent enterprises from effectively integrating security analytics into their IT security infrastructure. First among these is siloed organizational units that impede the effective gathering and sharing of data.
Dark Reading

SURVEY: WORKPLACE MISCONDUCT AT HISTORIC LOW

Research released today by the Ethics Resource Center (ERC), America’s oldest nonprofit advancing high ethical standards and practices in public and private institutions, reveals that workplace misconduct is at an historic low, having steadily and significantly declined since 2007.
ERC Ethics Resource Center

Preparing Utilities to Respond to Cyberattacks

Sharon Chand, a director with Deloitte & Touche's Security & Privacy, notes that the decades of experience utilities have in preparing for natural disasters can be used to help guide their responses to cyberattacks.
Wall Street Journal

Three Ways to Better Secure Your Data in 2014: It’s Time for Two-Factor Authentication"

According to technology consultant Geoffrey Fowler from the Wall Street Journal, every business' priority should be security in 2014. In light of recent security breaches by Skype and SnapChat, Fowler says businesses must be vigilant about upholding security.
Wall Street Journal

Hacker Threats Rise, With Defenders Lacking: Report

The Cisco Annual Security report, which was released on Thursday, showed that the technology and techniques used by hackers and other online criminals has outpaced security professionals ability to defend against such threats.
Agence France-Presse

Is Rapid Detection the New Prevention?

Many IT security experts say the time when a strong perimeter defense could be counted on to defend a network is over, and that what is needed is a greater focus on technologies that detect network breaches and cut them off before they can do any serious damage.
Network World

Senior Managers Are the Worst Information Security Offenders

Senior managers pose a major security risk for companies, according to a Stroz Friedberg nationwide survey of 764 information workers
Help Net Security

Algorithms are Changing the Face of Situational Awareness and Online Security

The adoption of algorithms is changing the face of both situational awareness and online security, as algorithms only take a few seconds to perform technical tasks, which allows humans to concentrate on more complex problems.
Security InfoWatch

"Top Six Data Breach Trends for 2014

The theft of debit and credit card information from Target in November and December was just one of many data breaches that took place in 2013.
Security InfoWatch

Game Theory Helps Corporate Risk Managers Analyze Terrorism Risks

Corporate risk managers have found that game theory can improve terrorism risk analysis by helping them prepare for unexpected situations.
Homeland Security News Wire

US Employee Prescription Drug Use Booms as Workers Evade Positive Marijuana and Cocaine Tests

A new study by Quest Diagnostics has found that U.S. workers are becoming more knowledgeable about how to game pre-employment drug screening.
International Business Times

Cybersecurity Training a Top Priority for Industry, Government

Cybersecurity professionals are expected to be in high demand through 2020 and beyond, and private- and public-sector organizations are launching outreach programs to train workers.
eWeek

Spear Phishing Poses Threat to Industrial Control Systems

Security experts say that energy companies that use supervisory control and data acquisition (SCADA) systems need to ensure that their anti-phishing programs are strong, as a successful phishing attack could be as devastating as the Stuxnet attack.
CSO Magazine

7 Simple Ways You Can Protect Your Ideas From Theft

There are a number of ways that businesses and individuals seeking investors, partners, or employees to support their ideas or discoveries can prevent those associates from marketing that innovation as their own.
Forbes

Executive Bad Habits, Including Porn, Endanger Corporate Security

A recent study conducted by Opinion Matters for ThreatTrack Security showed that company executives may pose one of the biggest security risks to organizations.
PC World

Schools Safe as Ever Despite Spate of Shootings, Scares

According to the departments of Justice and Education, school safety has improved and violence has fallen for students and teachers.
USA Today

Kelihos Botnet Thrives, Despite Takedowns

Kaspersky Lab's sinkholing of one version of the Kelihos botnet 19 months ago—together with CrowdStrike, the Honeynet Project, and Dell SecureWorks—along with other significant eradication efforts, have resulted in a sharp decline in related botnet activity, according to research the lab recently published.
Information Week

Security Is Top Concern in 2014 for State CIOs

Security is the top concern next year for state CIOs, according to NASCIO's State CIO Top Ten Policy and Technology Priorities for 2014 survey.
FierceCIO

Attack Ravages Power Grid. (Just a Test.)

Nearly 10,000 cybersecurity specialists, electrical engineers, FBI agents, and utility executives took part in the more than 48-hour long continental-scale war game known as GridEx II.
New York Times

Personal Devices Pose Biggest Threat to Corporate Security

Security software provider, Check Point, has found that 93 percent of US and UK companies use mobile devices to connect to corporate networks, while 67 percent allow employees to connect personal devices.
Financial Times

Employee Theft on the Rise, Survey Reveals

Jack L. Hayes International's Annual Retail Theft Survey shows that retail theft increased 5.5 percent in 2012, which was the second increase in as many years.
Digital Journal

Early Stage Startups Vulnerable to IP Theft

David DeWalt, the chairman and CEO of the cybersecurity firm FireEye Inc., has warned that there is a clear correlation between press releases detailing a startup's acquisition of venture capital funding and attacks by thieves seeking to steal the startup's intellectual property.
Wall Street Journal

The Many Faces of Financial Fraud

Improvements in payment protections and security practices are beginning to shift the liability for financial fraud onto the least-secure party involved in the transaction.
CSO Magazine

Ridge Warns Utility Officials on Threat of Attack

During the "Grid 20/20: Focus on Resilience" conference in Philadelphia on Tuesday, former Homeland Security Secretary Tom Ridge warned regional utility officials that they need to explore more ways to protect the nation's electric grid from attack.
Philadelphia Inquirer

PCI council publishes updated payment security standards

On Thursday, version 3.0 of the Payment Card Industry Data Security Standard (PCI DSS) and Payment Application Data Security Standard (PA-DSS) became available for merchants, who'll have until January 1, 2014 before the requirements become effective.
SC Magazine

Bipartisan Cybersecurity Measure to be Introduced in Congress

Sen. Saxby Chambliss (R-Ga.) reported last week that he planned to introduce cybersecurity legislation to improve data sharing between the public and private sector.
Home Security News Wire

Chinese Army's Industrial Espionage Continued Even After Exposure

The Chinese military continues to support widespread corporate espionage against U.S. companies, according to a report from the US-China Economic and Security Commission, a congressional advisory panel
International Business Times

Mobile Phone Use a Significant Security Risk for Companies

New research from the U.K.'s University of Glasgow finds that the improper use of corporate mobile devices by employees is exposing companies to potentially serious security and legal risks.
Home Security News Wire

NSA Chief Likely to Be Stripped of Cyber War Powers

Senior military officials are strongly considering removing the National Security Agency director's authority over U.S. Cyber Command.
The Hill

Security Check Now Starts Long Before You Fly"

Airline passenger screening is being expanded by the Transportation Security Administration, as a search of several government and private databases will now be conducted prior to passengers' arrival at the airport.
New York Times

4 Ways Metrics Can Improve Security Awareness Programs

It is important to use the right metrics in the right way to properly evaluate and make the case for security awareness programs.
CSO Online

Despite Drop in Fraud, Businesses Told to Remain Vigilant

The percentage of companies reporting instances of fraud has fallen from 75 percent to 61 percent, according to the latest version of Kroll's annual Global Fraud Report
CSO Online

Millions of Employees Victims of Workplace Violence

The federal Occupational Safety and Health Administration (OSHA) has begun paying closer attention to violence between workers and to violence directed at employees by customers, clients or other outsiders, said Thomas Fuller, an assistant professor at Illinois State University who teaches a course on workplace violence
Pantagraph

Cybersecurity Talent Pipeline Not Being Fed by High Schools, Survey Finds

Less than a quarter of the 1,000 adults between the ages of 18 and 26 who took part in the recent Raytheon Millennial Cybersecurity Survey expressed an interest in a career in cybersecurity.
Homeland Security Today

Report indicates insider threats leading cause of data breaches in last 12 months

The National Insider Threat Policy aims to strengthen the protection and safeguarding of classified information by: establishing common expectations; institutionalizing executive branch best practices; and enabling flexible implementation across the executive branch.
CSO Online

What litigation tells us about the dangers of IP theft

While many companies are now stepping up security measures to better identify and protect their IP, still too many companies and employees fail to grasp the seriousness of protecting IP (and the repercussions that often flow from failing to do so).
Network World

How Awareness and Communication Improve Workforce Protection: Building workforce protection on awareness, communication

Violence in the workplace is a greater issue in the United States than elsewhere in the world, says Paul N. Whelan, a senior manager at global staffing provider Kelly Services who is focused on preventing workplace violence.
Security Magazine

Security Perspectives Surveyed

National security is no longer solely about defending the borders; it now includes making society resilient in the face of a wide range of threats.
Security Management

The Mars-and-Mercury Problem of Cybersecurity

Half of all federal cybersecurity breaches are caused by personnel who fail to comply with security measures in place at their agencies, according to a new Meritalk study.
FCW

A Real-World Approach to Risk-Based Security Planning

Investing in security technology is no guarantee of protection against cyber threats, according to a new global study by the Ponemon Institute, which found that despite serious business investment in modern security solutions, malware incidents increased 58 percent between 2011 and 2012.
CSO Online

Are We Too Busy for Metrics?

Tripwire and Ponemon Institute have some surprising findings in their latest survey on the state of risk-based security management.
Security Technology Executive

New California Law Requires Employers to Make Security Accommodations for Domestic Violence Victims

California Gov. Jerry Brown signed a bill on Oct. 11 that will require employers to make security accommodations for employees who are victims of domestic violence, sexual assault, or stalking.
Security InfoWatch

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
The National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

Report Indicates Insider Threats Leading Cause of Data Breaches in Last 12 Months

Forrester Research recently released its Understand the State of Data Security and Privacy Report, which draws on a survey of small and medium businesses and other enterprises in the United States, Canada, Britain, France, and Germany.
CSO Online

Pilots Union Warns of Possible Terrorism 'Dry Runs'

An internal memo from the US Airlines Pilots Association indicates that there have been several recent cases throughout the airline industry of "dry runs" aimed at determining how airline personnel respond to in-flight threats.
USA Today

Google Now Taking Down Eight 'Pirate' Links Every Single Second

Google processed a record 5.3 million Digital Millennium Copyright Act (DMCA) notices to remove pirate links in the last week of September, and is now taking down nearly nine URLs per second, according to its transparency report.
Torrent Freak

The student loan bubble is starting to burst

JPMorgan Chase has sent a memorandum to colleges notifying them that the bank will stop making new student loans in October, according to Reuters.
Economic Policy Journal

What Litigation Tells Us About the Dangers of IP Theft

A recent study commissioned by Symantec found that half of all departing employees retain confidential corporate files after being terminated. In addition, more than half of employees feel it is acceptable to move corporate data to personal devices, email accounts, or cloud services without prior company approval.
Network World

IT Security Industry To Expand Tenfold

The IT security industry is already a $60 billion business that includes about 80 categories of products, but industry observers say it is expected to grow tenfold in the next ten years as the threats represented by hackers and government surveillance continue to diversify.
Forbes

Illinois Enacts Concealed Carry Employment Policies

The new concealed carry law in Illinois has employers worried about balancing the need to comply with the law and the need to ensure the safety and security of employees.
Lexology

Top 10 Global Risks Underscore Business Concerns

Two separate studies from Accenture and Aon Risk Solutions have found that organizational risk managers worldwide are closely aligned when it comes to risks they are most concerned about.
National Law Review

What Keeps CEOs Up at Night?

The Lloyd’s Risk Index provides a good view of global risk from the perspective of corporate leaders. This year’s worldwide survey comprised 588 C-Suite and board level executives from companies of various sizes.
Security Magazine

ERM: Old Concept, New Ideas

Enterprise risk management (ERM) is still not close to being standard operating procedure in the majority of enterprises. A
CSO Online

Multinationals in Egypt Hunker Down to Keep Workers, Infrastructure Safe

The political violence in Egypt has prompted multinational companies to deploy their own emergency strategies to protect their employees, supply chains, and bottom lines, reports the Wall Street Journal.
Wall Street Journal

U.S. security industry a $350B market

A new study released this week by ASIS International and the Institute of Finance and Management found that the U.S. security industry is a $350 billion market, the majority of which consists of private sector spending ($282 billion) followed by federal government spending on homeland security ($69 billion).
securityinfowatch.com

FBI Taps Hacker Tactics to Spy on Suspects

The FBI has started using hacking tools to track terrorism and other suspects using new communications technology. Unlike phones, these communication methods cannot be accessed via conventional wiretaps, so FBI agents have had to innovate to keep up.
Wall Street Journal

The Future of BioWatch

The Department of Homeland Security (DHS) is currently conducting an analysis of alternatives to determine how to best proceed with the next stage of BioWatch, its system for detecting biological terrorist threats.
Homeland Security Today

Threat Intelligence Needed Quickly or Not at All, Ponemon Study Finds

Companies can mitigate their losses by 40 percent if they use information on current threats, but the value of that information diminishes quickly, according to a recent survey of security professionals by the Ponemon Institute.
eweek

Attackers Turning to Legit Cloud Services Firms to Plant Malware

Malware writers are escalating their use of commercial file-hosting sites and cloud services to distribute malware programs, according to security researchers.
Computerworld

How CISOs Help Lower Breach Costs

The cost per record exposed in a data breach is lower for organizations with a chief information security officer, according to the 2013 Cost of Data Breach Study by the Ponemon Institute and Symantec.
GovInfoSecurity.com

'Ban the Box' Laws Make Criminal Pasts Off-Limits

City officials in Richmond, Calif., recently passed an ordinance banning city contractors from inquiring about the criminal histories of job applicants.
Wall Street Journal

Report: Comcast to Send Real-Time Notifications of Copyright Infringement

Comcast is currently testing a new strategy for cracking down on copyright infringement that will detect whether or not a customer is trying to download a movie from a site like BitTorrent.
TechHive

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.
abaNOW.org

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.
GovInfoSecurity.com

Hackers Pose as Department of Homeland Security in Ransomware Web Scam"

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users.
V3.co.uk http://www.v3.co.uk/v3-uk/news/2286201/hackers-pose-as-department-of-homeland-security-in-ransomware-web-scam

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News

Taking Steps Now Can Help Reduce Workplace Violence Later

In a recent American Bar Association (ABA) program, "Assessing Security and Avoiding Violence in the Workplace," several experts emphasized the importance of flexibility in helping to prevent difficult workplace situations from escalating into violence.
abaNOW.org

Security Intelligence Services Ramp Up

The use of automated security systems based on pattern recognition and big data continue to be one of the best tools for IT security. This is especially the case for organizations with limited funding or manpower.
CIO Insight

CIOs Issue Social Media Privacy Practices Guide

The federal Chief Information Security Council has just published guidance saying federal agencies must be transparent in how they use social media, especially those that involve viewing publicly available information.
GovInfoSecurity.com

Hackers Pose as Department of Homeland Security in Ransomware Web Scam

The US Computer Emergency Response Team (CERT) has discovered ransomware through which hackers posing as the US Department of Homeland Security (DHS) and the National Cyber Security Division are extorting vast sums of money from Web users
V3.co.uk

Stanford Probes Breach as Attacks on University Networks Soar

Stanford University advises its network users to change their passwords after experiencing a data breach that school officials say resembles incidents reported in recent months by a range of companies and large organizations.
Government Computer News http://gcn.com/articles/2013/07/26/stanford-network-security-breach-university-attacks-soar.aspx

GOP lawmakers boycott DHS nominee hearing

Senate Republicans boycotted a hearing last Thursday to consider President Obama’s nominee for deputy DHS secretary.
Homeland Security Newswire

Senate panel to vote this week on cybersecurity bill

The Senate Commerce Committee will this week vote on an industry-backed cybersecurity bill before Congress takes an August recess.
Homeland Security Newswire

North Carolina’s biothreat warning system receives funding

The North Carolina Bio-Preparedness Collaborative (NCB-Prepared), a project to develop an early warning system to detect biothreats, has received $3 million in funding.
Homeland Security Newswire

The arithmetic of gun control and gun violence

The most comprehensive statistical study of gun violence in the United States – examining data going back to the First World War – finds that, in more common domestic and one-on-one crimes, reduced legal gun availability, if properly enforced, is likelier to lower deaths.
Homeland Security Newswire

Research priorities for understanding public health aspects of gun-related violence

A new report from the Institute of Medicine (IOM) and National Research Council (NRC) proposes priorities for a research agenda to improve understanding of the public health aspects of gun-related violence.
Homeland Security Newswire

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 design data is helping U.S. adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers.
Network World

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks.
Harvard Business Review

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plots

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
The Washington Post

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
The Washington Post

What Story Would You Tell?

A security manager is typically given a budget target, but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs, George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive.
Security Technology Executive

Plans to Centralize Cybersecurity With DHS Seen as Step Forward

The Department of Homeland Security (DHS) has proposed the creation of a $6 billion shopping network that would allow government agencies to protect unclassified networks from cyberattacks.
CSO Online

How CIOs Should Talk to the Board About Security

Chief Information Officers (CIOs) and Chief Information Security Officers (CISOs) must discuss cybersecurity issues with company boards to ensure their organization is prepared to deal with potential cyberattacks.
Deloitte

Firms Fortify Fraud Defenses

Internal controls for preventing fraud and other risks at companies have, until now, been based on a 20-year-old framework that did not consider the risks posed by cloud computing, mobile technology, outsourcing, and shifts in corporate governance.
Wall Street Journal CFO Journal Blog

Universities Face a Rising Barrage of Cyberattacks

American research universities are looking to improve cybersecurity in the face of a rising tide of hacking attempts against their networks.
New York Times

NC Companies' Secrets at Risk, Cyber Terrorism Experts Say

Cyber terrorism experts say that companies in North Carolina remain vulnerable to attacks from hackers looking to uncover trade secrets.
WRAL.com

Annual U.S. Cybercrime Costs Estimated at $100 Billion

The cost of cyberespionage and cybercrime to the United States is as much as $100 billion per year, according to a recent Center for Strategic and International Studies (CSIS) and McAfee study.
Wall Street Journal

Why Help Desk Employees Are a Social Engineer's Favorite Target

A new report from the SANS Institute and RSA finds that help desk workers are some of the softest targets for social engineering attacks.
CSO Online

One Big Threat to Cybersecurity: IT Geeks Can't Talk to Management

The communications disconnect between IT staff and senior management on security issues is often the result of the inability or unwillingness of IT staff to communicate technical matters in a way that executives can understand, according to a new report from the Ponemon Institute and Tripwire.
Quartz

Is Anyone Really Responsible for Your Company's Data Security?

While protecting a company's trade secrets, confidential business plans, and other critical information is vital to the bottom line, very often there is no one within the company who is responsible for information security.
Harvard Business Review

Viewing Cyber Security as a 'Whole Business' Issue

Only 40 percent of Canadian executives are concerned about cyber security threats despite many recent high-profile attacks, according to the latest annual C-Suite survey from Gandalf Group and sponsored by KPMG.
Toronto Globe & Mail

Senior Management Officials Do Not Understand Security Metrics As It Is Too Technical

Tripwire and the Ponemon Institute surveyed more than 1,300 IT professionals and found that nearly half -- 49 percent -- were unsure that their organizations' metrics could convey security risk management efforts to senior executives.
SC Magazine

Banks Gird for Battle Against Cyberattackers

JPMorgan, Bank of America, and Citigroup are among the banks that are taking part in a simulated cyberattack on Thursday.
Associated Press

U.S., Firms Draw a Bead on Chinese Cyberspies

In an effort to curb cybersecurity and hacking, the U.S. government earlier in the year gave U.S. Internet service providers addresses associated with a hacking group with suspected ties to the Chinese military.
Wall Street Journal

Make Way for State and Local Cyber-Ranges

The U.S. government has wanted a nationwide network of unclassified cyberexercise facilities for years, and now that idea is coming to state and local governments.
Government Technology

Experts: Obama's Plan to Predict Future Leakers Unproven, Unlikely to Work

The Insider Threat Program, which the Obama administration launched in October 2011 to identify government employees or contractors likely to leak sensitive information, has come under harsh criticism in light of the recent National Security Agency (NSA) leaks by contractor Edward Snowden.
McClatchy Washington Bureau

20 Critical Controls Do Improve Cybersecurity, But Are You Using Them?

A new survey of security professionals by the SANS Institute shows that acceptance and implementation of the 20 Critical Security Controls developed by SANS and other institutions is maturing slowly.
Government Computer News

Darkleech' Malware Undertakes Ransomware Campaign

Eset security researchers are warning of a new malware campaign called Darkleech that utilizes compromised Apache servers to lock users' computers and tries to extort money from the victims to release their machines.
IDG News Service

U.K. Lawmakers Sound Alarm on Cyberattacks

The United Kingdom parliament's intelligence and security committee on Wednesday released a report warning that the cyberattack threat "is at its highest level ever" and likely to rise.
Wall Street Journal

Exploiting Prepaid and Alternative Currencies

Sources say a new type of mobile card reader has been developed for use by U.S. Immigration and Customs Enforcement agents that could recognize the value on prepaid cards and allow law enforcement to get a court order to temporarily freeze and hold the funds if criminal activity is suspected.
Prepaid Press

U.S. research universities subject to sustained cyberattack campaign by China

Leading U.S. research universities report that they have been subject to millions of Chinese hacking attempts weekly. The Chinese are aware that universities, and the professors who do research under the schools’ auspices, receive thousands of patents each year in areas such as prescription drugs, computer chips, fuel cells, aircraft, medical devices, food production, and more.
Homeland Security Newswire

Dealing with man-made earthquakes

Between 1967 and 2000, central and eastern United States experienced on average 20 earthquakes above a magnitude 3.0 a year. Between 2010 and 2012, the number of earthquakes above a magnitude 3.0 in these regions has dramatically increased to an average of 100 a year
Homeland Security Newswire

ebay Director Hired to Solve ÂŁ30Bn Retail Problem

ebay Director John Mearls has been elected vice chair of the Online and Mail Order Loss Prevention Forum to help tackle a ÂŁ30billion U.K. cybercrime problem.
Retail Gazette

The Price of Surveillance: Gov't Pays to Snoop

Some telecommunications and Internet companies are taking advantage of a provision in federal law that allows them to charge law enforcement and intelligence agencies to complete some surveillance requests.
Associated Press

Can Agencies Team Up in Responding to Cyber Attacks

The U.S. National Institute of Standards and Technology is seeking input for planned guidance on interagency cooperation and response during cybersecurity incidents.
Government Computer News

DHS Report: Energy Sector Now a Bigger Target for Cyber Attackers

A report issued by the Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) shows that there has been a significant increase in the number of cyberattacks in the energy sector over the past year
Wall Street Journal

For NSA, Hackers Are Needed, Risky

Rapidly improving technology and growing pressure to outsource important government services have forced spy agencies such as the National Security Administration (NSA) to increasingly turn to "hackers" like Edward Snowden.
Wall Street Journal

Banks to Heighten Mobile Wallet Security by Walling Off Data

Citigroup, U.S. Bancorp, and other members of the Clearing House industry trade group are collaboratively developing technology designed to boost the security of mobile wallets by walling off customer account data from merchants and other third parties.
American Banker

What's Wrong With Cybersecurity Training?

While federal agencies have been increasing their efforts in training, education, recruiting, and hiring, the government still faces a shortage of skilled cyberprofessionals
Federal Computer Week

Cybercriminals Expand DDOS Extortion Demands

Extortion by threatening to launch a distributed denial-of-service against a target site if one of an increasing number of schemes being used by criminals as DDoS tools become increasingly powerful, accessible, and cheap.
InformationWeek

A Sign of Cyber Threats to Come

Chief information officers of American companies have been warned against the dangers of widespread cyberattacks on their systems as well as the need to prepare defenses against such attacks, following cyberattacks against six South Korean banks and media companies in March that shut down operations and destroyed data on nearly 48,000 computers.
Wall Street Journal

U.S. Looks to Blunt Corporate Espionage by Chinese Firms

Benjamin Bai, a partner at Allen & Overy in Shanghai, commented that a recent law strengthening the U.S. Economic Espionage Act is likely to encourage U.S. companies to file criminal charges against Chinese companies that steal their intellectual property.
Wall Street Journal

Packaging Design Aims to Reduce Theft of Infant Formula

Tyco Integrated Security and Perrigo Nutritionals have jointly developed a theft-resistant infant formula container in an effort to combat increasing retail theft of baby formula.
Security Director News

'Password Fatigue' Haunts Internet Masses

Millions of Internet users know that passwords are not safe when hackers can steal them en masse from banks, email services, retailers, or social media sites that fail to fully protect their servers.
Agence France-Presse

Chinese Firm is Charged in Theft of Turbine Software

According to an indictment by a federal grand jury in Madison, Wis., the Chinese wind turbine company Sinovel and two of its executives conspired with an employee of AMSC to steal the firm's software for controlling the flow of electricity.
New York Times

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012. Budgets exceeded $100,000 a year for some 44 percent of respondents, while 20 percent said that they had an annual budget of more than $500,000. These
Security Systems News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters/Yahoo News

Gartner Reveals Top 10 IT Security Myths

Gartner analyst Jay Heiser says there are 10 IT security myths widely believed to be true among security professionals, rank-and-file employees, and business managers. He says the first of these myths, all of which consist of misperceptions and exaggerations about the cybersecurity threats facing organizations and the technologies that are used to guard against those threats, is the belief among security professionals that their organization will never be targeted by malicious hackers.
Newwork World

End Users Boosting Budgets for Physical Security Gear

According to a survey conducted by IHS Inc. subsidiary IMS Research, 45 percent of end users are reporting that they increased their security funding for physical security equipment during 2012.
Security Director News

A Call to Arms for Banks

U.S. regulators are ramping up pressure on banks to equip themselves against cyberattacks that target individual institutions as well as the financial system as a whole.
Wall Street Journal

Employee Theft on the Rise and Expected to Get Worse"

A new study of 23 large retail companies conducted by the loss-prevention consultancy Jack L. Hayes International found that 71,095 employees were caught stealing from their employers last year, an increase of 5.5 percent over 2011.
Business News Daily

Gartner: Pay Less Attention to Security Technology

Gartner's Paul Proctor advises that security professionals should not purchase big-box appliances without first talking to upper-level executives to ensure that security decisions are made based on careful assessments of risks to the data being protected.
Security Magazine

Theft of F-35 Design Data is Helping U.S. Adversaries: Pentagon

Defense Department Acquisitions Chief Frank Kendall told Senate panel on Wednesday that cyberattacks that have resulted in the theft of sensitive design data for programs like the F-35 Joint Strike Fighter reduces the U.S.'s advantage over rivals because it will allow them to develop their own stealth aircraft more quickly.
Reuters

Why Your CEO Is a Security Risk

Security professionals are focusing more on creating sophisticated detection systems because employees are often naive about cyber attacks. However, the human factor is critical for stopping hackers, considering a recent Trend Micro report reveals that 91 percent of all cyber attacks start with a targeted phishing email.
Harvard Business Review

Why Are We So Slow to Detect Data Breaches?

A recent McAfee survey of senior IT decision makers shows the disconnect between enterprises' perceived capacity to detect and remediate data breaches and the reality.
Dark Reading

What Story Would You Tell?

George Campbell, emeritus faculty of the Security Executive Council (SEC) and former CSO of Fidelity Investments, tells Security Technology Executive that a security manager is typically given a budget target but with the effective use of metrics, they can also demonstrate results and advertise specific value for security's programs.
Security Technology Executive

U.S. and Russia Sign Pact to Create Communication Link on Cybersecurity

The United States and Russia have announced a first-of-its-kind agreement to use real-time communications about national security incidents to lower the risk of conflict in cyberspace.
Washington Post

Officials: Surveillance Programs Foiled More Than 50 Terrorist Plot

National Security Agency (NSA) chief Gen. Keith Alexander and other government officials appeared before the House Intelligence Committee on Tuesday to defend the agency's controversial surveillance programs.
Washington Post

Managing the People Side of Risk

Executives are increasingly focusing on ways to deploy risk-related processes and oversight structures to better detect and resolve fraud, safety breaches, and operational errors.
McKinsey Quarterly

5 Ways to Create a Collaborative Risk Management Program

Risk management functions should be housed under a Chief Risk Officer or Head of Operational Risk, but in the absence of such an organizational structure, there should be bilateral conversations of risk partners.
CSO Online

Patients Put at Risk by Computer Viruses

The U.S. Food and Drug Administration (FDA) is cautioning medical device makers that computer viruses are threatening to infect their equipment and place patients at risk. The FDA for the first time advised manufacturers to submit security plans to thwart cyberattacks when seeking approval for their products, and also recommended that hospitals practice more vigilance in reporting cybersecurity failures.
Wall Street Journal

Ponemon and Symantec Find Most Data Breaches Caused by Human and System Errors

Human errors and system problems caused two-thirds of data breaches in 2012 and pushed the global average to $136Âą per record, according to the 2013 Cost of Data Breach Study: Global Analysis. Issues included employee mishandling of confidential data, lack of system controls, and violations of industry and government regulations. Heavily regulated fields including healthcare, finance and pharmaceutical incurred breach costs 70 percent higher than other industries.
Symantec

More Than 280,000 Complaints of Online Criminal Activity Reported in 2012

In 2012, the Internet Crime Complaint Center received and processed 289,874 complaints, averaging more than 24,000 complaints per month.
SIA

Americans Worry about Data Breaches but Disagree About Private Companies to Notify about Cyber Attacks

According to research by Unisys Corporation , a majority of Americans are concerned about data breaches involving large organizations, but are evenly mixed on whether legislation should require private businesses to share cyber attack information with the government.
SIA

Colonel Richard Kemp: U.K. Businesses Unprepared for Al-Qaida Terror Threat"

Al-Qaida terrorists will likely target British businesses that are unprepared for such an attack, according to Col. Richard Kemp, a former commander of British forces in Afghanistan.
IB Times

Hagel Says Chinese Cyberattacks a 'Growing

Defense Secretary Chuck Hagel warned attendees at the International Institute for Strategic Studies' annual conference on June 1 that there is a "growing threat" of cyberattacks against the United States.
Homeland Security News Wire

Americans Don't Fret Over Cybersecurity

The latest edition of the Unisys Security Index shows Americans' concern about cybersecurity issues at its lowest level since 2007. The index, based on surveys measuring the attitudes of more than 1,000 Americans toward cybersecurity, stands at 120 for the first half of 2013, in contrast to the index's all-time high of 164 in 2011.
GovInfoSecurity.com

Cyber Theft: A Hard War to Wage

The U.S. government is currently working to take diplomatic action against Chinese hackers suspected of stealing trade secrets from both public and private entities.
Financial Times

Cyber Security: The 'Immune System' of Enterprise IT

Deloitte & Touche principals Kelly Bissell and Kieran Norton say that current cyber threat solutions require a specific understanding of a threat before responding effectively to it.
Wall Street Journal

"Corporate Security's Weak Link: Click-Happy CEOs

An article in The Wall Street Journal warns that the biggest threat to the security of corporate networks could be the CEO
Wall Street Journal

ATM Theft Puts Indian IT in Unwelcome Spotlight

The recent theft of $45 million from ATMs around the world has renewed debate about the security implications of the banking industry's outsourcing of certain functions to Indian companies.
ATM Security

IP Theft Costs US $300 Billion Per Year: Report

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

IP Theft Costs US $300 Billion Per Year: Report"

A report by the Commission on the Theft of American Intellectual Property (CTAIP) has found that intellectual property theft costs the United States more than $300 billion annually.
Voice of America

"Few Utilities Complying With Voluntary Anti-Stuxnet Measures

According to a survey by Rep. Henry Waxman (D-Calif.) and Rep. Edward Markey (D-Mass.) to 150 businesses, most electric utilities are not compliant with rules meant to protect against the Stuxnet virus
The Hill

Former CIA Director Warns About Cyber Threats From North Korea

Former CIA Director R. James Woolsey testified before the House of Representatives Energy and Commerce Committee Hearing on May 21 on cyber threats and security solutions, saying that the country was at risk of being hit with a particular type of cyber attack by North Korea.
Wall Street Journal

California Launches Cybersecurity Task Force

The California Cybersecurity Task Force had its first closed-doors meeting on May 13, marking a first for state-led public-private collaborations on cybersecurity.
Government Technology

In Focus- Healthcare: The Cure for Security Inconsistency

The security team at the Cambridge, Mass.-based biotechnology company Genzyme has for a little over a decade worked to integrate the various aspects of its security system with different departments in the company, including human resources, finance, and IT. Security at the company was from the onset defined in a broader sense, tackling enterprise risk, supply chain risk, insurance, competitive technical information, IT security, physical security, and product security.
Security InfoWatch

Cybersecurity Strikeback Will Strike Out in the Private Sector

Network penetrations by hactivists, cybercriminals, and nation-states have become so commonplace that many have begun to consider striking back directly against the attackers.
NetWork World

Utilities Targeted by Hackers Raise Dire U.S. Warnings

Charles Edwards, the U.S. Department of Homeland Security's (DHS) top investigator and acting inspector general, said in testimony for the House Homeland Security Subcommittee on Cybersecurity that the number of cyberattacks on the computers that run the nation's critical infrastructure are increasing, with potentially lethal effects.
Bloomberg

Many State and Local Networks Unprepared for Cyberattacks

The networks and IT systems used by many state and local governments are not prepared for cyberattacks, according to a Consero survey
Government Computer News

Companies launch 'cyber war games' to prepare for hackers

Taking on make-believe hacking scenarios is helping firms better prepare for the real thing.
Star Tribune

Report: Chinese hackers resume attacks on U.S. targets

After a few months of silence, Chinese government-backed hackers are back on the hunt and going after U.S. targets, according to a New York Times report.
New York Times Report on CBS News

New 'Benefit-Denial Approach' to Retail Shrink

Best Buy and an undisclosed office-supply chain are working with MeadWesvaco and ProTeqt Technologies to promote a new consumer-friendly approach to combat theft along the entire supply chain.
Security Director News

Criminals Target the Data Merchants Hold

Nearly a quarter of 621 data breaches reported in 2012 targeted multichannel merchants and restaurants, according to a new report from Verizon Enterprise Solutions.
Internet Retailer

Researchers Find Hundreds of Insecure Building Control Systems

Cylance researchers warn that hundreds of Australian organizations are using out-of-date industrial control systems to control the lights, heating and cooling, access controls, and elevators.
Computer World

New Survey: Employee Theft No Longer An If - Now It Is How Much

New Kessler Survey finds that 95 percent of employees steal from employers, up from 79 percent in Kessler's 1999 study.
Kessler International

Military Grooms New Officers for War in Cyberspace

The U.S. Army, Navy, and Air Force academies have announced plans to expand cyber security training.
Wall Street Journal

"Texas Fertilizer Plant Had a History of Theft, Tampering"

Police investigating the explosion of a Texas fertilizer plant that killed 14 people say the facility had been repeatedly targeted by thieves tampering with the chemical tanks.
Milwaukee-Wisconsin Journal Sentinel

A Homemade Style of Terror: Jihadists Push New Tactics

The strong U.S. response to the Sept. 11 attacks has forced al-Qaida to shift its focus from carrying out spectacular attacks to smaller ones executed by lone wolf terrorists.
New York Times

U.S. Officials Seek Lessons in Bombing Catastrophe

The U.S. Department of Homeland Security (DHS) is using the Boston Marathon bombing as a catalyst for change, taking lessons learned from the attack and using them to increase community policing, in part by preparing religious and community leaders to spot warning signs of extremism.
Boston Globe

DHS Chemical Plant Security Program Hobbled by Problems, Poor Oversight

The U.S. Department of Homeland Security (DHS) inspector general released a report in March that brought to light poor planning and poor execution of the Chemical Facility Anti-Terrorism Standards (CFATS) program, which is responsible for the security of chemical facilities like the West Fertilizer Company plant in Texas.
Homeland Security News Wire

U.S. Used 'Distributed Intelligence' to Investigate Boston Marathon Bombing

The clear, imminent danger of the Boston Marathon bombing drove U.S. citizens, emergency medical crews, law enforcement officials, elected officials, government agencies, and the media to act as a "distributed intelligence" network where several nodes come together to form a massive computing platform, according to Irving Wladawsky-Berger, the former vice president of technical strategy and innovation at IBM.
Wall Street Journal

Cyberattacks Triple in 2012, Akamai Says

The number of distributed denial of service (DDoS) attacks more than tripled in 2012 from the previous year, according to Akamai.
CNet

Eletropaulo Plans Biggest Brazil Smart Grid to Fight Power Theft

The Brazilian power company Eletropaulo Metropolitana de Eletricidade de Sao Paulo is planning to invest in a smart-grid project that it says will help cut down on the theft of electricity.
Bloomberg

Enterprises Are Experiencing a Wide Variety of Web Application Attacks

ESG recently surveyed 200 security experts and found that 79 percent of enterprise organizations have experienced Web application security attacks in the past year.
Network World

Cyber Compliance: Defense Strategies Neglect 'Know Your Enemy' Rule

Experts say that the cybersecurity industry uses blanket protections to ward off would-be intruders, but that such defense measures could begin to falter as corporate resources become strained and hackers become more innovative.
Wall Street Journal

China Cyberspies Outwit U.S. Stealing Military Secrets

Among defense contractors, QinetiQ North America (QQ/) is known for spy-world connections and an eye- popping product line. Its contributions to national security include secret satellites, drones, and software used by U.S. special forces in Afghanistan and the Middle East.
Bloomberg

Technology Fuels New Advances and Challenges in Predictive Policing

While yesterday’s criminals relied on guns, knives and threats of physical harm, tomorrow’s criminals are likely to be more effective in spreading fear or stealing millions by simply sitting behind a laptop or using their mobile or a tablet device.
Reuters

Chinese Hackers Targeting the Healthcare Industry

Gangs of Chinese hackers are targeting the U.S. healthcare industry, going after intellectual property associated with new drugs and devices as well as business processes that improve efficiency.
Dark Reading

Pepsi Suddenly Scarce in Thailand after Bottler Breakup

The day after PepsiCo Inc.'s bottling deal in Thailand expired, its partner of 59 years launched its own soft drink that has knocked Pepsi off store shelves.
Reuters

Pain Killer Abuse Now Strikes the West

The epidemic in painkiller-abuse gripping the Southern and Eastern U.S. is tightening its hold on the Western part of the country, having blindsided law enforcement and public health authorities.
Wall St. Journal

Drug Side Effects Found on the Internet

A new study shows that Internet searches can uncover drug side effects before the FDA can.
The New York Times

Older, Quieter Than WikiLeaks, Cryptome Perseveres

Since its creation in 1996, Cryptome has amassed more than 70,000 files — lists of secret agents, high-resolution photos of nuclear power plants, and much more.
Associated Press

New Anti-Smuggling Center Uncovers Internal Surprises

E2C2 finds a match whenever one agency reports it has information on another agency's target, whether that information is a smaller file with standard information or full-fledged investigation.
Reuters

Pentagon Forming Cyber Teams to Prevent Attacks

Gen. Keith Alexander, the top officer at U.S. Cyber Command, warned in recent congressional testimony that the threat of cyber attacks against U.S. institutions and infrastructure was very real.
Associated Press

2012 economic losses from disasters set new record at $138 billion

The UN Office for Disaster Risk Reduction (UNISDR) reported that for the first time in history, the world has experienced three consecutive years in which annual economic losses have exceeded $100 billion.
Homeland Security News Wire

Cyberattacks: The Complexities of Attacking Back

Some in the the cyber security industry say that now is the time to have a debate over the use of offensive strategies in combating the threat from malicious hackers.
Politico

Former CFO Faces Sentencing for Hedge Fund Theft

A New York man is accused of embezzling more than $1 million from a hedge fund where he served as CFO.
Associated Press

Health Employees Seek Legislation to Address Workplace Violence

Health employees in Maryland have recently taken their concerns over workplace violence to Annapolis, where they hope state legislators will work to enact laws to protect them from irate or otherwise unhinged patients.
Baltimore Sun

The Enemy of Risk Management Starts With a C (and It's Not China)

The National Institute of Standards and Technology's Ron Ross says a growing solution for network risk management is the use of cloud services, in particular emerging public cloud options.
Government Computer News

Mass shootings since 2006 claim 934 lives

More than 900 people died in mass shootings in the past six years, the majority killed by people they knew, according to a report in USA Today.
Security Director News

Earthquake catastrophes and fatalities to rise in 21st century

Predicted population increases in this century can be expected to translate into more people dying from earthquakes. There will be more individual earthquakes with very large death tolls as well as more people dying during earthquakes than ever before, according to a new study.
In Menlo

Making communities more resilient to climate-induced weather disasters

Mounting scientific evidence indicates climate change will lead to more frequent and intense extreme weather that affects larger areas and lasts longer. We can reduce the risk of weather-related disasters, however, with a variety of measures.
Sustainable Cities Collective

U.S. responds to China’s cyberattacks with anti-theft trade strategy

The Obama administration yesterday (Wednesday) unveiled the details of a broad strategy to counter the systemic theft by Chinese government agencies of U.S. trade and technology and trade secrets.
Seattle pi

Chinese set to buy yet another U.S. taxpayer-backed hi-tech firm

Lawmakers yesterday expressed their concerns about the likelihood that U.S. taxpayer dollars could end up bolstering the Chinese economy. The lawmakers reacted to reports that a Chinese firm, Zhejiang Geely Holding Group, is leading the list of companies bidding for a majority stake in government-backed Fisker Automotive, and that the only serious rival of that Chinese company is a Chinese auto maker.
Homeland Security NewsWire/Scoop It

BP Stations Were Greater Safety Risk Than Production Sites

Internal records from U.K. oil giant BP show that the company's deadliest operating locations over the past 14 years were retail fuel stations in the United States.
Wall Street Journal

Supreme Court Justice: Monsanto Seed Saving by Indiana Farmer is Like Bank Robbery

The U.S. Supreme Court is in the process of deciding whether seeds produced from patented genetically modified crops can be used to resow fields without violating intellectual property laws.
Heffington Post

The State of the Homeland Security Market in 2013

President Barack Obama Tuesday warned the nation and Congress about the debilitating impact that $1 trillion in automatic spending cuts.
HS Today.US

Plans to Prevent Workplace Violence Urged

While homicides at work are statistically rare, they do happen. In all, 358 employees were killed or injured on the job by gunfire in 2011.
Pittsburgh Post-Gazette

Malicious Web-Based Attacks Up 600 Percent Year-over-Year

The number of malicious Web sites playing host to malware and launching cyberattacks has grown by nearly 600 percent year-over-year worldwide, according to Websense Security Labs report.
TechJournal

Security Pros Say Their Companies Invest in the Wrong Technologies

More than a third of security professionals say they are not confident they are spending money on the appropriate technologies for protecting valuable data, according to a SafeNet survey.
CSO Online

U.S. Said to Be Target of Massive Cyber-Espionage Campaign

The United States is the target of a massive, sustained cyber-espionage campaign that threatens the country's economic competitiveness, according to the National Intelligence Estimate (NIE).
Washington Post

Is Identity the New Perimeter?

The proliferation of cloud and mobile computing has "completely destroyed the old, fortress-style model of security that was based on network security, firewalls, and VPNs," says Identropy's Nishant Kashik.
Dark Reading

New Policies Ordered on Federal Workplace Violence

Federal agencies have been told to produce within four months more comprehensive policies for addressing domestic violence, sexual assault and stalking in their workplaces.
Washington Post

Proposed Legislation Would Let Hospitals Form Own Police Departments

Indiana State Sen. Dennis Kruse recently introduced a bill that would allow hospitals to set up their own private police departments to defend against active shooters and other threats that might arise.
FOX 59

Cyberattack Threatens Most Businesses, Deloitte Survey Says

Although 88 percent of companies believe they are not vulnerable to a cyberattack, all businesses are at risk and should be prepared to rebound rapidly following a security incident, according to a Deloitte survey of 121 technology, media, and telecommunications firms worldwide.
Computerworld Australia

Chinese Army Unit is Seen as Tied to Hacking Against U.S.

A report from the computer security firm Mandiant links a number of recent cyber attacks on American companies to the Chinese military.
New York Times

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses.
Wall Street Journal

Nations Prepare for Cyber War

The anti-virus company McAfee says that nation states are more likely to be behind major cyber attacks in the coming year and that these attacks are likely to be more and more destructive.
CNN Money

Major Security Issues With Cloud Computing Being Ignored

End users have a number of concerns in the ever-changing industry, but an exclusive Security Director News survey pinpoints the chief issues that keep security professionals up at night. The survey results were released at TechSec 2013.
Security Director News

Major Security Issues With Cloud Computing Being Ignored

A new Imperva report says many organizations are not aware of the security problems facing them as they move to the cloud. The report notes that Yahoo was hacked because its security measures failed to address insecure third-party code.
International Business Times

Private Security Group Assembles First Private Navy Since East India Company to Protect Indian Ocean Shipping Convoys from Somali Pirates

In order to mitigate the risks and costs associated with piracy on the high seas, the private security company Typhon is setting up the world's first private navy since the East India Company closed down about 220 years ago.
Daily Mail

Norway Considers Sharing Risk Intelligence with Businesses

Norwegian officials have announced that they will consider sharing risk assessments with businesses operating in unstable countries.
Wall Street Journal

Most Hospital Shootings Are Not Preventable

Recent research from Johns Hopkins University found that most hospital shootings are undertaken by a determined shooter with a specific target, making them very hard to prevent.
Hospital Employee Health

New Threat Emerges at Intersection of Terrorism, Syndicated Crime

Terrorist groups in Africa and the Middle East have recently shown a shift in funding practices to support their operations in the regions, moving beyond relying on larger donors and instead resorting to illicit and high-paying criminal practices like drug trafficking, kidnapping, and robbery.
NPR Online

Self-Deleting E-mails: An Enterprise Nightmare

Many network administrators will soon find themselves mired in a quandary related to the use of apps and Web sites that enable the sending of self-deleting communications.
Government Computer News

Cisco Flags Threat That Generation Y Poses to Corporate Security

The new Cisco Connected World Technology Report (CCWTR) has warned employers that younger workers, particularly those in Generation Y, are more likely to share personal information online than their older colleagues.
IT Pro

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.
Associated Press

Hackers Hijacking Security Cameras for Malware and Spying

Researchers say hackers increasingly are targeting unsecured Internet-connected devices, such as printers, networking equipment, and even networked surveillance camera systems.
CIO

U.S. Weighs Tougher Action Over China Cyberattacks

Two former U.S. officials speaking on the condition of anonymity said the federal government's upcoming National Intelligence Estimate is expected to thoroughly detail cyber threats against the United States as a burgeoning economic problem.11
Associated Press

FTC Staff Report Recommends Ways to Improve Mobile Privacy Disclosures

The Federal Trade Commission, the nation’s chief privacy agency, issued a staff report recommending ways that key players in the rapidly expanding mobile marketplace can better inform consumers about their data practices.
Federal Trade Commission

Healthcare facilities seek antidote to epidemic of violence

The IAHSS found that 2012 earned title of the year with the greatest number of fatalities reported.
Security Infowatch

Chinese Hackers Hit U.S. Media

Chinese hackers believed to have government links have attempted to tap into computers of Wall Street Journal and New York Times reporters to uncover the sources for articles relating to China.
The Wall Street Journal

Major Security Issues with Cloud Computing Being Ignored

Security expert Barry Shteiman with Imperva believes that organisations aren't even aware of the security problems facing them as they move to the cloud, following the attack on Yahoo last month
International Business Times

China Accused of Java, IE Zero Day Attacks

The Chinese government is being blamed for targeted attacks against recently disclosed vulnerabilities in Java and Internet Explorer.
Information Week

'Red October' Response Shows Importance of Threat Indicators

Kaspersky Lab and Alien Vault issued a new report on the Red October cyberespionage campaign, this time containing indicators of compromise (IOCs) that organizations can use to check their systems for signs that they were affected by the attack.
Dark Reading

Startup Clamps Down on Energy Theft

The Electric Power Research Institute estimated that electricity theft or tampering cost the industry $6.5 billion in 2006.
MIT Technology Review

Red Flags in Filings of Firm Linked to Caterpillar Fraud

China-based ERA Mining Machinery Ltd. has been accused of running a widespread accounting fraud as well as shady insider loans and asset transfers prior to being purchased by Caterpillar Inc.
Fox Business

Employees Put Critical Infrastructure Security at Risk

Security experts say a lack of cooperation between IT and operators is contributing to the ongoing vulnerability of critical infrastructure to cyberattack.
CSO Online

Chinese Hackers Attack NYTimes Journalists Following Blockbuster Story

The New York Times reported on Jan. 31 that Chinese hackers had launched a series of cyber attacks against the publication for about four months following the newspaper's publication of an article that exposed the $2.7 billion wealth of outgoing Chinese Premier Wen Jiabao.
Voice of America

Healthcare Facilities Seek Antidote to Epidemic of Violence"

The 2012 Crime and Security Trends Survey released by the Foundation of the International Association for Healthcare Security and Safety (IAHSS) found that 2012 earned the title as the year with the greatest number of fatalities reported by IAHSS members since the survey was first issued 20 years ago, with eight homicides being reported in such healthcare facilities in the past year.
SecurityInfoWatch.com

CEOs Open to Cybersecurity Rules

Many Fortune 500 companies support the creation of voluntary cybersecurity standards, according to a survey by the Senate Commerce Committee.
Wall Street Journal

Millions of PCs Exposed Through Network Bugs, Security Researchers Find

Common bugs in networking systems are threatening the security of PCs, printers, and storage devices, with up to 50 million devices worldwide at risk, warn Rapid7 researchers. They say hackers can attack the devices through a vulnerability in the Universal Plug and Play (UPnP) standard, a set of networking protocols that enables devices to communicate and discover each other's presence

Survey: 71 Percent of Organizations Using Unsanctioned Cloud Apps

A new OneLogin survey found that 71 percent of respondents admitted to using unsanctioned cloud apps.
Talkin' Cloud

Workplace Homicides Up 50 Percent in 2012

A recent shooting at Lone Star College in Texas marks the latest in a recent string of shootings at schools, universities, and other workplaces.
Cypress Creek Mirror

'Cyber 9/11' May Be on Horizon, Homeland Security Chief Warns

U.S. Homeland Security Secretary Janet Napolitano reiterated the need for cybersecurity legislation during a talk at the Wilson Center think tank on Jan. 24, saying that a "cyber 9/11" could happen "imminently," according to a report from Reuters.
CNet

CIOs Make Tough Calls on the Cost of Cyber Security

Cyber attacks against major corporations have been increasing in number and in sophistication, prompting many companies to move their IT security from the lower echelons of corporate ranking to the highest levels of corporations.
Wall Street Journal

U.S. to adopt tougher stance toward China’s persistent cyberattacks

The Obama administration let it be known that it is examining the adoption of more assertive stance against China in response to a persistent cyber-espionage campaign waged by Chinese government hackers U.S. companies and government agencies.
Homeland Security Newswire

Study: Many Businesses Overconfident About Cybersecurity

A new report form the business advisory firm Deloitte on the cyber security practices of technology, media, and telecommunications companies finds that while many security executives say they are aware of security risks and that their organizations are not vulnerable, far fewer have vital security measures in place.
Security InfoWatch

Cyber Attacks Bring Call for Help

Ajay Banga, the chairman of the Business Roundtable's information and technology committee, said Tuesday that his organization is planning to push for greater collaboration on cyber security between the federal government and businesses. Business interests were among those who applied pressure to kill legislation before Congress last year that would have set up voluntary cyber security regulations .
Wall Street Journal

What's Your Total Cost of Risk (TCOR)?

Companies that do not know their Total Cost of Risk (TCOR) may need a better connection to their own risk managers, who measure risk by what can be insured and what it costs to do so. While the measurement of operational risks is still a bit of a puzzle for CSOs, risk managers have used TCOR for ages.
CSO Online

Verizon to Test Support for One Password for Whole Internet

Online identity and technology companies are collaborating to test whether consumers would trust a single, highly secure user-password combination for all of their online accounts.
eWeek

How to Create a Domestic Violence Policy at Your Workplace"

Experts say that all employers need to develop policies for dealing with domestic violence, since the problem can sometimes spill over into the workplace. Developing such policies takes only a small amount of time, perhaps about 20 minutes.
HR.BI.R.com-Business and Legal Resources

China Dominates 2012 Cybersecurity Talking Points"

China dominated discussions of cyber security in the Asia-Pacific region in 2012, leading numerous trends including increased concern over cyber espionage, the incorporation of cyber and hacking attacks into regional politics, and attempts to curb cyber crime through new legislation.
ZDNet

Marvell Slammed With $1.2 Billion Patent-Infringement Judgement

The U.S. District Court for the Western District of Pennsylvania on Wednesday ordered computer chip maker Marvell Technology to pay Carnegie Mellon University $1.17 billion in damages for willfully infringing on its patents.
San Jose Mercury News

Mobile Phone Services Suspended in Karachi Over 'Terror Threat

Officials in Pakistan suspended cell phone service in Karachi for much of the day on Friday in response to concerns about the threat from terrorism.
Tribune

Ransomware Scammers Push Panic Button With Bogus Claims

Symantec researcher Jeet Morparia issued an advisory on Dec. 24 about a new variant of ransomware called "Trojan.Ransomlock.G," saying that the malware's threat of erasing victims' hard drives is an empty one.
Computerworld

Poor SCADA Security Will Keep Attackers and Researchers Busy in 2013

The security of supervisory control and data acquisition (SCADA) and other types of industrial control systems (ICS) has been a hotly debated topic in the IT industry since the Stuxnet malware was discovered in 2010.
Computerworld

Four Security Trends Defined 2012, Will Impact 2013

Security experts say the cybersecurity trends that were visible in 2012 will continue to be seen next year. One of those trends is the growing threat to the security of mobile devices.
CNET News

U.S. Appeals Court Revives Workplace-Cybertheft Lawsuit

The 2nd U.S. Circuit Court of Appeals in New York on Wednesday ruled that a Denver-based chemical company's lawsuit against a former account manager accused of unauthorized computer access and the misappropriation of trade secrets can proceed, overturning a ruling by a lower court.
Reuters

China Takes Chilling Look at Security in its Schools

A Dec. 14 attack at China's Chenpeng Village Primary School in Guangshan County, Henan Province, which left 23 children injured at the hands of a man wielding a meat cleaver, has called into question the nation's efforts to secure its schools after a series of such attacks over the past three years.
New York Times

Beware iPhone and Android Fraud, Javelin Warns

Javelin is warning banks about a growing threat to the security of mobile transactions. The company noted that smartphone users who use their handsets to make purchases and perform banking transactions face a rising threat from mobile malware because they are increasingly utilizing mobile browsers rather than native apps to perform these transactions. Mobile browsers are less safe than apps because they make users more prone to phishing, Web site spoofing, and man-in-the-mobile attacks.
American Banker

How often should you change your passwords?

How often do you need to change your passwords for all your other logins (if at all)?
NBCNews.com

Ruby Resident Martin Kimber Pleads Guilty to Placing Mercury at Albany Medical Center

A retired pharmacist from Ulster County, N.Y., pleaded guilty on Nov. 29 to spreading mercury on food, and prep and cooking surfaces in Albany Medical Center earlier this year.
Daily Freeman

As Cyberwarfare Heats Up, Allies Turn to U.S. Companies for Expertise

Middle Eastern nations have been scrambling to beef up their cyber defense capabilities after the Shamoon malware wiped data and destroyed thousands of computers belonging to Saudi Aramco earlier this year.
Washington Post

Mimicking Public Health Strategies Could Improve Cyber Security

Cybersecurity could benefit from the strategies and research methodologies used by the public health community, according to a team of economists and public health researchers at RTI International.
RTI International

Anti-Botnet Efforts Still Nascent, But Groups Hopeful

An effort by a coalition of ISPs and the U.S. government to help ISPs more effectively combat botnet activity on their networks is still fighting to gain broad acceptance.
Dark Reading

Former US Spy Chief Warns on Cybersecurity" Financial Times

Former Director of National Intelligence Mike McConnell said urgent action is needed to prevent a cyber attack against the U.S.'s banking system, power grid, and other essential infrastructure.

How Best to Respond to DDoS Attacks

The recent wave of DDoS attacks against top U.S. banks is a wake-up call for organizations that are ill-prepared to fight against such an attack.
Gov Info Security

DIA Sending Hundreds More Spies Overseas

The Defense Intelligence Agency is planning to vastly expand its clandestine spying activities in the coming years through the creation of a new unit known as the Defense Clandestine Service.
Washington Post

5 Reasons for Conducting Micro-Assessments

A micro-assessment is a narrowly-focused, short assessment that provides support for decision-making and planning.
SecurityInfoWatch.com

Workzone: Firms Lack Sound Policies to Fight Domestic Violence

There are a number of steps companies can take to combat domestic violence affecting their employees.
Pittsburgh Post-Gazette

Cybercriminals Are Increasingly Abusing .EU Domains in Attacks

Cybersecurity researchers have noticed that cybercriminals are increasingly exploiting Web sites using the .eu TLD to launch cyberattacks.
IDG News Service

5 Strategies to Combat Workplace Bullying

Filmmaker Cynthia Lowen and school social worker Cindy Miller offer five anti-workplace bullying strategies in their new book "The Essential Guide to Bullying: Prevention and Intervention.
EHS Today

Dual-identity Smartphones to Bridge BYOD Private, Corporate Divide

Consumers will be able to buy smartphones that either come with native hypervisor software or use an app allowing them to run two interfaces on the phone: one for personal use, one for work.
Equities

In Fairfax County, the Classroom Is a (Cyber) Battlefield

Thousands of students across the U.S. recently participated in the opening round of the CyberPatriot challenge, the premier high school cyberwarfare competition.
Washington Post

US Gov Galvanises Aust Cyber-Security Experts

The U.S. Defense Advanced Research Projects Agency recently awarded an $18 million contract to a consortium of research groups, including National ICT Australia (NICTA), to develop software to protect critical systems from cyberattacks.
FutureGov

Black Friday, Cyber Monday Prompts Security Precautions

The security of online merchant Web sites is becoming a concern now that Cyber Monday, the Monday after Thanksgiving when many people do some holiday shopping online, is upon us.
SC Magazine

This Is Your Brain on Organizational Change

The NeuroLeadership Summit, which took place in New York in mid-October, gave organizational behavioral experts and senior executives the opportunity to explore connections between neuroscience and organizational change, and how leaders can effectively deal with human resistance to change.
Harvard Business Review

Anonymous Declares 'Cyberwar' on Israel

The hacktivist collective Anonymous says that it has carried out a series of cyber attacks on Israeli targets in retaliation for Israel's attacks on the Gaza Strip.
CNN.com

How Safe is Your Company's Twitter account?

Did Twitter force you to change your password last week? While it may have been an inconvenience, the micro-blogging giant very good reasons.
CNN Money

Social Media Takes Workplace Harassment to New Levels

Recent legal decisions highlight the need for employers to take a stance against the use of social media to enable workplace harassment.
HR.BLR.com

Hacking Contest Seeks to Attract Women to Information Security

The Power of Community ecurity conference in Seoul recently held the final round of a hacking contest called the Power of XX.
IDG News Service

Ransomware Scams Rising in North America, Europe: Symantec Report

Ransomware is making a comeback in Western Europe and the United States, according to a report from Symantec.
eWeek

Build Roadblock for Attacks Through Rule of Least Privilege

Cybersecurity analysts say privileged accounts have become a lucrative target for hackers in recent years.
DarkReading

Common Language: IT and Corporate Security Cooperation Makes Progress

Corporate, physical and IT security need to work together but real cooperation only starts as risk management functions operate in separate spheres without interaction.
PC Advisor

Corporate Espionage Versus Competitive Intelligence

Neither competitive intelligence nor the ethics surrounding the topic are taught much at business schools, according to academics familiar with the topic.
Globe and Mail

At Least 5 Killed in Moscow Office Shooting

At least five people were killed and two others were injured in a shooting at the offices of the Rigla pharmaceutical company in Moscow on Wednesday.
Moscow Times

China Most Threatening Force in Cyberspace, Panel Says

Chinese hackers intent on gathering intelligence rather than launching attacks, according to U.S. panel.
Treasury & Risk

MasterCard Rolls Out Credit Card with Display and Keypad

Next time you get a new card from your bank, don't be surprised if it has a keypad and an LCD on it.
CNET

Briton Killed in China Had Spy Links

An investigation into the death of Neil Heywood, a British consultant living in China, has revealed that he was an informant for Britain's MI6 spy agency.
Wall Street Journal

Mexico Shuts Down Korean Firm After Workplace Violence

Officials in the Mexico's Queretaro state closed the operations of Korean electronics supplier following an investigation after a worker was attacked by his Korean supervisor
Fox News Latino

Fracking: fact vs. fiction

In communities across the United States, people are hearing more and more about a controversial oil and gas extraction technique called hydraulic fracturing....

NIST Provides Draft Guidelines to Secure Mobile Devices

The National Institute of Standards and Technology has issued a draft publication that outlines guidelines for securing mobile devices.
NIST Tech Beat

US, Canada Launch Joint Cybersecurity Plan

Canada and the United States have announced a joint cybersecurity initiative to protect critical infrastructure.
AFP

Insecure Industrial Control Systems, Hacker Trends Prompt Federal Warnings

The exposure of vulnerabilities in industrial control systems combined with troubling trends in the hacker underground have led the DHS to issue a warning.
CSO Online

Ernst & Young's IT Security Survey Shows Struggle to Control Cloud Computing, Social Media and Mobile Risks

IT security professionals are struggling with cloud computing, social media, and mobile security issues, according to Ernst & Young's 2012 Global Information Security Survey.
Network World

Intelligence Community Cloud Coming Online in Early 2013

Director of National Intelligence told the GEOINT symposium that the shared IT infrastructure of INCITE will achieve initial operating capacity in March 2013.
Federal News Radio

Critical Report Faults University Security

The University of Michigan Board of Regents released a report on Oct. 19 that helped set in motion the consolidation of the university's three security departments.
The Michigan Daily

Draft Order Would Give Companies Cyberthreat Info

The latest draft of a proposed executive order calls on the DHS to run a cyber security information-sharing network.
Associated Press

Man Held After Molotov Cocktail is Dropped at Arlington Mall

Ballston Common Mall in Arlington County, VA evacuated and surrounding streets closed when a man threw what is believed to be a Molotov cocktail into the mall's food court.
Washington Post

Cyber criminals target small businesses

A recent study conducted by the Nat'l Cyber Security Alliance and Symantec found 77% of small business owners think their company is safe from cyber criminals.
Homeland Security Newswire

New security threat at work: Bring-your-own-network

Even as IT pros wrestle with the bring-your-own-device (BYOD) trend, corporate security is being further complicated by another emerging trend: bring your own network (BYON)
Computerworld

Panetta Lays Out New Cyber Policy

Delivering what Defense Dept. officials termed a major policy speech to prevent cyber attacks, Defense Secretary Leon Panetta described the U.S. as in a “pre-9/11 moment” in need of immediate action.
Defense News

Growing Prevalence of Industrial Espionage Threaten Automakers

Automotive News reports that industrial espionage in the U.S. has been rising steadily in several sectors, including the auto industry.
iMotor Times

Illinois Man Faces Terrorism Charge After Plan to Destroy Oklahoma Churches Found

On Oct. 5, an Illinois man was charged with possessing an incendiary device and violating the Oklahoma anti-terrorism act after police found notes on plans to destroy 48 churches and the ingredients for Molotov cocktails.
Tulsa World

Cybercrime Costs on the Rise, HP-Sponsored Study Finds

The cost and frequency of cybercrime has gone up for the third consecutive year, with the cost of such crime to U.S. organizations averaging $8.9 million in 2012, according to a new study from Hewlett-Packard and the Ponemon Institute.
WebProNews

Cybercriminals Plot Massive Banking Trojan Attack

The security firm RSA reports that it has received information that a gang of cyber criminals plans to use a little-known Trojan program to target customers at 30 or more major U.S. banks.
Computerworld

Three Reasons Major Corporations Lag on Cyber Security

Verizon has found that there were 855 corporate data breaches in the U.S. in 2011.
Boston Globe

Scenario-based Gaming Exercise to Improve Intelligence Analysis

Raytheon has created a scenario-based gaming exercise to study in depth the intelligence analyst's tradecraft; the company says the goal is ultimately to help analysts produce the best intelligence products and streamline workflows.
Homeland Security News Wire

Why Your Next 'Passw0rd' Might Not Be a Password

Despite years of warnings, the truth is incontrovertible -- mortal users do a very poor job of defending their data with passwords.
NBC

How to Regain Employee Trust

The economic downturn in recent years has taken a heavy toll on employee trust in leadership, with only 10 percent of employees believing that their managers will make the right decisions in uncertain times, according to a recent Maritz Research poll.
Chief Learning Officer

Iran Preparing Internal Version of Internet

The Iranian government reportedly has established a technical platform for a national online network that would exist independent of the Internet and allow for tighter information regulation.
Washington Post

NIST Issues Risk Assessments Guidance

The National Institute of Standards and Technology has issued what could be characterized as the bible of risk assessment called the Special Publication 800-30 Revision 1, Guide for Conducting Risk Assessments.
Gov Info Security

Android Warning: 50 Percent of Devices Need Patching

More than 50 percent of Android devices are running outdated and unpatched versions of Google's mobile operating system, according to a new study by Duo Security.
InformationWeek

Caught Red-Handed: Motorola Thief 'Betrayed Country'

On Wednesday, former Motorola, Inc. employee Hanjuan Jin was sentenced to four years in federal prison for stealing more than 1,000 documents from Motorola's Schaumberg, Ill. headquarters.
WLS ABC7

Second Java Zero-Day Found: Time to Disable It, Say Experts

Researchers have discovered another zero-day Java vulnerability that attackers are using to hijack computers on the Web, following the initial discovery of a Java flaw that has been tied to attackers in China.
CSO Online

Canadian Energy Firms Warned of Hacking Threat

Newly released government documents show that Canadian security and intelligence agencies have warned Canada's major energy companies that they may become targets of cyber attacks by online activist groups such as the hacker collective Anonymous.
Herald-Tribune

Huawei Expands Lobbying Amid National Security Probe by Congress

The Washington Post is reporting that Chinese telecom giant Huawei Technologies has almost quadrupled its spending on Washington D.C. lobbyists as it continues to be scrutinized by a House Intelligence Committee inquiry into both Huawei and fellow Chinese telecommunications equipment manufacturer ZTE.
Washington Post

Agencies Don't Often Share Tips on Potential Terrorist Activity

Forty-six percent of federal agencies are not sharing documented incidents of potential terrorist activity with U.S. intelligence centers, reported Office of the Director of National Intelligence (ODNI) officials.
Nextgov

U.S., China Talks Address Cyber-Weapons, Not Cyber-Spying

Although informal bilateral talks between U.S. and Chinese think tanks and government officials about restricting cyber attacks, improving crisis communication, and limiting the threat of third-party attacks have yielded insights about cyber espionage, they have not resulted in a clear agreement to proscribe the practice.
eWeek

The Hacker Wars

The U.S. Cyber Command, which directs network offensive operations for the Pentagon and protects its networks, is becoming more open about the military’s capabilities in cyberspace.
Government Executive

Executives Advocate a Military Approach to Cybersecurity

A recent survey of IT executives conducted by the security firm CounterTack is the latest effort in a push by government and private companies to promote the adoption of a more militaristic mindset in cyber security.
CNN.com

Major Companies Still Vulnerable to Online Data Theft, Report Warns

A new report from the computer security firm CounterTack shows that many major companies remain vulnerable to data theft, especially at the hands of advanced persistent threats, such as the one that lead the breach of RSA Security's SecureID data protection technology last year.

Terror and Toy Planes - Not So Remote

Among the items confiscated by Spanish authorities when they arrested a trio of suspected al-Qaida operatives last week was a video of one of the three, Cengiz Yalcin, operating a remote controlled airplane that had been modified to carry and drop a crude explosive payload.
CNN.com

Prototype System Goes After DNS-Based Botnets

Researchers at the University of Georgia and the Georgia Institute of Technology have developed Pleiades, a prototype system that can better detect Domain Name Generation (DGA)-based botnets without the normal time-intensive reverse engineering required to find and defeat such malware.
Network World

Outdated Card Technology Leads to Fraud

While U.S. lags, Canada has followed Europe in going to high-tech credit and debit cards.
Star Tribune

BYOD Security: Are Agencies Doomed to a Permanent Game of Catch-Up

With the bring-your-own-device paradigm continuing to take hold, enterprises increasingly are exposed to and scrambling to develop countermeasures against the rapidly evolving mobile device threat landscape.
Government Computer News

Boards Are Still Clueless About Cybersecurity

The Governance of Enterprise Security: CyLab 2012 Report, released today by Carnegie Mellon CyLab and its sponsor, RSA, The Security Division of EMC, examines how boards of directors and senior management are managing privacy and cyber risks.
Forbes

City of Buffalo Lags on Compliance With Workplace Violence Rules

Buffalo, N.Y. is scrambling after being informed by the state Department of Labor that the city was not in compliance with new regulations designed to prevent workplace violence.
Buffalo News (NY)

Cyber Chief Warns of Rising Danger from Cyber Attacks

In a rare speech on Monday, Gen. Keith B. Alexander, the commander of U.S. Cyber Command, warned of the danger of cyber attacks.
CNN.com

Cybercriminals Sniff Out Vulnerable Firms

Cybercriminals are becoming a growing problem for small companies, primarily because these companies do not have the resources to properly protect themselves.
Wall Street Journal

Bomb threat? There’s an app for that.

In the first chaotic moments after suspicion of a bomb threat, first responders have a myriad of questions, assessments and decisions to make.
Homeland Security NewsWire

FBI: High-Tech Economic Espionage a Vast, Expanding Threat

The mounting threat of economic espionage has cost U.S. companies approximately $13 billion in the current fiscal year, with insiders an expanding element of this problem, according to the FBI's testimony recently at a Counterterrorism and Intelligence hearing.
Network World

Microsoft's Security Information Report Shows Lax Practices Allow Malware to Thrive.

Security is a two-way street that requires an effort on the part of end users.
Network World

France Telecom Boss Faces Inquiry Into Workplace Bullying

Former France Telecom (FT) chief executive Didier Lombard has been placed under judicial investigation for workplace bullying following a series of worker suicides at FT and its subsidiary Orange.
Mail & Guardian

Homeland Security Cites Sharp Rise in Cyber Attacks

The new report from the Department of Homeland Security documenting a dramatic upswing in the number of reported cybersecurity incidents at American companies responsible for power grids, power generation, and water filtration is highlighting the changing nature of public-private collaboration on the IT security of America's critical infrastructure.
CNN.com - Security Clearance

U.S. Critical Infrastructure Cyberattack Reports Jump Dramatically

U.S. critical infrastructure companies saw a dramatic increase in the number of reported cyber-security incidents between 2009 and 2011.
Dark Reading

Hundreds of Thousands at Risk as DNSChanger Deadline Looms

Users have until July 9 to ensure their computers are not infected with DNSChanger, and the DNSChanger Working Group cautions that machines infected with the malware, which directs Internet requests to DNS servers, will be taken offline unless they are purged.
Government Computer News

Sandia Opens Cybersecurity Technologies Research Laboratory

Sandia National Laboratories has opened a cybersecurity research facility on the grounds of the Livermore Valley Open Campus.
eWeek

How to Protect Your Hotel From the Threat of Terrorism

Hotels have long been considered soft targets for militant groups, and a recent U.S. intelligence study found that the number of attacks on hotels has more than doubled since 9/11.
Big Hospitality

Microsoft Becoming a Digital Sherlock

With their Digital Crimes Unit (DCU), Microsoft is blazing a trail for private businesses and organizations to use the legal system to stop cyber attacks at the source, seizing and shutting down the computers and servers launching the attacks.
Puget Sound Business Journal (Seattle)

Search Results May Deliver Tainted Links

Researchers found criminals are poisoning the search results consumers receive when searching. The end game in each case is to get you to fall for scams or to infect and take control of your PC.
USA Today

Dept. of Homeland Security to Focus on Cyber Workforce Development

The DHS will form a cybersecurity workforce task group that will consider expanding DHS involvement in cyber competitions and university programs as well as develop strong cybersecurity career paths.
NetworkWorld

The True Cost of Cybercrime

The first systematic study of the cost of cybercrime recommends that society should spend less on antivirus software and more on policing the Internet.
Homeland Security NewsWire

Unique Program to Educate Next Generation of U.S. Cybersecurity Leaders

The University of Maryland and the Northrop Grumman Corporation will launch a landmark honors program designed to educate a new generation of advanced cybersecurity professionals
The Wall Street Journal

Focus on Cyber Security Degrees Rising for Colleges, Employers

Webs of wires, servers and screens are the mechanics of modernity. Hackers know their way around them well.
Khou

Experts Warn of Shortage of U.S. Cyber Pros

Cyber experts warned of a shortage of talented computer security experts in the United States, making it difficult to protect corporate and government networks from attacks.
CNBC

Looking for Cybersecurity Experts? Check the Jails and Art Schools

Are cybersecurity experts born or made? It’s a question that recruiters are asking more frequently as the nation faces a shortage of technically savvy network security operators.
NDIA

Government, Military Face Severe Shortage Of Cybersecurity Experts

Cyberspies, hackers, and others using the Internet for nefarious purposes also operate in networks.
NDIA

Pharma Sector's War Versus Counterfeit Drugs Intensifies

Counterfeit drugs are increasingly showing up around the globe as more complex drug supply chains have opportunities in several phases of drug development.
PRWeek

Va. Case Highlights Dangers for Jewelry Salesmen

Criminal gangs have become more sophisticated and violent in their attempts to rob traveling jewelry salesmen, says FBI special agent Eric Ives, the head of the bureau's major theft program.
Associated Press - ABC

NSA Security Expert Worries About Mobility, Cloud

NSA's two most pressing concerns right now are mobility and cloud computing. The government wants such functionality in the same way that business wants it, but it looks to NSA for guidance on security practices.
Network World

Over-55s Pick Passwords Twice as Secure as Teenagers

People over the age of 55 pick passwords that are twice as strong of those chosen by people under 25 years old according to University of Cambridge researchers.
New Scientist

What Fearmongers Get Wrong About Cyberwarfare

A recent article in the Journal of Strategic Studies shows that is it shortsighted to assume that cyber warfare has an innate logic that will always lead to an escalation of conflict.
Slate

Using Live Video from Phones, U-Md. Plans to Offer Virtual Safety Escorts to Students

A newly created smartphone application called Escort-M links public safety personnel to real-time video and audio from users'phones.
Washington Post

Oklahoma's New Workplace Drug Testing Laws Relax Employer Requirements

New laws in Oklahoma aimed at curbing an epidemic of drug use in the state have loosened restrictions on employers carrying out drug screening.
NewsOK

Major Data Firm in Security Pinch

Florida-based Fidelity National Information Services (FIS) is fortifying its security after regulators released a report critical of its risk practices. The firm is one of the largest among the more than 1,000 third-party service providers.
Wall Street Journal

Malware Intelligence System Enables Organizations to Share Threat Information

Georgia Tech researchers have developed Titan, a malware intelligence system designed to help corporate and government security officials share information about cybersecurity attacks.
Georgia Tech

Event Focuses on Crisis Readiness, Response

The Pittsburgh Regional Business Coalition will hold a free safety demonstration and training session for all local businesses on May 31.
Pittsburgh Post-Gazette

Securing the Workplace Part 1: Education, Awareness and Planning

With an increasing number of robberies at banks and pharmacies, police are urging businesses to make a plan for employees in the event of a robbery.
WABI TV-5

BYOD is Driving IT 'Crazy,' Says Gartner Analyst

IT managers can expect rapid growth in the number of personal devices, such as smartphones and tablets, used by employees in the next couple of years, which means that IT shops will not be able to provide the security necessary to protect company data.
Computerworld

IBM Faces the Perils of 'Bring Your Own Device

After finding that many of its employees are unaware about what kinds of smartphone apps could be potential security risks, IBM adopted guidelines about which apps are acceptable for employee use.
Technology Review

OPM Polls Agencies on Domestic Violence Policies

In response to a memo issued by President Obama, the Office of Personnel Management (OPM) has begun formulating new government-wide policies relating to domestic violence in federal workplaces
Washington Post

The Global Water Security Assessment and U.S. National Security Implications

A panel of experts recently gathered at the Wilson Center to discuss the Intelligence Community's assessment of global water security and its implications for national security
New Security Beat

Obama Order Sped Up Wave of Cyberattacks Against Iran

Interviews with current and former U.S., European, and Israeli officials, as well as a number of outside experts, have shed new light on the use of the Stuxnet worm that was used to attack computers used in the Iranian nuclear program.
New York Times

Alert: Major Cyber Attack Aimed at Natural Gas Pipeline Companies

The Department of Homeland Security has issued at least three confidential amber alerts about multiple U.S. natural gas pipeline operators being targeted by a major cyber attack campaign since March 29, which is still ongoing...
Christian Science Monitor

New Study Examines Role of Intimate Partner Violence in Workplace Homicides Among U.S. Women

A new paper by the National Institute for Occupational Safety and Health (NIOSH) and the Injury Control Research Center at West Virginia University (WVU-ICRC) has found that 142 workplace murders of women in the U.S. between 2003 and 2008 were committed by the intimate partners of those women.
Medical Express

Spot a Bot to Stop a Botnet

Computer scientists at the Veermata Jijabai Institute have developed a way to detect botnet infections on computers.
Science Daily

Bill protects employees from workplace bullying

The legislation in New York establishes a civil cause of action for employees who are subjected to an abusive work environment.
Legislative Gazette

The Path to Outsmarting Advanced Cyberattacks

are prompting organizations to look into using actionable intelligence to protect themselves from cybersecurity threats.
Government Computer News

Deadly Attacks Hit Nigeria Christians

An attack on church services at a Nigerian university killed at least 16 people on Sunday.
Wall Street Journal

5 Tips on How to Handle Employee Theft

Statistics show that employee theft is a significant problem for companies in North America.
Reuters

US Seizes 36 Websites Dealing in Stolen Credit Cards

The Justice Dept. said the U.S. government has seized 36 domain names of websites that illegally sold and distributed stolen credit card numbers...
Wall Street Journal

CISPA Passes in the House After Surprise Vote

The U.S. House of Representatives on April 26 passed the Cyber Intelligence Sharing and Protection Act (CISPA), a controversial piece of legislation that allows both federal govt. and private sector more latitude to share information about current hacking efforts and cybersecurity threats that may be on the horizon.
Security Week

Hide Patents to Foil Invention Thieves, Urges Congress

U.S. lawmakers have proposed maintaining the secrecy of U.S. patents to prevent the theft and exploitation of inventions before they are legally protected by a granted patent.
New Scientist

U.S. Study Cites Worries on Readiness for Cyberattacks

U.S. state and local officials are most concerned about the government's cyberattack response readiness, according to a study by FEMA regarding the U.S.'s ability to respond to terrorist attacks and man-made and natural catastrophes
New York Times

Cybersecurity Ranks as Top Concern in Federal CIO Survey

The biggest concern of CIOs at federal agencies is the need to protect government information from cyberattacks...
NextGov

Arrests Made in Lilly Heist

Authorities said Thursday that they have broken up a group that was allegedly involved in the theft of more than $70 million in prescription drugs from an Eli Lilly warehouse in Connecticut in March 2010.
Wall Street Journal

Religious Sites are Worst for Malware, Report Finds

According to Symantec's most recent Internet Security Threat Report, religious web sites have a higher incidence of malware infection than pornography sites.
Wall Street Journal

Bullet Time' Signals to Stop Cyber Attacks on Grid

University of Tulsa researchers have developed a method to handle cyberattacks on crucial infrastructure, such as electricity grids, water utilities, and banking networks.
New Scientist

How CIOs Can Learn to Catch Insider Crime

Research shows that CIOs rarely discover the internal security threats that can ruin companies, even though it frequently involves IT systems. Here's what needs to change.
CIO Magazine

Flea Market Raid: Homeland Security Cracks Down On Counterfeit Goods

The Department of Homeland Security (DHS) has reportedly begun raiding flea markets in search of counterfeit merchandise.
CNBC News

Plan for Dealing With Insider Threats Getting Close

The U.S. government is closing on a national policy for combating insider threats with standards for enforcement, and officials expect the policy to be issued by the end of 2012.
Government Computer News

BYOD Continues to Challenge Agencies Struggling to Develop Policy

Many federal agencies' security policies and procedures are not keeping up with the growing bring your own device trend, which leaves these government networks increasingly vulnerable to attacks, according to a recent Network World/SolarWinds survey.
Federal Computer Week

How Do You Change Your Company's Culture? Spark a Movement

Revitalizing a company culture can best be served by providing employees with a fresh concept or driving precept they can adopt, rally behind, and act on, according to StrawberryFrog founder Scott Goodson
Forbes

Breaches Epidemic Despite Efforts at Compliance, Says Kroll

A new study from HIMSS Analytics and Kroll Advisory Solutions shows that increasingly stringent regulatory activity with regard to reporting and auditing procedures has not prevented an increase in the number of breaches seen in the past six years.
HealthCare IT News

House Homeland Security Guts Own Cybersecurity Bill in Bid to Remain Relevant

The House Homeland Security Committee on Wednesday modified the cybersecurity legislation that was approved by a House subcommittee in early February.
FierceGovernmentIT

Don't Panic

Presenting an idea to senior management does not have to be terrifying, management experts say, as long as employees work ahead of time to find out what executives are looking for and follow these tips for making a compelling presentation.
The Conference Board Review

Embezzlers these days more likely to be women

With motive and opportunity, women are behind most of the state's high-profile cases since '08.
Star Tribune

Is Security the Real Problem for an Intelligence Community Cloud?

To be more cost-effective, the U.S. Intelligence Community is scrutinizing the cloud environment as a possible money-saving option, and successful migration will rely on collaborative alliances, common solutions, and effective policies...
Federal Computer Week

Mobile malware: Beware drive-by downloads on your smartphone

The number of security threats that target mobile devices has risen by more than 600 percent between 2010 and 2011.
Infoworld

A Report on ICANN 43: New gTLDs and DNSSEC"

ICANN's recent meeting in Costa Rica focused on a number of issues, but the two biggest were clearly the new gTLD program and Domain Name System Security Extensions (DNSSEC).
Network World

Apple Mac Computers Hit in Hacker Attack, Researcher Says

Antivirus software provider Doctor Web says a recent hacking attack hit more than 600,000 Apple Mac computers, a sign that the computer behemoth is becoming a more lucrative target for malicious users.
Bloomberg

BT Deploys Alarm System to Catch Copper Cable Thieves

The British telecommunications company BT has implemented a new alarm that will span its entire copper network in an effort to cut down on the growing rate of cable theft.

Is DHS Ready to Oversee Private Cybersecurity?"

Lawmakers want the security of some privately owned information networks to be supervised by the Department of Homeland Security, in much the same manner that the Nuclear Regulatory Commission oversees nuclear plants.
Federal Times

Tips for Dealing With Workplace Substance Abuse

In instances of substance abuse in the workplace, employers and co-workers should be on the look-out for specific signs and should always report the problem.
Great Falls Tribune

The Flashback Attack: It's Time Mac Users Got Security Aware

Apple is taking steps to protect Mac users from the threat posed by the Flashback Trojan. Flashback exploits weaknesses in Oracle's Java software to install malware.
Computer World

Warning Over Medical Implant Attacks

Security researchers recently developed attacks that locate and compromise medical implants that are used to manage conditions such as diabetes and heart disease.
BBC News

Cybersecurity Purchasing Alliance Established

The nonprofit Center for Internet Security (CIS), which works to improve online security, is planning to launch the first-ever collaboration for purchasing cybersecurity solutions.
Government Technology

Global Risks 2012: Seventh Edition An Initiative of the Risk Response Network

This report features refined risk descriptions and rigorous data analysis covering 50 global risks. It aims to improve public and private sector efforts to map, monitor, manage and mitigate global risks. It is also a “call to action” for the international community to improve current efforts at coordination and collaboration, as none of the global risks highlighted respects national boundaries.
World Economic Forum

New Security Opportunities in Higher Education

Colleges and universities around the United States are creating new full-time security and risk assessment positions in their study-abroad offices, spurred on at least in part by international events like the Arab Spring and Japanese tsunami. Northwestern University is one of the schools that recently created a full-time safety and security position in its study-abroad office. The university in January hired Julie Friend as associate director for international safety and security. Friend most recently served in a similar role at Michigan State University.
Security Director News

Traveling Light in a Time of Digital Thievery

“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
New York Times

Eight-Year Nortel Hacking Operation Again Shows Enterprise Vulnerabilities

An eight -year hacking operation has been uncovered at telecoms firm Nortel, prompting experts to again question whether enterprises are prepared to handle targeted security breaches. While the origins of the attack and its organisers are not known, investigators traced the attacks to systems located in China.
v3.co.uk /Nichols,Shaun

Canadians Oppose Government's Proposal for Sweeping Internet Surveillance

Public outrage over the government's proposed Internet surveillance laws boiled over Thursday, as thousands of Canadians made their objections loud and clear on the Twitterverse. At the same time, a Liberal MP turned the tables, requesting that Parliament divulge the web-surfing histories of their computers and BlackBerrys.
Edmonton Journal/ By Jeff Davis and Sarah Schmidt And Vito Pilieci, Post Media News; With Files From Postmedia News

U.S. to Share Cautionary Tale of Trade Secret Theft With Chinese Official

China’s next leader, Xi Jinping, may never have heard of American Superconductor Corporation before he arrived here Monday, but by the end of his visit United States officials hope to make the small Massachusetts wind-energy company an object lesson in the impact of Chinese trade secret theft on American business.
New York Times/Weisman, Johnthan

National Strategy for Global Supply Chain Security

International trade has been and continues to be a powerful engine of United States and global economic growth. In recent years, communications technology advances and trade barrier and production cost reductions have contributed to global capital market expansion and new economic opportunity. The global supply chain system that supports this trade is essential to the United States’ economy and security and is a critical global asset.
The White House.gov

Cameras May Open Up the Board Room to Hackers

One afternoon this month, a hacker took a tour of a dozen conference rooms around the globe via equipment that most every company has in those rooms; videoconferencing equipment. With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall.
New York Times/ Perloth, Nicole

DHS guidance to state and local fusion centers going unused

More than 83 percent of 64 intelligence fusion centers run by state and local agencies to whom the Department of Homeland Security issued the Comprehensive Preparedness Guide-502 are either not using the guidance or never received it, according to a new report from the DHS Inspector General's Office. The purpose of the guidance is to assist the fusion centers' coordination of anti-crime activities with state and local emergency operations centers. The report casts blame for the guidance's under-utilization on both DHS and state and local officials.
Federal Computer Week / Lipowicz, Alice

Feds Seek Stronger Security for Power Grid

In an attempt to gain insight into how to best protect the U.S. electricity grid, the Department of Energy and the Department of Defense have joined forces to create a cybersecurity model that can be tested and applied across the utility industry. The Electric Sector Cybersecurity Risk Management Maturity Model pilot project seeks to work with experts in the public and private sector to use current cybersecurity strategies to create a "maturity model" that can identify how secure the electric grid is from cyber threats.
InformationWeek / Montalbano, Elizabeth

FedRAMP Security Controls Unveiled

The federal government has released roughly 170 controls for the Federal Risk and Authorization Management Program (FedRAMP). The program consists of a unified risk management process that will evaluate vendors' IT services for federal agencies, thereby eliminating the need for agencies to conduct their own risk management programs. This in turn will allow agencies to evaluate a vendor's IT services in light of their specific needs and their privacy and security requirements.
GovInfoSecurity.com / Chabrow, Eric

Protests Put Cities on Alert

A number of cities hosting high-profile events this year are changing their laws regarding demonstrations in order to prevent the kind of violent protests that took place across the country in 2011. In Chicago, for example, the mayor has called for placing limits on the times when demonstrations can be held, increasing fines for resisting police, and requiring parade permit applicants to provide descriptions of "attention-getting devices" such as amplifiers, banners, or signs. The proposals, which will be voted on next week, come ahead of the NATO and Group of Eight summits in Chicago this May.
Wall Street Journal / Nicas, Jack

Defense Bill Approves Offensive Cyber Warfare

The recently approved U.S. defense budget sanctions the Department of Defense to engage in offensive cyberwarfare to protect U.S. interests and those of its allies, while also directing the military to improve cyberdefensive measures. However, the National Defense Authorization Act does not empower the military to take any offensive cyberaction without presidential authorization.
InformationWeek; Hoover, J. Nicholas

SpyEye Malware Borrows Zeus Trick to Mask Fraud

The SpyEye bank fraud computer program has been identified with a feature designed to keep victims clueless long after fraud has occurred, according to security vendor Trusteer. SpyEye is notable for its ability to inject new fields into a Web page, a technique called HTML injection, which can ask banking customers for personal information they normally would not be asked.
IDG News Service; Kirk, Jeremy

Pessimism Over FISMA Deadline Starts at the Top, Survey Finds

Most federal agencies do not believe that they will be in compliance with the Office of Management and Budget's requirement to perform all Federal Information Security Management Act reporting through automated monitoring tools by Sept. 30. According to a survey of 234 IT security professionals, just 45 percent of respondents said that they would be able to meet the deadline.
Government Computer News; Jackson, William

NY Senator Proposes Measures to Protect Pharmacies

A New York senator is calling for steps to be taken to prevent deadly pharmacy robberies like one that took place in Long Island over the weekend, which claimed the life of an off-duty federal agent who tried to intervene.
Associated Press

Social Media's Passive Risk

Security and communication consultants have been using an online spoofing case involving a fake Bank of America account on Google+ to teach banks about the use of social media. A phony Bank of America page stayed up for more than a week in November, using the bank's official logo, address, and links while posting fake, satirical items.
Bank Technology News; Button, Keith

Obama Launches Bureau of Counterterrorism

The State Department recently announced the launch of the new Bureau of Counterterrorism. According to the department, the bureau will coordinate with U.S. agencies, including the Department of Homeland Security (DHS), and foreign governments to create civilian counterterrorism strategies and operations.
NewsOK; Gehrke, Joel

Court Upholds Law That Protects Companies Aiding U.S. Surveillance

The Court of Appeals for the Ninth Circuit has upheld a federal law that grants immunity to telecommunications companies that help the federal government conduct surveillance on American citizens.
Reuters

Stuxnet and Duqu Part of Larger Cybermalware Campaign

The Stuxnet worm was developed on the same platform used from 2007 onwards to set up a family of cyberweapon-like malware including the recently uncovered Duqu worm, according to a forensic study by Kaspersky Lab researchers
Techworld ; Dunn, John E.

Carmakers, U.S. Worry About Hacking of Cars

Recent studies indicate that cars' increasing reliance on computer systems that control everything from airbags to crash-avoidance systems has left them vulnerable to cyberattacks. "I can definitely imagine organized crime or potentially even nation-states leveraging weaknesses in these functions to cause different kinds of havoc," says Intel's Ryan Permeh.
San Jose Mercury News; Johnson, Steve

Packaging Technologies Advance in Fighting Fake Pharmaceuticals

es Shepherd, CEO of Channel IQ, a firm that monitors branded products and prices for manufacturers, distributors and retailers, said the healthcare packaging industry is constantly combating counterfeiting. "Packaging has a very important role,” he added. “It has to signify the authenticity of a product, and not just hold the product or explain its benefits.
Healthcare Packaging

Logging in With a Touch or a Phrase (Anything but a Password)

Polytechnic Institute of New York University (NYU-Poly) researchers are training devices to recognize their owners by touch, one of several research projects designed to make passwords obsolete. The research arm of the U.S. Defense Department is looking for ways to use cues such as a person’s typing quirks to continuously verify their identity.
New York Times; Sengupta, Somini

Employees' Facebook Pages Are Private, Until They're Not

A New York appeals court determined there are limits to how much proof of employee shenanigans a business can legally gather from sites like Facebook.In late October, an appeals court in New York determined that there are limits to how much proof of employee shenanigans a business can legally gather from social media utilities such as Facebook. The Appellate Division of the New York Supreme Court ruled that commercial builder Turner Construction Co. should not have a free hand in searching the Facebook activity of an employee who was seeking compensation in a personal injury suit against the company. The company was attempting to use information from the employee's Facebook account to show that he was not being truthful about the extent of his injuries.
Business on Main/ Mikal E. Belicove

Workplaces Victims of Domestic Violence Herald Sun (Australia)

A recent study has found that domestic violence is having an effect on Australian workplaces. The study, which consisted of surveys of more than 3,600 people between February and July, found that 33 percent of employees were victims of domestic violence. All told, domestic violence results in roughly $480 million worth of lost productivity in Australia, a separate study found. Experts say that employers should take steps to help workers suffering from domestic violence, including giving them time off to deal with their problems, blocking e-mails, or giving them new phone extensions so that abusers cannot call them at work.
Herald Sun (Australia)

Should Homeland Security control the electrical grid? Maybe.

Researchers at MIT have released a report on the security of the nation's electric power grid. The report noted that the federal government should designate a single agency as being responsible for protecting the electric power grid from cyber attacks. The current security regime is untenable, the report said, because those that are in charge of maintaining the electric power grid are not working together.
CNET/Don Reisinger

'Son of Stuxnet' virus could be used to attack critical computers worldwide

Researchers at Symantec have discovered a new virus that they say is very similar to the Stuxnet virus that was used to attack Iran's nuclear program. Like Stuxnet, the new virus--which is known as Duqu and may have been in use since last December--targets industrial command and control systems. In addition, much of the code used in Duqu is similar to the code used in Stuxnet. Both Stuxnet and Duqu also use fraudulent digital certificates that are purportedly issued by Taiwanese companies. As a result, Duqu must have either been created by the same group that developed Stuxnet or was created by a group that was able to obtain Stuxnet's source code. However, there are some differences between Stuxnet and Duqu, which creates a backdoor in the systems it infects and connects them to a command computer in India. For instance, Stuxnet was designed to attack the computers used in Iran's nuclear research program. Duqu is not as targeted, and may be designed to collect intelligence such as design documents before an attack on infrastructure computers is launched, Symantec said.
MSNBC (10/18/11) Sullivan, Bob

Cyber Security Must Focus on Users, Not Just Attackers Tech Journal South

Cybersecurity measures must aim at users, not just attackers, according to researchers at the University of Maryland, College Park's Maryland Cybersecurity Center. The researchers are applying criminological concepts and research methods to cybercrime research, producing recommendations for information technology managers to use in preventing cyberattacks. The researchers, led by professors Michel Cukier and David Maimon, are studying cyberattacks from the viewpoint of both the user and the attacker. "We believe that criminological insights in the study of cybercrime are important, since they may support the development of concrete security policies that consider not only the technical element of cybercrime but also the human component," Maimon says.
Tech Journal South

New Jersey teams with Target for disaster response

During the next major disaster, New Jersey emergency responders will receive assistance from the big box retailer Target; last week the company announced that it had officially teamed up with New Jersey’s Office of Homeland Security and Preparedness to assist state and local officials in the event of a major disaster or terrorist attack.
Homeland Security NewsWire

MSU lands USDA grants totaling nearly $3 million to improve food safety

Three Michigan State University researchers landed grants totaling nearly $3 million from the U.S. Department of Agriculture to improve food safety. The grants were part of USDA Deputy Secretary Kathleen Merrigan’s visit to MSU’s campus today, in which she announced 17 grants totaling $10.4 million from the USDA’s National Institute of Food and Agriculture to universities around the country.
Michigan State University News

Homeland-Security Bill Seeks to Clarify Who's in Charge of Cybersecurity

House Cybersecurity, Infrastructure, Protection and Security Technologies Subcommittee Chairman Dan Lungren (R-Calif.) has announced that he is planning to introduce a bill that would identify the Department of Homeland Security (DHS) as the primary federal agency in charge of national cybersecurity. The bill would provide an alternative to legislation approved by the House Intelligence Committee that would require the director of national intelligence to create guidance for the intelligence community to share with the private sector classified intelligence about cyber threats. Lungren's bill, on the other hand, proposes the creation of a nonprofit National Information Sharing Organization for exchanging details on cyber threats between the public and private sector.
National Journal / Gruenwald, Juliana

Cybercrime Hits Small Towns

The cyberattack on the computer systems of 70 small law enforcement departments by the hacker group Anonymous earlier this year underscores the risks that small towns and counties face from cybersecurity threats. Small municipalities are increasingly running crucial services on computers that could be shut down by hackers, cybercriminals, or disgruntled workers, yet they do not have the funds to hire CIOs or information security chiefs to help them protect these systems.
Governing / Newcombe, Tod

Advanced Threats Touch Two-Thirds of Enterprises

Nearly two-thirds of information security managers report that their businesses have been targeted by advanced persistent threats (APTs), and 72% expect to see such attacks persist in the future...Those findings come from a new report on APTs released Tuesday by market researcher Enterprise Strategy Group (ESG). The study is based on a survey of about 250 U.S. information security professionals, conducted in August.
InformationWeek / Schwartz, Mathew J.

U.S. Report Cites 'Persistent' Chinese, Russian Spying for Economic Gain

According to a U.S. intelligence report, the Chinese are the world's "most active and persistent" perpetrators of economic espionage. Additionally, the report made claims that Russian intelligence officials are participating in extensive spying efforts to collect information on the U.S. economy and technology. The report also found that the majority of the spying activity is present in cyber space. "Cyber has become the great game-changer ... our research and development is under attack," said a senior intelligence official. Economic cyber spying is affecting several portions of the U.S. economy including information technology, military technology, clean energy and medical technology.
Wall Street Journal / Gorman, Siobhan

Private Citizens Getting Help in Fight Against Terrorism

The face of antiterrorism in Colorado includes a former Washington lobbyist, an ex-Marine from Lakewood whose wife gives him the evil eye when he's sizing up potential threats at Denver International Airport, and a native New Yorker who refuses to ride on the subway and spends as little time as possible in high-rise buildings. The alliance is eclectic, but then, the people they're after aren't very stereotypical.
Denver Post / Cotton, Anthony

Cyber Attack Targets Chemical, Defense Firms

A new report from Symantec Corp. reveals that at least 48 chemical and defense companies were affected by a cyber attack traced to a man in China. The companies' computers were infected by malicious software known as "PoisonIvy" that was used to capture such information as design documents, formulas, and details on manufacturing processes, according to Symantec. The report said the victims included several Fortune 100 companies that develop compounds and advanced materials as well as those that manufacture infrastructure for these industries. "The purpose of the attacks appears to be industrial espionage, collecting intellectual property for competitive advantage," Symantec said in a white paper on the campaign, which the company dubbed the "Nitro" attacks.
Insurance Journal / Finkle, Jim

A Reason to Revisit Your Cybersecurity Risk

Last month the Securities and Exchange Commission (SEC) issued guidance on its expectations for how publicly traded companies should address cyberattacks in their regulatory filings. The guidance does not change any existing rules, but clarifies that companies must include cybersecurity risks in their assessment of “the most significant factors that make an investment in the company speculative or risky.” In May EMC said it experienced “an extremely sophisticated cyberattack” that put its RSA SecurID tokens at risk as well as its corporate customers’ data security, and the SEC sent a comment letter asking the company how the cost of protecting itself against future breaches would affect its financial results.
CFO /Johnson, Sarah

Lab's Behavioral System Can Catch Insider Threats"

Oak Ridge National Laboratory researchers have developed a tool to identify malicious insiders and stop them from sending sensitive information outside the organization. The system uses a host-based agent to learn a user's behavior and to look for anomalous behavior or other signatures, according to Oak Ridge researcher Justin Beaver. The system responds to these signature events by switching malicious users to a honeypot environment, which isolates them from data and enables their actions to be studied. “It turns out there is a lot of data on each host you can leverage if you know what to look for,” Beaver says.
Government Computer News / Jackson, William

GAO reports problems in cybersecurity hiring strategy

An audit by the Government Accountability Office (GAO) has found that some government agencies have failed to effectively develop or implement cybersecurity workforce planning strategies. Agencies also reported problems in filling some cybersecurity positions, particularly those requiring specialized skills. In 2010 the Senate Judiciary Committee asked GAO to study whether or not the federal government was adequately meeting its cybersecurity staffing goals and report on the status of government-wide cybersecurity initiatives.
Homeland Security NewsWire

Hacker group threatens industrial computer systems

A bulletin leaked from the Department of Homeland Security's National Cybersecurity and Communications Integration Center shows that officials are concerned about possible attacks on computer systems used to operate the nation's critical infrastructure. According to the bulletin, which was issued in September and posted on Monday by the Web site Public Intelligence, the hacker group Anonymous has posted computer code and other material that shows that it is interested in attacking industrial control software (ICS) systems, which are used to run equipment at power stations, chemical plants, and water and sewage facilities, among other facilities.
Washington Times / Waterman, Shaun

Security 'Chaos' Leaves Utility Grids Vulnerable, Report Says Government

A recent paper from Pike Research reveals that the lack of standards, inadequate spending and an aging infrastructure are making vital utility grids increasing vulnerable to cyber attack. Though the report says that this vulnerability is a global problem, it also notes that there are multitudes of differing region infrastructures and security technologies, requiring region-specific definitions of threats as well as region-specific decisions regarding investments in security.
Computer News / Jackson, William

How to Have Real Risk Management

Andy Ellis, chief security officer at Akamai Technologies, says the important thing for organizations in regard to risk management is to actually understand the risks that apply to them, and make informed decisions based on that profile. "These are the organizations that are actually out front, leading the way, defining new risk models for themselves and selecting technologies and solutions that are appropriate for their business," Ellis said in a recent discussion with this publication.
Computerworld / Hulme, George V.

Metrics for Success: Tracking Preventable Risk

When you track the results of your incident post-mortems to identify root causes of incidents, and when you conduct risk assessments to prospectively document vulnerabilities, you have the data to impress management on the consequences of failure to follow policy, procedures or other elements of your internal controls that contribute to risk exposure. Objective: A significant percentage of security events are preventable. Use your metrics to influence behavior and fundamental corrective action.
SecurityInfoWatch.com / Campbell, George

Employee Theft:The Largest Source of Shrink in North America

Shrinkage cost retailers around the world more than $119 billion over the past year, or 1.45 percent of their sales, according to the Centre for Retail Research's Global Retail Theft Barometer for 2011. The causes that are most commonly responsible for retail shrinkage are different in various regions of the world. Customer theft was the primary cause for shrinkage in most countries around the world, resulting in $51.5 billion in losses so far this year. However, dishonest employees were the biggest cause of retail shrinkage in North America. Employee theft resulted in $47 billion in losses for North American retailers so far this year, up from $37.8 billion last year.
Security Management / Purvis, Carlton

One Million UK Workers Have Experienced Violence in the Workplace

Researchers at Britain's Cardiff and Plymouth universities have found that workplace violence is more prevalent in the U.K. than previously thought. Researchers conducted interviews of almost 4,000 employees working in a variety of different roles and in a number of different industries, and found that nearly one in 20 had been the victims of workplace violence. This translates to more than 1 million workers throughout the U.K., the researchers noted. Of those that said that they had been the victims of workplace violence, nearly 4 percent said that they had suffered injuries as a result of those incidents.
Guardian Unlimited (UK) / Snowdon, Graham

Most Americans Unprepared for Disaster, Survey Finds

A new survey finds that most Americans are unprepared for major disasters and that they maintain a false sense of security with regard to what will happen if a major disaster or a terrorist attack took place; contrary to reality, almost one-third of respondents believed that during a major disaster, calling 911 would bring help within an hour, while 30 percent said they believed help would come within several hours.
Homeland Security NewsWire

New Report Highlights Economic Threat of Weak U.S. Cyber Security

A new report on cyber intelligence and cyber attacks outlines overlapping vulnerabilities in computer networks across private industry and the U.S. government, and calls for a systematic response that would prevent the harm these weaknesses could inflict on national security and the economy.
law.com/ Catherine Dunn

What's a Company's Biggest Security Risk? You.

Security experts say that, despite the precautions taken by many major corporations to prevent cyber attacks, they still have one major vulnerability that cannot be fixed by technological advances: their employees. "The security gap is end users," says Kevin Mandia, chief executive of security firm Mandiant Corp.
Wall Street Journal/Geoffrey A. Fowler

NIST releases final piece of IT security foundation

The U.S. National Institute of Standards and Technology (NIST) has released Special Publication 800-30, "Guide for Conducting Risk Assessments," which provides guidance on how to assess IT risk.
Government Computer News/William Jackson

Corporate Boards Weak Link in Information Security

According to the governance, risk, and compliance unit of Thomson Reuters, most major corporations have "significant security gaps that leave sensitive board-level information open to information theft and hacking, On Wall Street (Sept. 21, Steinert-Threlkeld) notes. Thomson Reuters said its survey of board members, corporate secretaries, and company attorneys found that information provided to members of corporate boards of directors is often in unencrypted e-mail accounts and computers.
On Wall Street/Tom Steinert-Threlkeld

In China, Business Travelers Take Extreme Precautions To Avoid Cyber-Espionage

Security experts are warning that travelers should avoid bringing electronic devices carrying important company contacts and confidential information with them to China if at all possible. This warning stems from the pervasive electronic surveillance and cyber-espionage undertaken by the Chinese government and other regional sources
The Washington Post/Ellen Nakashima and William Wan

Email Main Source of Data Leaks in Organizations: Survey

Email may be integral to an organization's day-to-day operations, but it is also becoming one of the primary sources of data leakage, according to a recent Ponemon Institute report. In a survey of 830 information technology, security, and compliance experts, more than 50 percent said improper email use among employees is the main source of data leaks within the organization.
eweek/Fahmida Y. Rashid

Organizations Over-Confident About Security Strategy: Survey

Senior executives are overconfident about their organization's information security strategy, according to a PricewaterhouseCoopers survey. Of the 9,600 senior executives who took part in the 2012 Global State of Information Security Survey, 43 percent said that their organization had an effective, proactive security strategy
eweek/Rashid, Fahmida Y.

Data Security Not High on Hospitals' Priority List

A new report from the consulting firm CSC says hospitals must increase security to achieve Meaningful Use and comply with new HIPAA requirements. CSC consultant Jared Rhoads says an annual risk analysis is required under stage 1 and putative rules for stage 2 Meaningful Use.
Information Week/Ken Terry

Organized retail theft: A $30 billion-a-year industry and growing

“Organized retail crime,” as police call it, has become big business. Last year, theft rings stole an estimated $30 billion worth of retail merchandise that wound up getting sold out of car trunks, online and even to distributors who relay the merchandise back to store shelves.
ABC newsnet5.com

Ten Years After 9/11 -- Risk Management in the Era of the Unthinkable

For the entire country, the September 11, 2001, the attacks redefined the meaning of risk management in both the public and private sector, Wharton experts say, forcing companies and the government to rethink the ways that they prepare for, respond to and recover from large-scale disasters. The new agenda for security that was set on that sunny fall Tuesday has been tested, questioned and reshaped again and again in the decade since -- by events including Hurricane Katrina, the BP oil spill in the Gulf, the 2008 financial crisis, the Arab Spring, the earthquake and tsunami in Japan, and most recently, Hurricane Irene.
Knowlede@Wharton

Top 5 Hazards for Business Travelers (Hint: Terrorism Isn't One Of Them)

So, you think nothing short of a revolution in Libya, an earthquake, a hurricane or a terrorist attack can keep you from your business meetings?
Forbes

Montgomery County Proposes Flash-Mob Law

Lawmakers in Montgomery County, Md., are in talks with the state delegation about the possibility of introducing legislation in next year's session of the Maryland General Assembly that would address the problem of flash mobs.
Washington Times; Noble, Andrea

Workplace Homicides and Suicides Fell in 2010

According to the Labor Department's preliminary Census of Fatal Occupational Injuries report, the number of workplace homicides dropped last year. The reported noted that the number of homicides that took place at U.S. workplaces dropped by 7 percent in 2010. Workplace suicides, meanwhile, decreased slightly from 263 in 2009 to 258 in 2010.
Wall Street Journal; Reddy, Sudeep

Scared Mexicans Try Under-the-Skin Tracking Devices

A recent Mexican congressional report indicated that kidnappings have increased 317 percent in the past five years. Some Mexicans, afraid of being next on the cartel's list of targets, have had radio frequency identification chips (RFIDs) or other tracking devices surgically implanted to allow them to be tracked. Many of the implants are selling for thousands of dollars based on promises that they improve the kidnapping victim's chances of being returned.
Washington Post ; Miroff, Nick

Campus Security: There's an App for That

The University of Maryland's College Park campus is planning to introduce a smartphone application next month that aims to improve security. The app, known as M-Urgency, will allow students, faculty, and staff to instantly alert police and share with them their exact location.
Baltimore Sun; Sentementes, Gus G.

Malware Able to Record Phone Conversations Looming: BitDefender

It is only a matter of time before malware evolves to record smartphone conversations. "We are going to see malware that records phone conversations and we've already seen malware that extracts contact message documents and email documents," he says. There is a lot of malware created for social media, Android devices, and computers that is highly focused on amassing information about the users, Cosoi warns. According to BitDefender's own research, 80 percent of malware found for smartphones operating on Android is designed to steal information from the phone. Cosoi predicts that the data will be used in creating various profiles which can then target the user with anything from phishing attacks to scams persuading the user to spend money. (go to web site)
Computerworld Australia; Barwick, Hamish

VIPER,VENOM Snake Critical Info Across Intergovernmental Boundaries

Security experts involved in pilot projects for the Department of Homeland Security's (DHS) Virtual USA initiative say that the technologies being tested have potential to transform the way the government coordinates geospatial information and other data-sharing capabilities. Virtual USA has launched dozens of integrative projects at the federal, state and local levels. Two of these projects, the Virtual Emergency Network of Multnomah County (VENOM) in Oregon and the Virginia Interoperability Picture for Emergency Response (VIPER), have already shown success integrating county systems with state and regional partners' systems for emergency management operations.
Government Computer News Marshall, Patrick

Bill Calls for Background Checks at Utilities

Sen. Charles Schumer (D-N.Y.) has introduced legislation that would require all employees at the nation's major power plants to undergo FBI background checks. Schumer's legislation comes after the Department of Homeland Security released a report that found that terrorists could obtain sensitive information from disgruntled former power plant employees.
Boston Globe

Creating Ag Extension Agent for Cyber

Eugene Spafford, the executive director of Purdue University's Center for Education and Research in Information Assurance and Security, is calling for the creation of a national cybersecurity extension service. Such a service would enable anyone dealing with cybersecurity threats to turn to a government agent for help. Spafford says a cybersecurity extension service could work in tandem with the U.S. National Institute of Standards and Technology's efforts to provide detailed guidance on cybersecurity issues.
GovInfoSecurity.com, Eric Chabrow

Schumer Wants End of Fake IDs From China

New York Sen. Charles Schumer wants to crack down on China for selling sophisticated fake driver's licenses to college students and under-age drinkers. Schumer is trying to get the Department of Homeland Security to ban major wire transfer companies from forwarding funds to the foreign companies who are making the licenses, most of which are in China. The fake IDs could have major national security implications as they could be used by terrorists trying to pass through airport security checkpoints.
Business First / James Fink

The Changing Face of Identity and Location Security

Organizations are increasingly shifting the security model from one that reflects a hard perimeter and a soft inside to an identity-centric model in which users are explicitly authenticated and their ID is followed through the various security strata. This makes the policies easier to manage and safer, as companies no longer use the IP address as a proxy identifier in place of users but rather identify the users regardless of their location or IP address.
Network World/Andreas M. Antonopoulos

The New Psychology of Strategic Leadership

Business strategists only have a partial understanding of their job. Michael Porter essentially argued three decades ago that the strategist must search for opportunities where competition is weak, but the best opportunities are those that are the hardest to spot and execute, and these distant opportunities require strategic leaders to be good economists and good psychologists. Strategic leaders must expertly analyze and manage market forces, as well as expertly analyze and manage their own and others' thought processes.
Harvard Business Review ; Gavetti, Giovanni

The Weakest Link in Computer Hacking? Human Error

The findings of a recent Department of Homeland Security study underscored how human error can open networks up to attacks. During the study, DHS staff members secretly left computer discs and thumb drives in plain sight in the parking lots of government buildings and private contractors. Sixty percent of the individuals who picked up the discs and thumb drives later plugged them into their work computers to see what kinds of files were on them.
Bloomberg / Edwards, Cliff; Kharif, Olga; Riley, Michael

Foreign Anti-Bribery Law Slammed; House GOP Wants FCPA Changes

Members of a House Judiciary panel are working on legislation to amend the Foreign Corrupt Practices Act,looking at changes they say would "provide greater clarity" to US businesses as they attempt to comply with the foreign anti-bribery law.
Main Justice / Christopher M. Matthews

Chamber of Commerce, Businesses Want Anti-Piracy Bill

The U.S. Chamber of Commerce and more than 750 businesses and organizations, including NBC Universal, the Motion Picture Association of America (MPAA), and the Recording Industry Association of America (RIAA), are teaming up to push Congress to pass a bill that would protect intellectual property online. Under the legislation, known as the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property (PROTECT IP) Act, search engines, advertisers, and payment service providers would be prevented from doing business with Web sites that the Justice Department believes are used only to engage in copyright infringement.
Reuters / Chew, Cassie M.

Workplace Violence Stats 'Seem Low'

The number of people suffering violence in the workplace could be even higher than a recent survey discovered, according to the director of an anti-occupational violence organisation. Haydn Olsen told TV ONE's Breakfast the findings of a recent Massey University study, which found a third of employees have suffered violence at work, seemed a little low.
TVNZ Interactive (New Zealand)

Enterprises Hit With More Advanced Malware-Based Attacks in 2011: Report"

Malware is increasingly being used as advanced persistent threats against enterprises, according to the latest quarterly report from Cisco.In the report, Cisco researchers did not restrict a malware encounter to just malware infecting a single system. It can also include incidents when a system was initially infected by a basic downloader, which analyzed the system and downloaded even more sophisticated data-collecting malware.
eWeek / Rashid, Fahmida Y.

Web Application Attacks Peak at 25,000 Per Hour

Corporate and government online applications are targeted by cyberattacks an average of 27 times an hour, or once every two minutes, according to an Imperva study. However, the use of automation can enable cybercriminals to carry out even larger numbers of attacks. According to Cloud Pro, the use of automation allows for 25,000 attacks an hour, or seven attacks every second.
ITPro / Jennifer Scott

Violence Afflicts ER Workers

Statistics show that violence against nurses and other caregivers at hospitals is commonplace across the country. A 2007 survey by UC San Francisco and other researchers found that nearly 40 percent of emergency room employees in California had been assaulted at work during the previous year. In addition, the Emergency Nurses Association--which represents 40,000 emergency room nurses across the country--found last year that more than 10 percent of the emergency room nurses it surveyed had been attacked in the previous week.
Los Angeles Times / Garrison, Jessica; Hennessy-Fiske, Molly

McAfee: Hackers Compromised 72 Organizations Since 2006

McAfee published a report on Aug. 2 that revealed that 72 companies and organizations in 14 countries have been targeted by an unidentified hacking group since 2006. During the attacks, the hacking group sent targeted e-mails to individuals within the companies or organizations, which included the International Olympic Committee, the World Anti-Doping Agency, and the United Nations.
IDG News Service / Ribeiro, John

DHS Should Extend Cybersecurity Collaboration With Private Sector, GAO says

The Department of Homeland Security needs to reevaluate its approach to protecting critical infrastructure and bolster public-private collaboration, especially in regard to information sharing, according to a new Government Accounting Office study. "The threats to systems supporting critical infrastructures are evolving and growing," says GAO's Gregory Wilshusen.
Homeland Security Today / McCarter, Mickey

Hackers leave CIOs on edge

Hackers on the prowl for sensitive data. Staff shortages that make it tough to implement the latest technology. A tight market for programmers that makes it easy for the best ones to jump to new jobs.
DEE DePASS and WENDY LEE , Star Tribune

The CIO Insomnia Project

The CIO Insomnia Project highlights concerns that keep technology leaders up at night.

Targeted Phishing Helped Hackers Earn $150 Million Last Month

Mass email attacks designed to target a wide-ranging audience are falling out of favor with attackers, according to research conducted by Cisco Systems Inc.
Cicso:Robert Westervelt

Disasters hit businesses hard, keeping many permanently closed

Business owners across the United States are being urged to create emergency plans, so that they can continue operating in the wake of a natural disaster; according to the Insurance Institute for Business and Home Safety, 25 percent of businesses hit by a natural disaster are unable to continue functioning
Homeland Security Newswire

Organized Retail Crime Grows, Criminals Becoming More Violent

Organized Retail Crime Grows, Criminals Becoming More Violent This year’s survey found that organized retail crime affects almost every single retailer, with 95 percent reporting they have been a victim of organized retail crime in the past 12 months, up six percent from last year. Although retailers continue to build their defenses against this growing problem, criminals are finding myriad ways to work around the system. Retailers are also reporting that the criminals they apprehend are increasingly resorting to violence, putting the safety of both associates and customers at risk.
National Retail Federation

Cargo Theft Poses Major Problem for Retailers

The scope of most criminal enterprises extends far beyond store limits. For the first time in the survey’s history, NRF polled retailers about this threat and found that nearly half of all respondents said they have been a victim of cargo theft within the past year. The survey found most cargo theft occurs en route from the distribution center to the store, but other points within the supply chain are just as vulnerable. This not only affects a retailer’s bottom line, it also affects what consumers end up seeing on the shelves at the store and the amount of inventory available.
National Retail Federation

Top Cities Impacted by Organized Retail Crime

Top Cities Impacted by Organized Retail Crime Crime rings throughout the country often take advantage of big cities and large highways to move their stolen merchandise and hit multiple targets. When asked where in the United States retailers have the most problems with criminal gangs and organized retail crime, cities including Los Angeles, Miami, New York and Dallas were listed. Making the list for the first time, Las Vegas and Phoenix are now among the top 10 metropolitan areas retailers say are affected, indicating criminal enterprises continue to travel the country. Many times, retailers and law enforcement officials find it difficult to track these crime gangs because they cross state lines in a matter of hours. New technologies, however, are beginning to play a vital role in tracking thefts and criminal behavior even through various states and at different retail companies.
National Retail Federation

FBI Set to Kill Secret-Stealing Russian 'Botnet.' Is Your Computer Infected

The U.S. Federal Bureau of Investigation (FBI) has seized control of a Russian botnet that commandeered millions of personal computers that may have penetrated U.S. diplomatic, military, and law enforcement computer systems The FBI says it may have to remove the malware from the computers in the network to permanently neutralize the botnet. More than 1 million of the 2.3 million PCs recruited in the Coreflood botnet are U.S.-based....
Christian Science Monitor; Clayton, Mark

Report Reveals That Smaller Merchants Face the Biggest Security Threats

Criminals who want to steal debit and credit card information are targeting smaller merchants and retailers, according to a recent Trustwave report. Ninety percent of the card security breaches that took place in e-commerce last year involved Level 4 merchants, or those that process less than 1 million total payment card transactions and fewer than 20,000 e-commerce transactions each year.
EcommerceJunkie

Pentagon: Online Cyber Attacks Can Count as War

The Pentagon has concluded for the first time that computer sabotage coming from another country can constitute an act of war, a finding that would allow the United States to retaliate with conventional forces. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," says a military official.
Wall Street Journal; Gorman, Siobhan

"Workplace Suicides at Record High in '08, '09"

Workplace suicides reached a record high in 2008 and 2009, according to U.S. Department of Labor data. Since data on workplace suicides began being recorded in 1992, there have been a total of 34,598 incidents. In 2007, there were 196 incidents, but in 2008 and 2009, that number jumped to 263. The majority of the people that committed suicides in those years were men.
MarketWatch; Mantell, Ruth

Cyber-Attack Against Government of Canada an Urgent Warning to Businesses

Canada's government revealed in mid-February that the networks of the Department of Finance and Treasury Board were significantly compromised. At least one major news organization reported that the cyberattacks originated in China, and may have gone undetected for a month or more. The breach caused Internet access to be temporarily shut down in some parts of the government to prevent further exposure.
Mondaq; Gaertner, Jerrard

Phishing Emerges as Major Corporate Security Threat

Phishing emails are now cybercriminals' preferred method for breaking into corporate networks, according to Invincea founder Anup Ghosh. Ghosh notes that cybercriminals tend to prefer to use phishing emails to break into corporate networks because they are usually very effective
Network World; Vijayan, Jaikumar

Cyber Attacks Rise at Critical Infrastructure Firms

security executives from electric, gas, water, sewage, and oil companies, said that their companies were targeted by at least one large denial-of-service (DoS) attack last year.
CNet; Mills, Elinor

Hacker Spies Hit Security Firm RSA

Top security firm RSA Security revealed on Thursday that it’s been the victim of an “extremely sophisticated” hack. The company said in a note posted on its website that the intruders succeeded in stealing information related to the company’s SecurID two-factor authentication products. SecurID adds an extra layer of protection to a login process by requiring users to enter a secret code number displayed on a keyfob, or in software, in addition to their password. The number is cryptographically generated and changes every 30 seconds.
Wired

Notorious Spamming Botnet Takes a Fall

A large network of hacked computers called Rustock, which was responsible for a great volume of spam, has shut down, perhaps as a result of another coordinated take down by security researchers.

Pirate attack prediction model developed

A mathematician has developed a piracy prediction model based on wind, waves, currents, as well as on the ground intelligence that could help predict the probability of a pirate attack on a given day; the system would function like a tornado warning system using weather data to project high risk areas on a map; the map could be further refined by adding in real time shipping traffic to indicate which ships are most likely to be attacked; piracy has grown worse in the last year, despite stepped up naval patrols; 80 percent of the world's cargo still travels by sea
HSNW

Worksite enforcement compliance

In October, U.S. Homeland Security Secretary Janet Napolitano announced that under the Obama administration, one of its key agencies, Immigration and Customs Enforcement (ICE), had audited more than 3,200 employers and imposed an estimated $50 million in fines for worksite violations. That exceeded the number of audits and fines collected during the full eight years of the Bush administration, she said.
Groban, Robert S., Jr.,Strasser, Frederick Warren

New Tactics in War on Terror -- Litigation

In a developing trend, Islamic extremists and civilians could increasingly battle one another in the court room. Islamic extremists are increasingly using lawsuits to threaten and intimidate civilians across the world; the Danish newspaper Politiken, which published the controversial Danish Mohammed cartoons in 2005, has been hit by a civil lawsuit; a Danish MP was recently forced to plead guilty to hate speech for speaking his mind about Islam; civilians can also use the courts to go after extremists using similar tactics.
Homeland Security Newswire

FBI Releases Preliminary Semiannual Crime Statistics for 2010

According to the FBI's Preliminary Semiannual Uniform Crime Report, the nation experienced a 6.2 percent decrease in the number of violent crimes and a 2.8 percent decline in the number of property crimes from January to June 2010 compared with data from the same time period in the prior year. The report is based on information from more than 12,000 law enforcement agencies that submitted three to six comparable months of data to the FBI during the first six months of 2009 and 2010.
The Federal Bureau of Investigation

Odds someone else has your SSN? One in 7

That’s the stunning conclusion of a San Diego company's analysis of 290 million Social Security numbers, which found that 40 million of them have been attached to more than one name. The study, conducted by the fraud-fighting firm ID Analytics, is the first of its kind that’s been made available to the public.
The Red Tape Chonicles; Bob Sullivan

Counterfeiting and Piracy: At What Cost?

A new European study attempts to assess the impact of counterfeiting and piracy on the EU’s creative industries. Another report, however, says that it is difficult, if not impossible, to quantify the economic effects of counterfeiting and piracy.
Security Management/Stephanie Berrong

Web 2.0 Helps in Disaster

When the catastrophic earthquake struck Haiti on January 12, Patrick Meier, a doctoral candidate at Tufts University’s Fletcher School of Law and International Diplomacy in Medford, Massachusetts, and cofounder of the International Network of Crisis Mappers wanted to help. He contacted friend and programmer David Kobia in Atlanta about adopting a simple Web-based crisis-mapping program they developed two years earlier in response to post election violence in Kenya.
Security Management/Joseph Straw

Microsoft Finds U.S. Leads in Botnets

Microsoft said at the RSA Conference 2010 in London that it had repaired 6.5 million botnet-infected machines between April-June 2010, twice the number identified and removed during the second quarter of 2009. The United States has the dubious distinction of being the nation with the most botnet infestations.
InformationWeek; Claburn, Thomas

U.S. Companies Are at Risk of Spying by Their Own Workers"

Huang Kexue has been charged with economic espionage after he allegedly began sharing secrets gleaned from his work at a Dow Chemical lab in Indiana with Chinese researchers. Huang has a grant from the Natural Science Foundation of China. He grew up in China but has lived legally in the U.S. or Canada since 1995. However,.....
New York Times; Drew, Christopher

Intrusions at Large Companies Up Sharply in 2010, Study Says

More than 66 percent of enterprises say they have encountered system intrusions in the past 12 months, a significant increase from the 41 percent that reported such intrusions in 2009. VanDyke Software's Sixth Annual Enterprise IT Security Survey finds a noticeable increase in the proportion of large companies reporting a breach of their user machines, office networks, and/or servers.
DarkReading; Wilson, Tim

Georgia Tech Information Security Center Releases Cyber Threats Forecast for 2011

The Georgia Tech Information Security Center (GTISC) has identified the top security risks and concerns for consumer and business Internet and computer users in 2011. According to the GTISC Emerging Cyber Threats Report for 2011, cybercriminals are focusing more on mobile and networked devices to steal data and disable systems from a variety of venues.
Georgia Institute of Technology; Terraso, David

Al-Qaeda Affiliate Calls for D.C. Strikes

The latest edition of Al-Qaida in the Arabian Peninsula's (AQAP) online publication "Inspire," which is read by the group's English-speaking followers, includes a number of threats of terrorist attacks against the U.S. For instance, the publication calls for the group's followers to launch shootings at restaurants in Washington, D.C., during lunch hour.
Washington Post, P. A16 ; Miller, Greg

DHS Drafts Certification Program for Small Business Preparedness

As part of an effort to make it easier for small businesses to certify that they meet national voluntary preparedness standards, the Department of Homeland Security has published a small business classification in the Voluntary Private Sector Accreditation and Certification Preparedness program.
Washington Technology; Lipowicz, Alice

Georgia Tech Researchers Design System to Trace Call Paths Across Multiple Networks

Georgia Tech researchers have developed PinDr0p, a method for tagging fraudulent calls with a digital fingerprint that will help separate legitimate calls from phone scams. PinDr0p can analyze and assemble voice phishing call artifacts to create a digital fingerprint.
Georgia Tech News; Terrazas, Michael

Was Stuxnet built to attack Iran's nuclear program?

A highly sophisticated computer worm that has spread through Iran, Indonesia and India was built to destroy operations at one target: possibly Iran's Bushehr nuclear reactor. That's the emerging consensus of security experts who have examined the Stuxnet worm.
IDG News Service/By Robert McMillan

SEC Pushes Companies for More Risk Information

The Securities and Exchange Commission has been prodding companies in recent reviews of regulatory filings to provide more information about the risks they face.
rah Johnson - CFO.com

Top 10 Threats for IT Security in 2011

In the future, online security threats will be much the same as they are now – but with a few new twists.
ITPro; Kobie, Nicole

FBI says violent crime reported to police declined in 2009 for the third straight year

WASHINGTON - Violent crime is down for the third straight year. Property crime for the seventh. But why?

Experts are hard-pressed to come up with an explanation.
Associated Press/Pete Yost

Real World Software Security

Building secure software isn't as simple as adding cryptography and authentication. Nor is it a matter of plunking down a firewall in front of your Web apps. It's about adjusting the software development life cycle, teaching developers about security, choosing the right tools and techniques for writing code, and adapting the development culture to care about security.
By Gary McGraw/Information Week

MBA Oath--Setting a Higher Standard for Business

Two members of the 2009 Harvard MBA class enlisted classmates and others in creating an oath for MBAs which they hope will provide a standard for business leaders similar to that which the Hippocratic Oath provides for physicians. Their intent is to return to the orignal purpose of business school, namely to professionalize management. Somewhere along the way, that intent got narrowed to the pursuit of profit.
http://mbaoath.org/

Criminals, spies dominate cyber world, with little to deter them

White House cyber security coordinator Howard Schmidt says the U.S. economy essentially rests on safe Internet facilities; last year saw $10 trillion in online business, a figure forecast to hit $24 trillion in another decade, he noted; yet, incredibly, the business world has yet to grasp the threat that online thieves and vandals pose; almost half of small businesses don't use antivirus software and even fewer use it properly.
HSNW Cybersecurity

41 Banking Breaches So far in 2010

There have been 41 data breaches involving financial institutions so far in 2010 - well on the way to surpassing the 62 such incidents in all of 2009. But it isn't the number of incidents that concerns Linda Foley, head of the Identity Theft Resource Center, which tracks these breaches. Rather, it's the trend of corporate account takeover resulting from ACH and wire fraud.
Bank Info Security / Linda McGlasson

Working to stay wired is now business as usual

While the article is focused primarily on the internet and its impact on travel and travel contingency planning, it brings to light the risk associated with basing all of one’s contingency planning on a single communication source.
JOE SHARKEY, New York Times

Feds charge couple in $40M theft of GM hybrid car tech for Chinese company

An FBI investigation has lead a Michigan couple to be charged with stealing hybrid car information from GM to use in a Chinese auto outfit.
Network World - Michael Cooney

Critical infrastructureMalicious virus targets SCADA systems

Supervisory Control and Data Acquisition, or SCADA, stands for large-scale distributed remote processing systems that gather data in real time to control critical industrial, infrastructure, or facility processes and equipment; SCADA is used to control U.S. critical infrastructure -- power plants, oil and gas refining, telecommunications, transportation, dams, water, waste control, and more; Siemens is warning customers of a new and highly sophisticated virus that targets SCADA systems; these systems are typically not connected to the Internet for security reasons, but this virus spreads when an infected USB stick is inserted into a computer
Robert McMillan/Computerworld

Cutting Back on Security

Companies are cutting back on security for CEOs and other executives in the wake of economic strains and increased scrutiny of such expenses by boards and shareholders, according to early reports based on 2009 proxy statements.
Kristen B. Frasch / Human Resource Executive Online

Secureworks World Cup of cyber security finds India the safest nation, U.S. the least safe

Digitally speaking, the United States is the least cyber-secure country in the world: with 265,700,000 active PCs, there were 441,003,516 attempted cyber attacks, or 1,660 attacks per 1,000 computers; India is the safest digital country in the world, with a mere 52 attacks per 1,000 PCs.
Tech Digest-SecureWorks

Workplace Snooping and Data Theft on the Rise

A recent Cyber-Ark Software survey of 400 senior IT administrators in the U.S. and the U.K. has found that 35 percent of respondents believe sensitive information has been given to competitors
Network World; Nguyen, Anh

U.S. Plans Cyber Shield for Utilities, Companies

The U.S. government is launching a program nicknamed "Perfect Citizen" to detect cyber assaults on private U.S. companies and government agencies running critical infrastructure.
Wall Street Journal; Gorman, Siobhan

20 Critical Security Controls Your Organization Should Focus On

The 20 pivotal security controls listed in the Consensus Audit Guidelines represent the top priority defenses that organizations should focus on, based on the probability of real-world events.
Federal Computer Week ; Moore, John

DHS Puts Teeth Behind CFATS

The Department of Homeland Security (DHS) has taken its first step towards the enforcement of the Chemical Facility Anti-Terrorism Standards (CFATS) by sending 18 chemical companies orders to complete site-security plans for their facilities within 10 days. CFATS, which were established in 2007, require a risk-based approach for regulating chemical companies.
MATT KORADE, CQ STAFF/Congressional Quarterly Homeland Security

Security Managers Report Weak Threat Defenses

A new survey conducted by Ponemon Institute and sponsored by NetWitness reveals that 83 percent of information security professionals say their organizations have been attacked recently by advanced threats, and 71 percent report that such attacks have increased in the last year.
InformationWeek; Schwartz, Mathew J.

SMB Security: Fight the Right Fight

Security remains a critical part of everyday operations for any business, but many SMBs have inadequate IT protections in place. Some SMB managers have neglected IT security on the grounds that enterprises are more likely targets; yet SMB hackers are just as common and usually these attacks are aimed at infiltrating a firm's bottom line.
InformationWeek; Davis, Michael A.

China Pushing the Envelope on Science, and Sometimes Ethics

China has rocketed back into the top ranks of scientific research by being free from the social and legal hindrances common in the West and due to its investment of billions of dollars. Nearly every Chinese ministry boasts a program to gain a technological lead of some sort, and in May a Chinese supercomputer was named the second fastest machine in the world at an international conference in Germany.
Washington Post- P. A1 ; Pomfret, John

Napolitano to Launch Rail Security Campaign

Homeland Security Today (06/30/10) ; McCarter, Mickey Homeland Security Secretary Janet Napolitano will spend Thursday traveling from New York City to Washington, D.C., in order to promote rail security.
Homeland Security Today; McCarter, Mickey

Network Security Threats Increasing

A study carried out by netForensics, a security information and management provider, finds that 80 percent of information technology (IT) managers anticipate an increase in network-borne security threats throughout 2010 and 2011, and 85 percent see their security landscapes becoming more opaque.
InformationWeek; Schwartz, Mathew J.

Cruise Ship Security Bill Clears Congress

The U.S. Senate has passed the Cruise Vessel Security and Safety Act, after it received broad bipartisan support in the House with a vote of 416-4 last year. The measure requires cruise ships to tighten security measures and report alleged crimes.
CNN ; Grinberg, Emanuella

FTC Says Scammers Stole Millions, Using Virtual Companies

The U.S. Federal Trade Commission has broken a long-running online scam orchestrated by offshore fraudsters that enabled them to steal millions of dollars from U.S. consumers. FTC attorney Steve Wernikoff says the fraudsters exploited loopholes in the credit card processing system so that they could establish bogus U.S. companies that then ran more than 1 million fake credit card transactions through authentic payment processors.
IDG News Service; McMillan, Robert

White House Cybersecurity Czar Unveils National Strategy for Trusted Online Identity

The White House has released a draft plan designed to make online transactions safer. The plan outlines a national strategy for trusted digital identities that could ultimately phase out the username-and-password model and establish a platform for a national federated identity infrastructure.
DarkReading; Higgins, Kelly Jackson

Come Together Over Cybercrime

Cybercrime was the topic of a panel at the CFO Core Concerns conference, where Greg Schaffer of the Department of Homeland Security warned that it is not a future problem but a current and existing one.
CFO; Leone, Marie

"Corporate Boards Weak On Security, But Improving"

InformationWeek cites a new study by Carnegie Mellon University's CyLab in reporting that "more than half of Fortune 1000 companies lack a full-time chief information security officer, only 38 percent have a chief security officer, and just 20 percent have a chief privacy officer."
InformationWeek; Schwartz, Matthew

"In Debate, Audience Finds that the Cyberwar Threat Is Not Exaggerated"

A panel of four leading security experts recently held a debate about the threat of cyber warfare. The discussion emphasized that the threat is indeed very serious.
DarkReading; Wilson, Tim

"Corporations Must Protect Data, Says CMY CyLab Report"

A new study by Carnegie Mellon University's CyLab concludes that corporate boards of directors and senior management aren't adequately involved in the privacy and security of their computer systems and data.
Pittsburgh Tribune-Review

"10 R&D Cybersecurity Initiatives Congress Seeks"

The Protecting Cyberspace as a National Asset Act of 2010, which was recently introduced in the U.S. Senate, lists 10 research and development (R&D) initiatives the government would support to secure information systems and networks.
GovInfoSecurity.com; Chabrow, Eric

"Boeing Among Defense Firms Fighting Cyberterrorism"

Boeing and other defense contractors are making an aggressive push for government contracts to develop defensive and offensive cyber warfare solutions. Contractors have to secure their own systems beforehand, and in 2009 Boeing transitioned to a smart card system to gain access.
St. Louis Post-Dispatch; Lambrecht, Bill

"Money Trumps Security in Smart Meter Rollouts, Experts Say"

Utilities are rushing to implement smart meter programs as the U.S. government distributes stimulus money, but these electric companies are putting security on the back burner, a decision that could hurt the grid and consumers. The security weaknesses could allow criminals to steal data from customers, cut off power to buildings, and cause outages
CNet; Mills, Elinor

Botnets Target Websites With 'Posers'

Botnets are increasingly setting up sham online accounts on legitimate Web sites and online communities in to steal data from companies. This
Dark Reading; Higgins, Kelly Jackson

Business Continuity, Not Data Breaches, a Top Concern for Tech Firms

Data breaches are not the top concern of large technical companies, according to a BDO study. The study examined the risk factors the companies listed in their fiscal year 2009 10-K SEC filings and found that security breaches, privacy, and theft were mentioned by 44 percent of firms, making those concerns the 23rd most important risks among the companies studied.
CSO Online; Goodchild, Joan

Workplace Suicides on the Rise

Workplace suicides have been a growing problem in the U.S. over the last several years. According to statistics released by the Department of Labor, there were 251 workplace suicides in 2008, the most recent year for which data was available. That represents a 28 percent increase over the 196 workplace suicides that were recorded in 2007.
MSNBC; Tahmincioglu, Eve

Defense Bill Beefs Up Cybersecurity

On May 28, the U.S. House of Representatives passed an amendment to the FY11 Defense authorization bill that seeks to overhaul federal cybersecurity.
CongressDaily; Aitoro, Jill

Keeping Control: Cutting Security Costs May Increase Risk

The main challenge for controllers during an economic downturn is to identify the most successful cost-cutting strategies without making the organization more susceptible to burglaries, insider thefts, and other risks. In a recent survey, Security Budgets & Cost-Containment Strategies 2010, this publication asked security leaders about their organizations' total projected budget for physical and asset security in 2009, including planned capital expenditures and security operating budget.

Cyberattacks Seen as Top Threat to Zap U.S. Power Grid

A recent report from the North American Electric Reliability Corp. (NERC) has found that power-generation grids in the United States and Canada face three major risks.
Network World; Messmer, Ellen

The Cybersecurity Changes We Need

The Obama administration's progress toward the goal of making the U.S. digital infrastructure "secure, trustworthy, and resilient" has been sluggish on account of the general perception of cyber security as a drag on short-term economic prosperity, write Harvard Law School Professor Jack Goldsmith and Melissa Hathaway, a member of INSA's Cyber Security Council.
Washington Post; P. A19 ; Goldsmith, Jack; Hathaway, Melissa

DHS Announces New Standards for Private Sector Preparedness

"These new standards will provide our private sector partners with the tools they need to enhance the readiness and resiliency of our nation."

Data Breach Reports Now Posted Online

The Department of Health and Human Services (HHS) is now listing healthcare-related breaches on its Web site. Since the organization started this practice in February, there have been 64 incidents reported, affecting more than 1 million people.
American Medical News; Dolan, Pamela Lewis

U.S. Struggles to Ward Off Evolving Cyber Threat

More than 100 foreign spy agencies, as well as criminal organizations and terrorist groups, are probing U.S. computer systems thousands of times per day and scanning them millions of times daily, says U.S. Department of Defense official James Miller
Reuters; Stewart, Phil; Wolf, Jim

U.S. Air Force shifts 30,000 troops to "cyberwar front lines"

The USAF has assigned 30,000 to cyberwarfare specialties; 3,000 will become cyberspace officers; Brigadier David Cotton, director of cyberspace transformation, says about the new specialty: "It’s not just spray paint, it’s a new mindset"
Homeland Security Newswire

Major US Oil Companies' Networks Infiltrated by Spies

Three major US oil companies were targeted by sophisticated espionage attacks in 2008; they were unaware of the scope of the problem until the FBI notified them in late 2008 and in 2009.
Christian Science Monitor

Security Breaches Hit Highest Ever Level

Internal security breaches are affecting organizations now more than ever, according to PricewaterhouseCoopers' annual security survey. The survey revealed the most breaches in the decade-long history of the survey, even eclipsing the high volume of worm infections in 2004.
ITPro; Scott, Jennifer

The Time has come for GRC Convergence

The Economics Intelligence Unit, in a survey entitled "The Convergence Challenge" carried out on behalf of KPMG International, finds that 64 percent of businesses identify goverance risk and compliance (GRC) convergence as a key priority.
KPMG

Chemical Plant Security Re-Engaged

The Senate is reportedly preparing to introduce a new bill that would give the Department of Homeland Security (DHS) greater oversight to require major manufacturers and users of deadly chemicals such as chlorine to either switch to a safer alternative or step up security measures.
Politico; Morris, Jim

OTJ Is A-OK

A new survey from McKinsey & Co. paints a decidedly mixed picture of corporate training initiatives. On the one hand, executives rank "capability building" as a top priority — 15% of senior leaders, in fact, rate it as the top priority, while 55% place it in the top three. See Chart.
Scott Leibs - CFO Magazine

Personal texting on a work phone? Beware your boss

We've all probably done it -- whether it was texting about dinner plans on a company cell phone or updating friends about a vacation via company e-mail.
CNN; Stephanie Chen

Report: Most Targeted Attacks Originate From China

A study of targeted email attacks by Symantec MessageLabs has found that more than one-third of the IP addresses involved in those attacks are based in the United States.
Dark Reading; Higgins, Kelly Jackson

Researchers Trace Data Theft to Intruders in China

Over the past eight months a team of U.S. and Canadian researchers have spied on a gang of intruders that stole sensitive information from the Indian Defense Ministry and traced them to China
New York Times P. A1 ; Markoff, John; Barboza, David; Bajaj, Vikas

Why Chemical Plants Are Vulnerable to Terrorism

Recent reports show that the Department of Homeland Security (DHS) has inspected 12 of the 6,000 chemical plants and other facilities that were tagged for special security measures after Sept. 11.
Houston Chronicle; Hatcher, Monica

Security driven by compliance, rather than protection

Although corporate intellectual property makes up 62 percent of companies' data assets, most companies' security programs are focused on complying with regulations rather than protecting data, a new report by Forrester Research has found.
CNet; Rosenberg, Dave

Measure Would Force White House, Private Sector to Collaborate in Cyber-Crisis

are gearing up to reintroduce a piece of legislation first unveiled last year that aims to improve the security of the nation's computer networks. Under the legislation, known as the Cybersecurity Act, the White House would be required to work with the private sector to formulate a response to a crisis that affects vital computer networks. Such a response would involve determining which industry networks are considered "critical" and determining how those networks should be protected.
Washington Post; P. A04 ; Nakashima, Ellen

Internet Fraud's U.S. Price Tag Put at $550 million

A recent report from the Internet Crime Center shows that U.S. citizens lost more than $550 million as the result of online fraud in 2009, an amount that is more than double what it was in 2008.
Los Angeles Times; Pfeifer, Stuart

First Data's Composite Security System-A Game Changer?" Green Sheet

"As big [merchants] harden up their systems, [cyber criminals] are going down low, and our market research shows that although there's quite a bit of education to be done with the merchant community, awareness is growing rapidly," says First Data's Craig Tieken.

HR and Facebook: It's complicated

This article offers some good advice for those who use social networking sites as an employment background screening tool.

Wanted: Defense Against Online Bank Fraud

A growing number of small businesses are losing large sums of money through attacks on their online banking accounts.
Wall Street Journal; Richmond, Riva

Corporations' Cyber Security Under Widespread Attack, Survey Finds

A recent survey of IT professionals in more than a dozen countries finds that more than 50 percent have witnessed 'high-level' attacks on their companies' computer systems.
Christian Science Monitor; Clayton, Mark

In Secret, Nations Work Toward Crackdown on Piracy

The U.S. is working with a number of other countries, including the European Union, Japan, and Australia, to complete a Anti-Counterfeiting Trade Agreement by the end of this year.
New York Times; Pfanner, Eric

Tough times leave employers on edge about workplace violence

Instances of workplace violence may rise as tough times keep workers feeling low

Survey: Data Breaches From Malicious Attacks Doubled Last Year

Data breaches at U.S. companies resulting from malicious hacks and botnets increased more than 100 percent between 2008 and 2009 and cost significantly more than breaches attributed to human error or technical glitches, says a new Ponemon survey to be released Jan. 25.
CNet; Mills, Elinor

More Researchers Going on the Offensive to Kill Botnets

Researchers are increasingly being proactive in their efforts to go after botnets, as evidenced by the recent shutdown of the Lethic spamming botnet
DarkReading; Higgins, Kelly Jackson

Cyber Crime Called Out as 'Clear and Present Danger' by Deloitte's New Center for Security & Privacy Solutions

Survey numbers do not lie, nor do they always tell the whole story, which is precisely the focal point of a new report about the prevalence and seriousness of the threat of cyber crime, issued today by Deloitte's new Center for Security & Privacy Solutions (the Center).
NEW YORK/PRNewswire/

Data Breaches: The Insanity Continues

The attached link routes to the web site of the Identity Theft Resource Center (ITRC) and specifically to an article (more along the line of an editorial) about 2009 publicly acknowledged data breaches. The page also contains links to data breach reports published by ITRC.
ITRC

iJET Outlines Risk Landscape for 2010

Risk Systems, a leading provider of global intelligence and business resiliency services, today outlined the major risks and trends that it anticipates will most significantly affect risk management and business resiliency planning in 2010. iJET also outlined key steps organizations can take to mitigate these increased disruptions.

Energy Set to Form New Group to Protect Electric Grid From Cyberattacks

The U.S. Energy Department is starting a public-private group to better protect the country's electric grid from cyberattacks.
NextGov.com; Aitoro, Jill R.

Top Internet Security trends from Symantec

BANGALORE, INDIA: The year 2009 has been a milestone when it comes to cyber security. From spam mails based on swine flu and MJ's death to phishing attacks carried out on popular social networking sites to the explosion on new variants of malware, 2009 has seen it all. 2010 is slated to be a lot worse.
CIOL.com

Wanted: Cyber Ninjas

In recent years, the need for cybersecurity experts has increased significantly as military contractors, federal agencies, software companies, and other industries look for ways to keep their networks safe from hackers

As Internal Audit Staffs Shrink, Will Fraud Rise?

Compliance and internal audit experts were heavily recruited a few years ago when the Sarbanes-Oxley Act was passed, but today those departments are suffering layoffs along with the rest of America
CFO; O'Sullivan, Kate

Where in the World Is Contactless Payment

Many hospitality operators are installing contactless payment options at thousands of their venues, including convenience stores and fast-service restaurants.
Hospitality Technology Magazine; Powers, Vicki

MasterCard Blinks, Drops Dec. 31 Level 2 PCI Deadline

MasterCard has decided not to mandate that Level 2 merchants have an on-site qualified security assessor (QSA) evaluation completed by the end of next year.
Storefront Backtalk; Schuman, Evan

Is HITECH Destined to Be a Cybercrime Stimulus Act?"

The Health Information Technology for Economic and Clinical Health Act encourages hospitals and other providers to adopt electronic medical record (EMR) platforms with the help of $19 billion in health information technology funding.
Information Security; Granneman, Joseph

ID Theft Threats to Watch in 2010

Identity Theft Resource Center executive director Jay Foley identifies a number of ID theft trends and threats to watch for in 2010. He notes that the most prominent ID theft story in 2009 was the Heartland security breach orchestrated by Albert Gonzales, which involved the compromise of more than 130 million credit and debit card accounts.
BankInfoSecurity.com; Field, Tom

Top 5 Regulatory Priorities for 2010

Financial institutions will be under additional pressure next year due to increased regulatory scrutiny, with issues such as the federal data breach notification bill taking center stage. Experts say it is only a matter of time before the U.S. Congress passes the final version of the breach legislation, which contains several measures that would override existing state regulations.
BankInfoSecurity.com; McGlasson, Linda

The Supreme Court will decide what protections the Fourth Amendment provides employees.

Here’s a story about a court decision that certainly could impact the lives of many security professionals
ROBERT BARNES, Washington Post

Report: China's After U.S. Secrets, Technology

U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system'
Thomas Claburn, InformationWeek; Special to Dark Reading

"Cyberattacks Against Critical U.S. Networks Rising at a Faster Rate"

Cybersecurity attacks against network systems that run U.S. infrastructure, such as transportation systems and water and sewage treatment plants, are on the rise, primarily because these industries are supported by antiquated technologies that do not have the capacity to deflect sophisticated attacks.
NextGov.com; Aitoro, Jill R.

"Cisco Security Survey: Cybercrime Taking a Page From Business Schools"

A recent security report from Cisco has found that cybercriminals are increasingly using classic business structures in their efforts to develop and deploy malware that is designed to help them make a profit.
Network World; Greene, Tim

"Hacked Email Climate Scientists Receive Death Threats"

Two scientists involved in "Climategate," the term that was coined to refer to the hacking of e-mail messages at the Climate Research Unit (CRU) of the University of East Anglia, U.K., have received death threats via e-mail since their messages were leaked last month.
Guardian Unlimited; Ravilious, Kate

Cost of Security, IT Management Add Up at Healthcare Facilities, Study Finds

The drive to digitize healthcare records may ultimately prove to have no cost benefits, according to researchers at Harvard University.
SearchSecurity.com; Westervelt, Robert

Program to Help Truckers Attracts Drug Smugglers

Some security experts are criticizing the Customs-Trade Partnership Against Terrorism (C-TPAT) program, which allows trusted trucking companies to pass through the U.S.-Mexican border more quickly.
Associated Press; Sherman, Christopher

SMALL BUSINESS ALERT: Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

A scan of the Internet by Columbia University researchers searching for vulnerable embedded devices has found that nearly 21,000 routers, Webcams, and VoIP products are vulnerable to remote attack.
Wiried News; Kim Zetter

Galleon Case Prompts Firms to Plug Leaks

Companies are currently undertaking extensive damage control measures following criminal allegations brought against Galleon Group found Raj Rajaratnam that allege he was involved in an insider-trading scheme that also involved a number of corporate executives and empoloyees.
WSJ; Amol Sharma & Susan Pulliam

FTC Delays Launch of ID-theft Program

The US Federal Trade Commission (FTC) has pushed back the deadline for business to comply with the Red Flags Rule identify theft prevention program from Aug. 1 to Nov. 1.
WSJ; Joseph Pereira

Feds Oil up Their Anti-Bribery Machine

The US government is increasing enforcement of the Foreign Corrupt Practices Act (FCPA), raising the likelihood for personal liabilities faced by CFOs.
CFO; David McCann

CEOs Underestimate Security Risks, Survey Finds

CEOs tend to minimize the IT security vulnerabilities faced by their own businesses, according to a recent Ponomon Institute survey of corporate executives.
Computer World; Jalkumar Vijayan

China Expands Cybersprying in US, Report Says"

The US-China Economic and Security Review Commission issued a report on Thursday that said that the Chinese government is increasingly launching cyberspying operations against the US ,and that those operations are "straining the US capacity to respond."
Wall Street Journal; Siobhan Gorman

Report: China's After U.S. Secrets, Technology

U.S.-China Economic and Security Review Commission notes a 'marked increase in cyber intrusions originating in China and targeting U.S. government and defense-related computer system.
Thomas Claburn, InformationWeek

FBI warns of $100M cyber-threat to small business

Cyberthieves are hacking into small- and medium-sized organizations every week and stealing millions of dollars in an ongoing scam that has moved about US$100 million out of U.S. bank accounts, the U.S. Federal Bureau of Investigation warned Tuesday.
Robert McMillan (IDG News Service)

Threat Level Privacy, Crime and Security Online Scan of Internet Uncovers Thousands of Vulnerable Embedded Devices

Researchers scanning the internet for vulnerable embedded devices have found nearly 21,000 routers, webcams and VoIP products open to remote attack.
Kim Zetter

More Job Seekers Scramble To Erase Their Criminal Past

Due to increased corporate background checks and the continually tight job market, many job hunters are looking to legally clear their criminal records.
Wall Street Journal; Belkin, Douglas

The DHS Private Sector Preparedness (PS-Prep) Program and Standards

ASIS Commissioner Dr. Marc H Siegel describes the intent of the DHS PS-Prep Program as promoting "voluntary private sector preparedness."
Continuity Central; Siegel, Marc H.

ID Theft Red Flags Rule: What Have Exams Uncovered?

Twelve months have passed since federal regulators began auditing banks and credit unions for adherence to the Identity Theft Red Flags Rule, and institutions have fared pretty well so far, regulators say.
BankInfoSecurity.com; McGlasson, Linda

Survey: Few Companies Addressing Cyberterrorism

Few companies and government agencies are addressing the threat of cyberterrorism in their disaster recovery plans, according to a new AFCOM survey
CNet; Whitney, Lance

Most Small Merchants Still Not PCI-Compliant

SecurityMetrics' Wenlock Free says that 75 percent of Level 4 merchants—which Visa defines as those that process less than 1 million Visa transactions a year—probably do not even know what PCI stands for. Trustwave's Doug Klotnia attributes the lack of awareness about PCI compliance to the fact that many small businesses do not know what kind of data they store. He says that many businesses do not understand the payment process or the fact that the systems of other small merchants are being breached.
CardLine

Federal CIO Kundra Plans Cybersecurity Dashboard

The Obama administration will release new measurements and metrics to aid the U.S. government's cybersecurity initiatives, federal CIO Vivek Kundra told Congress in late October.
InformationWeek; Hoover, J. Nicholas

Homeland Security Backs Cell Phone Sensors to “Crowdsource” Detection of Deadly Chemicals

The Department of Homeland Security (DHS) has announced that it spent approximately $3 million over the past year to fund three different research programs designed to develop miniaturized sensor technologies for detecting deadly chemicals.
Xconomy; Bigelow, Bruce V.

"The DHS Private Sector Preparedness (PS-Prep) Program and Standards"

ASIS Commissioner Dr. Marc H Siegel describes the intent of the DHS PS-Prep Program as promoting "voluntary private sector preparedness.
Continuity Central; Siegel, Marc H

Galleon Case Portrays a World of Corporate Leaks

Reg FD, which was implemented in 2000, prevents corporate executives from selectively disclosing information to analysts and investors.
Reuters; Chasan, Emily; Das, Anupreeta

EU Balks at Employee Monitoring

In a number of EU countries, companies must obtain written, individual consent before they can launch any type of monitoring, according to Lothar Determann, a partner in the Palo Alto, Calif., office of the law firm Baker & McKenzie. In addition, countries such as the Netherlands and France require companies to make filings with labor authorities before they can begin monitoring their employees, while Germany and Italy require companies to at least notify--and sometimes consult--trade unions or other representative organizations before beginning a surveillance program. Even when companies meet these regulations, employee monitoring programs can be successfully challenged. As a result, companies that do business in Europe should avoid monitoring their employees as much as possible, said Gartner Research Vice President Arabella Hallawell. If companies that do business in Europe feel that they must monitor their employees, there are a number of steps that they can take to reduce the likelihood of a legal challenge to the surveillance program. For example, companies that use data loss prevention (DLP) tools may want to consider using those tools in conjunction with masking software, which can exclude information about specific employees from reports on DLP-related activity. In addition, companies should be sure to disclose as much information about their surveillance programs as possible, Determann said.
Security Management (10/09) Vol. 53, No. 10, P. 48

Saving Green Sometimes Means Going Green

Many companies are facing tough economic times and must do more business on less revenue. But at the same time, the environmentally friendly aspect of business is still a highly desirable trait that clients and end-users demand. How can the security executive balance losses in revenue coupled with budget cuts, but still boast being an environmentally-conscious company?
Security Magazine

Metrics For Success: Empower Customers Through Awareness

Security has a unique perspective on risk that comes from gathering, analyzing and understanding threat and risk data. This insight obligates us to make our customers aware of the risks that could affect them...
Security Technology Executive

A Scheme For Protecting Content

Putting content online is a risky game. You could win an audience measured in the millions and lose control of your work to pirates. Slapping a digital padlock on content could protect you. But it could also turn off consumers altogether.
Forbes.com

Information Security Professionals Struggle with Rise of Facebook and Other Web 2.0 Tools

The predictable tension between information security officers and early adopters in state and local IT is brewing again. This time it pits proponents of social networking sites against security officials who see fast-growing tools, like Facebook and Twitter, as conduits for malware and data breaches.
Government Technology

How Strategy Shapes Structure

Instead of letting the environment define your strategy, craft a strategy that defines your environment, say the authors of Blue Ocean Strategy.
Harvard Business Review

Three indicted in largest US identity theft scheme

Three men were indicted on Monday for allegedly stealing more than 130 million credit and debit card numbers in what U.S. authorities said they believe is the largest hacking and identity theft case ever prosecuted.
Reuters

A Seamless Alliance

There are elements crucial to the success of the relationship between the CEO and CSO. Focus on the business is one, according to Russ Cancilla, Baker Hughes vice president of security and health, safety and environment, and CEO Chad Deaton of Baker Hughes.
Security Magazine

The Real Impact of the Downturn

Business leaders around the world are struggling to determine exactly how the global economic downturn will impact their operations and profitability. Among security leadership specifically, one oft-asked question is whether budgets are being decreased, and if so, how to tighten protection while tightening the belt.
Security Magazine

Security More Important Than Ever in Tough Times

John Martinicky, the long-standing director of global security with Navistar International, has seen recessions come and go. But the security director says the need for risk management always remains.
CSO magazine

Report: SMBs Lack Sufficient Security Standards

A recent survey by the security firm Symantec has found that many small to medium-sized businesses (SMBs) fail to take even the most basic cybersecurity measures
eweek.com

Panels Describe Risk of Noncompliance with Mass. Data Protection Law

Several panels recently convened to clarify the implications of noncompliance with Massachusetts' data protection law, which mandates that any person or business that obtains or stores personal information about a Massachusetts resident must "develop, implement, maintain and monitor a comprehensive" security program "applicable to any records containing such personal information
TechTarget

Insider Fraud Swells as Banks Suffer

Fraud is occurring more frequently as both crooks and employees seek ways to capitalize on vulnerabilities amidst economic uncertainty.
Bank Technology News

Training Needed to Quell Breaches

The greatest corporate security threats often happen at the hands of employees who lose machines or unintentionally compromise corporate data, concludes CompTIA's annual survey of IT security trends.
Network World

Electricity Grid in U.S. Penetrated By Spies

WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.
Wall Street Journal

Companies beef up security for annual meetings

Slumping stocks, layoffs, bonus controversy may fuel angry protests
MarketWatch

Counter-terror training 'flawed'

The U.K. government's new plan to train 60,000 workers, including shop and hotel employees, to identify potential terror threats has received a variety of criticism in Parliament
BBC News

Nuclear Terror Threat 'Increased'

There is an increased risk terrorists could get hold of chemical, biological and nuclear weapons to attack the UK, the Home Office has said.
BBC News

Number of Infected Web Sites Sharply Increases in 2008

The number of malware-infected Web sites that allow a hacker to access personal information and even hijack a user's computer is growing exponentially, according to the Anti-Phishing Working Group
NextGov

A Bill to Shift Cybersecurity to White House"

U.S. lawmakers are developing legislation that would take cybersecurity responsibilities from the Department of Homeland Security and give them to the White House. The legislation would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President.
cnet news

New BlackBerry Application Could Enhance Campus Security

A new free smart phone application could give college students added protection when walking across campus late at night. The application, known as BScope Mobile, was developed by engineering students at Yale University.
Daily Pennsylvanian

Economic Uncertainty Boils Over in Workplace

Workplace violence experts are trying to determine whether the global recession has sparked an increase in the number of violent incidents in the workplace
Globe and Mail (CAN)

In Europe, Rage Over Crisis Hits Executives

Incensed over the state of the global economy, European employees have begun to channel their frustration onto executives.
Wall Street Journal

"Data Breaches, More than Bad Publicity"

The toll of data breaches is rising.....
The Green Sheet

Political Risk Map Finds Instability Increasing

Aon's Annual Political Risk Map indicates supply chains in 42 percent more countries are vulnerable to disruption this year.....
PRNewswire-FirstCall/

Global State of Information Security Survey

Today, in the middle of the worst economic downturn in thirty years, information security has an enormously important role to play.
Pricewaterhouse Coopers 2010 Global State of Information Security Study (GSIS)

EPA vs. DHS Question Just One Obstacle to Facility Security Bill

The resolution of key jurisdictional issues impending chemical facility security legistation does not appear to be likely any time soon, with two bills in the House held back by debate over which federal agency and which congressional panel-The EPA or DHS should have oversight.
Environment and Energey Daily

Every Piece of Data Lengthens a Digital Show

As individuals use the internet and post personal information on blogs or website such as facebook, they create what is being referred to as a digital shadow.
Financial Times Digital Business

Web 2.0 Entails "Sleeping Giant" Security Risk"

Security Experts warn that IT developers should be wary of cross-site scripting (CSS) and corss -site forgery (CSRF) as companies transition to Web 2.0 technologies.
Campus Technology

With Web 2.0, a New Breed of Malware Evolves

At the Open Web Application Security Project, researchers expressed their concern for new vulnerabilities in the Web 2.0 platform.
Netword World

Chinese Spying is a Threat, Panel Says

THE Us-China Economic and Security Review Commission released a report which warns taht Chinese spying is the biggest threat to sensitive technology data.
Washington Post

Bucking Privacy Concerns, Cornell Acts as Watchdog

Cornell University as invoked exceptions in the Family Educational Rights and Privacty Acts (Ferpa) law to protect its students. Ferpa allows private information to be released......
Wall Street Journal

Small Businesses Feel Security's Burn

In a study of some 455 small companies, eMeidaUSA found that 32% of small and medium-sized businesses (SMBs) have experienced some type of security breach in the past year.
Dark Reading

Blood Money Paid by Chiquita Shows Company's Hard Choices

The US District Court in D.C., accepted a plea deal by Chiquita Brands International making Chiquita the first major US corporation convicted for financial dealings with a terrorist organization.
Corporate Counsel

Drill Found Holes in L.A. Quake Preparedness

A monumental earthquake drill held in November 2008 called The Great Southern Califonira Shakeout exposed critical vulnerabilities in the state's earthquake response strategy, prompting utilities and state and local leaders to make changes ito their contingency plans.
FireRescue1

Crime against businesses a by-product of weak economy

As the economy weakens businesses want to protect their assets. They want to make sure their people are safe.
Phoenix Business Journal

Business: Security rule would cost $20B

A new Customs and Border Protection rule would require US importers and manufacturers to provide information on shipments to the US 24 hours before loading in foreign ports.
The Hill.com

Domestic Violence Can Reach Workplace

Domestic violence is responsible for $727 million in lost productivity and over 7.9 million paid workdays lost each year.
Oklahoman

Researchers raise uncomfortable questions by showing how GPS navigation devices can be duped

At a meeting of the Institute of Navigation in Savannah, GA, Cornell University researchers presented a paper that described how a phony GPS receiver was placed near a navigation device, and tracked, modified, and retransmitted the signals from the system of satellites circling the Earth. The navigation device eventaully mistook the false signals as real signals.
Cornell News

Richardson: Workplace policies on domestic violence required

New Mexico Gov Bill Richardson signed an executive order mandating state agencies to introduce workplace policies pertaining to domestic violence, sexual assault, and stalking so that victims can feel secure at work.
New Mexico Business Weekly

Process Control Security: "Strengthening Cyber Security"

The threat of cyber attacks on utility computers has utilities employing special risk assessment programs to evaluate the readiness of their security.
Energybiz

DEPARTMENT OF BIG SCARY NUMBERS

Breaches on the rise Since 2006, the number of documented data breaches ** has risen by over 40% annually. ** In 2006 there were 315 documented breaches that exposed 20 million records. ** In 2007 there were 446 documented breaches that exposed 128 million records and *** in 2008 there were 656 documented breaches that exposed 36 million records. Source: Identity Theft Resource Center, San Diego
Computerworld

DEPARTMENT OF BIG SCARY NUMBERS

**46% — Percentage of frauds detected by a tip *** 20% — Percentage found by accident ** 9% — Percentage discovered by external auditors *** **$278,000 — Median loss associated with frauds at private companies ** $142,000 — Median loss at public companies ** 29% — Percentage of frauds committed by accounting staff *** 2% — Percentage committed by IT staff *** $250,000 — Median loss associated with male fraudsters ** $110,000 — Median loss associated with female fraudsters *** 41% — Percentage of frauds committed by employees earning less than $50,000 ** 10% — Percentage by employees earning more than $200,000 ****according to an analysis by the Association of Certified Fraud Examiners
CFO Magazine

DEPARTMENT OF BIG SCARY NUMBERS

Percentage of full-time positions moving offshore: * Finance 2008 10.5%; 2010 21.6% ** HR 2008 10.2%; 2010 15.1% ** IT 2008 15.1%; 1020 25.1% ** Procurement+ 2008 10.2%; 2010 17.6% ** +Transactional jobs. Source: The Hackett Group, 2008
CFO Magazine

Traveling Overseas with Mobile Phones, Laptops, PDAs, and other Electronic Devices

Did you Know? All information you send electronically – by fax machine, personal digital assistant (PDA), computer, or telephone – can be intercepted. Wireless devices are especially vulnerable. Security services and criminals can also insert malicious software into your device through any connection they control.
Office of the National Counterintelligence Executive

Top 25 Most Influential People in the Security Industry

Many of this year’s Top 25 emphasize communication as the key to a successful security outfit, while others insist on partnering within the industry. But all of those listed here have brought something to the table that has spurred his or her team on as a necessary portion of the entire picture.
Security Magazine

IT security outlook: Ominous

This year the IT industry reached an inflection point: More new malicious programs were created than useful ones, according to security solution provider Symantec in its latest report highlighting some of the top security trends in 2008, as well as what to expect in 2009.
Government Computer News

Mobile Security

As wireless devices proliferate, so do the risks.
As mobile phones, smart phones, PDAs, laptops, BlackBerrys and other mobile gadgets spread across the business landscape, CFOs are finding themselves working with CIOs and IT managers to fight an ongoing security war.
CFO.com

The Risk Fallacy

Wall Street thought it had risk all figured out. But the very system the banks created to protect themselves are at the heart of the financial meltdown.
FORTUNE

The Crisis over How to Audit in a Crisis

The PCAOB's standing advisory committee examines the task of recession-time auditing, including the likelihood that fraud will be a growing problem.
CFO.com

Information security spending will climb despite economic woes: Ernst & Young

Despite tightening economies worldwide, 50% of companies surveyed are set to increase their information security budgets, Ernst & Young reports.
“A single security incident can destroy years of brand and reputation building,” said Kent Kaufield, Ernst & Young’s National Technology Security Risk Services Leader in Canada. “Organizations now recognize security setbacks can adversely affect stakeholder perceptions. Regulatory compliance once drove information security improvements. Today, however, organizations are strongly motivated by a need to protect their brand and their reputation against potentially devastating media coverage of security breaches.”
Ernst & Young

The Global State of Information Security 2008

The annual survey finds respondents throwing technology at the problem. Which is a beginning, but only a beginning.
CSOonline.com

M&A strategies in a down market

It’s gut-check time for CEOs. As the credit crunch threatens to become a global downturn, corporate leaders have a choice: pull in their horns and ride out the storm or look for opportunities to pick up bargain-basement assets that will help them grow and create future value for shareholders. If past is prologue, more will follow the first course—which is a mistake.
The McKinsey Quarterly

Managing global supply chains: McKinsey Global Survey Results

Supply chains are increasingly global and complex, as companies aspire to support a variety of strategies, such as entering new markets, increasing speed to customers, and lowering costs. In this survey,1 we asked operations and other senior executives from around the world about their companies’ supply chain strategies, the factors that influence those strategies, and the ways their companies act on these factors. We also explored how well executives think their companies are meeting their goals, how they manage their supply chains, and the challenges involved in running a global supply chain.
The results show that supply chain risk is rising sharply. Executives point to the greater complexity of products and services, higher energy prices, and increasing financial volatility as top factors influencing their supply chain strategies. Relatively few respondents, however, say that their companies are translating the importance they place on these factors into corporate action. Nor do executives express confidence that their companies are meeting the top strategic goals: reducing costs, improving customer service, and getting products to market faster. In addition, for all the public attention paid to environmental concerns, including global warming, executives report that such issues have little influence on supply chain strategies. What’s more, our results suggest that most companies tend toward centralization, not local management, in running their supply chains and that this tendency has increased in recent years. Notes 1The McKinsey Quarterly conducted the survey in June 2008 and received responses from 273 executives from around the world. All data are weighted by the GDPs of the constituent countries to adjust for differences in response rates.
The McKinsey Quarterly

Economy freezing IT budgets, survey shows

Despite earlier plans to boost budgets in 2009, the recent economic crisis has many IT leaders tightening their belts and preparing for sparse spending in the coming months.
NETWORKWORLD

Security primer: Outsourcing employee background checks
What companies need to know when hiring a screening solution firm

For security directors and company executives, protecting a company’s people and assets encompasses the implementation of a wide variety of different solutions. For some this might be the addition of video surveillance or an employee card-based ID system. Still for others it might involve the use of information security policies to protect company data.
securityinfowatch.com

Has Lean Management Gone Too Far by Defining Its Own Accounting?

Performance Management - From Managing to Improving
The management accounting community is currently wrestling with controversy - conflicts and ambiguities caused by competing forms of managerial accounting for organizations embracing lean management techniques and principles. The controversy does not involve financial accounting for external reporting. Its purpose is historical reporting for external and regulatory entities...
DM Review

Leading With Wisdom

Risk Management: Executives are expected to deliver a road map to the future from the top office, but at the same time, grassroots innovation from the rank and file can be just as important. How can an enterprise cultivate both in concert with each other?
RMmag

Connecting The Dots

Do companies really understand their risks holistically or are they simply checking boxes for compliance? Are their boards ever actually thinking about the risk management efforts happening elsewhere in the organization?
RMmag

What Does the Financial Meltdown Mean for Security?

This week in FUD Watch: Senior Editor Bill Brenner wonders if it's irrational or appropriate to make connections between the current financial crisis and the state of security
CSOonline

Three Big Trends in Information Security: Past, Present and Future

A 20+ year industry veteran, Joanne Moretti of CA Inc., gives us her take on the biggest drivers in IT security and looks not only to the past, but predicts what CSOs and CIOs are heading for in the future
CSOonline

The Secret Recipe for Unbeatable Competitive Advantage
Business Playbook

Quantitative measurements and weekly performance meetings dictate the operational processes at many successful organizations, but to what end? In the recent past, the data we have collected has been scrutinized more closely, and the question has become, What can this information do to make my business more successful?
DM Review

Survey Shows Yearly Security Spending Up But Data No Safer

The 2008 Strategic Security Study from InformationWeek found that getting the money for security isnt the biggest problem since fully 95 percent will see their budgets either hold steady or increase this year. The problem is that the money isnt making data safer. Sixty-six percent of respondents say their vulnerability to breaches and malicious code attacks is either the same as last year or worse.
SecuritySolutions.com

From Lemons to Lemonade

According to the SEC since 2002 the bill for SOX compliance ranged from 0.06% of revenues for a company with greater than $5 billion of revenue to 2.55% of revenue for a company with revenues less than $100 million-basically somewhere between $2.5 million and $80 million. These costs are on the downturn with the recent releases of the SECs principles-based guidelines for SOX compliance...
RMmag

Man in Kentucky Kills 5 CoWorkers

An employee shot and killed five of his fellow workers at a plastics plant in Henderson, Ky., on Wednesday, before shooting himself, the police said. The chief executive of Atlantis Plastics, Bud Philbrook, told the Associated Press that the rampage was a total shock.
NY Times

Calling During Disasters

Recent disasters have offered a unique testing ground for burgeoning wireless technology. Events from Hurricane Katrina to California wildfires have illustrated the need for a diverse communications infrastructure with various technologies playing key roles.
Forbes.com

Security and Business: Financial Basics

You need to find and use the right financial metrics to communicate securitys value to your company. Here are pros and cons of four: TCO, ROI, EVA and ALE.
CSOonline

Business partners pose the greatest security threat: report

External threats from partner organizations pose the greatest risk to corporate data security, according to a report detailing 500 forensic data investigations by Verizon Business.
Information Age

Salmonellosis Outbreak in Certain Types of Tomatoes

FDA has issued a warning to consumers nationwide that an outbreak of Salmonella serotype Saintpaul, an uncommon type of Salmonella, has been linked to consumption of some raw red plum, red Roma, round red tomatoes, and products containing these raw tomatoes.
FDA.gov

Managing a Data Loss Crisis

Any organization that believes it is immune to a serious data breach should review the statistics. More than 75% of companies in a recent survey reported they had been exposed to security breaches engineered by high-tech fraudsters, up from almost 25% of companies a year earlier.
RMmag

GAO Finds Problems in Supply Chain Security Practices

A Government Accountability Office (GAO) report released today criticizes security processes in a public-private antiterrorism partnership that seeks to make cargo inspections easier and more secure for both the government and international trade companies.
securitymanagement.com

High Tech, High Risk

Professional services firm BDO Seidman, LLP, released a report last week on risks associated with tech companies in the U.S. Strong competition. Changes to federal, state and local regulations were seen as the most common risk factors.
RMmag

Steal This Article Part I: Battening Down the Digital Hatches

As long as software has been shipped, people have found ways to copy it illegally. Worldwide, for every $2 worth of software purchased legitimately, $1 worth was obtained illegally.
RMmag

Credit card thieves target small merchants flawed POS systems study finds

More often than not attackers who aim to steal credit card data are targeting small brick and mortar merchants and exploiting vulnerable point of sale systems according to a study recently released by Trustwave.
SearchSecurity.com

The Complete Guide to Security Breach Disclosure

Six part set of articles takes 360 degree look at the implications of new laws that require organizations to notify people whose personal information has been compromised.
CSOonline

Banks Prove Top Performers in Call Center Study

Financial services companies are stronger adopters of technology in call centers says Genesys Labs.
Bank Systems & Technology

The Forces of Change

Security is changing. The various shifts underway right now involve more than just convergence, biometrics and Sarbanes Oxley. Security is changing in ways that will transform what security encompasses, how its accomplished, and its role and significance in the organization.
Security Magazine

What Really is Suspicious Activity?

Most security programs have some level of explanation of what they define as suspicious activity yet it rarely goes beyond providing some bullet lines for security personnel and employees to evaluate.
Security Magazine

Japan firms to start information security rating body

A group of 18 Japanese companies including Matsushita and Fujitsu Ltd said they would set up the worlds first ratings agency that evaluates levels of corporate information security.
Reuters.com

Gauging Green

In this day and age, every organization needs an effective environmental management strategy. For some, this is already a mature, developed set of principles that play a role in all aspects of the enterprise. For others, the strategy will be a more loosely defined or ad-hoc set of procedures based upon due diligence.
RMmag

When Activists Attack

In December 2006, the New York Stock Exchange announced that it would begin listing medical research company Life Sciences Research on its electronic trading platform, Arca. This was great news for the New Jersey research facility, as investors and traders would now be able buy and sell shares more easily. The bad news, however, came in the following days headlines.
RMmag

Agility and Differentiation in the Oil and Gas Sector

Across the oil and gas industry, initial investments have been made to formalize work processes and capture information and data within parts of the enterprise. However, there is business opportunity as well as competitive necessity to further standardize work processes throughout enterprises and integrate information with the work process.
DM Review

Making Better Decisions in Health Care

Health care is top of mind for many people in the U.S., often from the perspective of what needs to change in the industry. Technology, especially decision-making technology, can play a huge role.
DM Review

Texas City Refinery Explosion May Mean Billions in Liability Claims

Workers’ compensation claims, litigation, regulatory problems and costly reconstruction bills could run insurance costs into the billions.
Insurance Journal

Keeping Control: Cutting Security Costs May Increase Risk

The main challenge for controllers during an economic downturn is to identify the most successful cost-cutting strategies without making the organization more susceptible to burglaries, insider thefts, and other risks.
Controller

Do You Ignore the Real Root Cause of Most Incidents and Vulnerabilities?

In reality, intentional devious acts account for some but not all security incidents and violations. Some security analysts believe most unwanted security infractions -- potentially as many as eight in 10 -- result from human factors, and most of these can be traced back to organizational quirks rather than individual intent. Consequently, although security executives may be focused on identifying nefarious users, enhancing security by considering organizational changes that encourage positive security behaviors may be more effective. A recent study published in the International Review of Industrial and Organizational Psychology debunked the assumption that individuals are completely in control of their behavior at all times, particularly in the workplace. "Therefore, it is prudent to consider those factors beyond one's control that might positively or negatively affect the determinants, and, in turn, security behaviors," the study says. Some of these factors are: a combination of excessive workload, frustration, and poor job performance; a perceived lack of consistency in a company's "organizational justice" as it pertains to promotions, firing, rewards, and discipline; and employees' shared perceptions of a company's security climate -- its practices, rewards, standards, etc
Security Director