Data Protection and Privacy - Business ExchangeMost Active Articles2009-11-24T15:00:55.433-05:00Business ExchangeBusiness_Exchange@businessweek.comurn:com:businessweek:bx:topic:most-active:data-protection-and-privacyJohn Yoccajyocca822HITECH Act and Protecting Health Privacyurn:com:businessweek:bx:article:2896974792852844864-caaf038fe21a76bdc03902fb3ffc5ea72009-11-13T11:15:14.587-05:00These new regulations come at a time when healthcare breaches are on the rise; according to the 2009 ITRC Breach Stats Report healthcare breaches account for over 66 percent of all records breached this year, up from 20 percent in 2008. In fact, some of the largest names in healthcare suffered data breaches.These new regulations come at a time when healthcare breaches are on the rise; according to the 2009 ITRC Breach Stats Report healthcare breaches account for over 66 percent of all records breached this year, up from 20 percent in 2008. In fact, some of the largest names in healthcare suffered data breaches.Information Security Resourceshttp://information-security-resources.com/2009/11/12/hitech-act-and-protecting-health-privacy/Anthony M. Freedafreed5366501What Could Possibly Be Worse Than A Virus?urn:com:businessweek:bx:article:17914777636866526930-af61730a6aa3e2315e6326b5765d5acf2009-11-13T15:28:02.311-05:00Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that person, who’s using your Internet connection to trade lurid porn, then someone may eventually knock on your door at 3 AM with a battering ram. And in freakish and relatively new twist, hackers can use a virus to crack your network and gain remote control access, and then store illicit porn on your hard drive.Once a predator uses your Internet connection to go to into the bowels of the web, your Internet Protocol address, which is connected to your ISP billing address, is now considered one that is owned by a criminal. If law enforcement happens to be chatting with that person, who’s using your Internet connection to trade lurid porn, then someone may eventually knock on your door at 3 AM with a battering ram. And in freakish and relatively new twist, hackers can use a virus to crack your network and gain remote control access, and then store illicit porn on your hard drive.information-security-resources.comhttp://information-security-resources.com/2009/11/13/what-could-possibly-be-worse-than-a-virus/Anthony M. Freedafreed5365401HIPAA and Video Surveillance of Surgeryurn:com:businessweek:bx:article:7687018704689712697-8b202828f382887767df8f10cda35d112009-11-10T11:06:32.000-05:00A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong finger of a patient, and now the hospital must install video cameras in all of its operating rooms. Of course video surveillance will not PREVENT such incidents from happening, but knowing such recordings are being made will likely make surgeons much more careful…A Rhode Island Hospital was fined $150,000 after a surgeon operated on the wrong finger of a patient, and now the hospital must install video cameras in all of its operating rooms. Of course video surveillance will not PREVENT such incidents from happening, but knowing such recordings are being made will likely make surgeons much more careful…information-security-resources.comhttp://information-security-resources.com/2009/11/09/hipaa-and-video-surveillance-of-surgery/Anthony M. Freedafreed5362101Foley & Lardner LLP - News & Events - Survey By Foley & Lardner and Eversheds Revealed at the International Association of Privacy Professionals’ Annual Workshopurn:com:businessweek:bx:article:16265363988125308901-f211cc39408ac71c4bffeff9634155222009-11-09T19:25:52.599-05:00Survey By Foley & Lardner and Eversheds Revealed at the International Association of Privacy Professionals’ Annual Workshop Survey Provides Comprehensive Summary of United States and International Security Breach Laws SAN DIEGO – Foley & Lardner LLP...Survey By Foley & Lardner and Eversheds Revealed at the International Association of Privacy Professionals’ Annual Workshop Survey Provides Comprehensive Summary of United States and International Security Breach Laws SAN DIEGO – Foley & Lardner LLP...foley.comhttp://www.foley.com/news/news_detail.aspx?newsid=4085Ted Millstmills0863300Two Vulnerability Scanning Tools Evaluatedurn:com:businessweek:bx:article:11343134230670777787-777b4b4e2c6963c997fe9ec7a45ffc712009-11-04T10:32:26.639-05:00In terms of speed, Retina performed much faster. In terms of scan depth, Nessus has a small advantage, since it includes a web mirroring tool that is very helpful in HTTP. In a direct comparison, Nessus wins simply because Retina manifested erroneous results on repeat scans.In terms of speed, Retina performed much faster. In terms of scan depth, Nessus has a small advantage, since it includes a web mirroring tool that is very helpful in HTTP. In a direct comparison, Nessus wins simply because Retina manifested erroneous results on repeat scans.Information Security Resourceshttp://information-security-resources.com/2009/11/03/two-vulnerability-scanning-tools-evaluated/Anthony M. Freedafreed5361001Google Tries Transparency with New Dashboardurn:com:businessweek:bx:article:17731780176937640863-e2d080d215478fdf73aeea81d143ec042009-11-06T08:18:38.373-05:00The sheer amount of information that Google has on us across its properties can be daunting. The new Dashboard tool is a step toward letting us see what they have.The sheer amount of information that Google has on us across its properties can be daunting. The new Dashboard tool is a step toward letting us see what they have.daniweb.comhttp://www.daniweb.com/news/story236389.htmlRon Millerrmiller0461100Dashboard shows what Google knows about youurn:com:businessweek:bx:article:2118632957887025522-a334a792d697e5be394cc7a2306fe68f2009-11-06T11:18:47.867-05:00Critics say Google makes some privacy progress, but call for more transparencyCritics say Google makes some privacy progress, but call for more transparencycomputerworld.comhttp://www.computerworld.com/s/article/9140411/Dashboard_shows_what_Google_knows_about_youSharon Machlissmachlis6910000Security Scenarios are Syllogistic Fallacyurn:com:businessweek:bx:article:1315048665057962157-63a55258bac8406dedf2bcf7902204122009-10-29T06:18:09.654-04:00Oops, I just argued from scenario. Pundits often extrapolate from the current state of vulnerability of systems to predictions of massive power outages, financial collapse, and loss of command and control are falling into the scenario syllogism trap. Posing scenarios to support your anti-cyber war position can be just as dangerous…Oops, I just argued from scenario. Pundits often extrapolate from the current state of vulnerability of systems to predictions of massive power outages, financial collapse, and loss of command and control are falling into the scenario syllogism trap. Posing scenarios to support your anti-cyber war position can be just as dangerous…Information Security Resourceshttp://information-security-resources.com/2009/10/28/security-scenarios-are-syllogistic-fallacy/Anthony M. Freedafreed5361001DoD, DHS & FBI Talk Identity Managementurn:com:businessweek:bx:article:9488392635648231860-e5b63becab28a5879be06402ca698e3f2009-10-27T22:52:50.748-04:00(Video) During this week’s Federal Executive Forum, key decision makers from DoD, DHS and FBI highlighted identity management interoperability as their key priority for 2010. Panelists included: Robert Mocny, Acting Director, US-VISIT Program Department of Homeland Security; Stephen Morris, Criminal Justice Information Services Division, FBI; and Thomas Dee, Director, Defense Biometrics, Office of the Secretary of Defense…(Video) During this week’s Federal Executive Forum, key decision makers from DoD, DHS and FBI highlighted identity management interoperability as their key priority for 2010. Panelists included: Robert Mocny, Acting Director, US-VISIT Program Department of Homeland Security; Stephen Morris, Criminal Justice Information Services Division, FBI; and Thomas Dee, Director, Defense Biometrics, Office of the Secretary of Defense…information-security-resources.comhttp://information-security-resources.com/2009/10/27/dod-dhs-fbi-talk-identity-management/Anthony M. Freedafreed5361001ScareWare Infects Tens of Millions Yearlyurn:com:businessweek:bx:article:4565398653522241574-a86b85d98321f41f7373d2265446969c2009-10-27T10:28:53.495-04:00There is still a lot of scareware out there, and many people still falling for it. Forty-three million in the last year according to Symantec. Put simply, scareware programs are designed to frighten people into running malicious software by popping up when the user is online and declaring that viruses have been detected…There is still a lot of scareware out there, and many people still falling for it. Forty-three million in the last year according to Symantec. Put simply, scareware programs are designed to frighten people into running malicious software by popping up when the user is online and declaring that viruses have been detected…Information Security Resourceshttp://information-security-resources.com/2009/10/26/scareware-infects-tens-of-millions-yearly/Anthony M. Freedafreed5361001Protecting Your Privacy After You Dieurn:com:businessweek:bx:article:2234841745261701715-744061632d51f4c93ed7ff6426694bd52009-10-25T22:13:53.223-04:00Do surviving relatives have a right to read their deceased son’s, daughter’s, husband’s or wife’s communications with other people whose lives could then subsequently be completely altered as a result? What would your email service providers do with all your messages? Who should make that decision, and when should that decision be made?Do surviving relatives have a right to read their deceased son’s, daughter’s, husband’s or wife’s communications with other people whose lives could then subsequently be completely altered as a result? What would your email service providers do with all your messages? Who should make that decision, and when should that decision be made?Information Security Resourceshttp://information-security-resources.com/2009/10/25/protecting-your-privacy-after-you-die/Anthony M. Freedafreed5361001Major Security Hole in Time Warner Routersurn:com:businessweek:bx:article:5322422070453921231-45403407d0e0efb85f6bde0216a97c3d2009-10-25T21:27:54.641-04:00An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the DNS address that redirects traffic from trusted sites to malicious ones, and possibly even infect other routers automatically. Chen says he informed Time Warner’s security department of the hole; they responded that they were aware of the problem but couldn’t do anything about it.An intruder could eavesdrop on sensitive data sent across the Internet, manipulate the DNS address that redirects traffic from trusted sites to malicious ones, and possibly even infect other routers automatically. Chen says he informed Time Warner’s security department of the hole; they responded that they were aware of the problem but couldn’t do anything about it.Information Security Resourceshttp://information-security-resources.com/2009/10/25/major-security-hole-in-time-warner-routers/Anthony M. Freedafreed5361001Internal Clouds Are More Than Just VMwareurn:com:businessweek:bx:article:13789137605403266220-13bcbeca95b1df4b551bb8ed71e820612009-10-22T07:18:25.460-04:00Many internal clouds will run on the back of VMware, but not all, and VMware alone will not satisfy all of the business’s requirements for running an effective internal cloud. Why not? I can think of several reasons…Many internal clouds will run on the back of VMware, but not all, and VMware alone will not satisfy all of the business’s requirements for running an effective internal cloud. Why not? I can think of several reasons…Information Security Resourceshttp://information-security-resources.com/2009/10/21/internal-clouds-are-more-than-just-vmware/Anthony M. Freedafreed5364301The High Cost of HIPAA Privacy Violationsurn:com:businessweek:bx:article:18149066444935724337-fbf2e3fdbd676e6a37c520772a1221812009-10-22T07:29:43.120-04:00Data security vendors like Mcafee, IBM, Fidelis Security, Symantec, Verdasys, Reconnex, Vericept, Raytheon, Websense and Checkpoint have written thousands of white papers on how their data security products can help an organization be HIPAA compliant, but log-management cannot mitigate dumpster-diving, nor can it prevent bulk database dumps and file transfer.Data security vendors like Mcafee, IBM, Fidelis Security, Symantec, Verdasys, Reconnex, Vericept, Raytheon, Websense and Checkpoint have written thousands of white papers on how their data security products can help an organization be HIPAA compliant, but log-management cannot mitigate dumpster-diving, nor can it prevent bulk database dumps and file transfer.Information Security Resourceshttp://information-security-resources.com/2009/10/21/the-high-cost-of-hipaa-privacy-violations/Anthony M. Freedafreed5362101Help for FACTA Red Flags Compliance | Business.com's What Works for Business Blogurn:com:businessweek:bx:article:5544542830635024183-e50132e5b7c5a8e45cd302088c29f5c62009-10-29T12:45:09.500-04:00After a year of delays, the Federal Trade Commission’s new FACTA Red Flags rules that have caused great fear and confusion among small and medium businesses, are in effect as of November 1, 2009. The FACTA Red Flags rules will require millions of...After a year of delays, the Federal Trade Commission’s new FACTA Red Flags rules that have caused great fear and confusion among small and medium businesses, are in effect as of November 1, 2009. The FACTA Red Flags rules will require millions of...blogs.business.comhttp://blogs.business.com/whatworks/2009/facta-red-flags-compliance/Daniel Kehrerdkehrer6280000A Process Checklist for System Hardeningurn:com:businessweek:bx:article:12714307359655163517-9595ba9da875b8fb43dc3dbb2840e4dc2009-10-20T11:06:16.313-04:00Most administrators and security officers are well aware of the necessity of system hardening for corporate systems. Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface. Here is a checklist and diagram by which you can perform your hardening activities.Most administrators and security officers are well aware of the necessity of system hardening for corporate systems. Hardening is the process of securing a system by reducing its surface of vulnerability. By the nature of operation, the more functions a system performs, the larger the vulnerability surface. Here is a checklist and diagram by which you can perform your hardening activities.information-security-resources.comhttp://information-security-resources.com/2009/10/20/a-process-checklist-for-system-hardening/Anthony M. Freedafreed5361001Any Data You Give to Google Can and Will Be Used Against Youurn:com:businessweek:bx:article:8442685745265919505-c0d64814565c562aaaa3ce5035a3bc2c2009-10-10T21:55:55.765-04:00The uber-geeks who run Google don't seem like to think about the messy world of law and politics. But it can't be avoided. The latest example: A Bear Stearns manager done in by a GMail account he thought was closed ... but we all know better, right?The uber-geeks who run Google don't seem like to think about the messy world of law and politics. But it can't be avoided. The latest example: A Bear Stearns manager done in by a GMail account he thought was closed ... but we all know better, right?gawkerhttp://gawker.com/5378101/any-data-you-give-to-google-can-and-will-be-used-against-youThomas Huynhthuynh3818701Court Limits Confidentiality in Civil Litigationurn:com:businessweek:bx:article:4285763976400667292-df68d0a717fc2cf1e3668ec4bb958d412009-10-14T10:15:26.766-04:00The United States District Court for the Northern District of Georgia recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the confidentiality of documents in civil cases.The United States District Court for the Northern District of Georgia recently announced a new case management procedure that will limit the parties from consenting to blanket protective orders to protect the confidentiality of documents in civil cases.Information Security Resourceshttp://information-security-resources.com/2009/10/13/court-limits-confidentiality-in-civil-litigation/Anthony M. Freedafreed5361001Critical Steps When Your Email Is Breachedurn:com:businessweek:bx:article:5439117438521257501-44c8ba63eace2632d8c4272ca70d8abf2009-10-12T08:57:59.487-04:00BBC News announced that more passwords to email accounts were posted: Yahoo, Gmail, AOL, Comcast, and Earthlink users appear among those impacted. Again, security experts are urging those with accounts to change their login details. These are extra steps everyone should take at least once a year, or during situations where an account may be compromised:BBC News announced that more passwords to email accounts were posted: Yahoo, Gmail, AOL, Comcast, and Earthlink users appear among those impacted. Again, security experts are urging those with accounts to change their login details. These are extra steps everyone should take at least once a year, or during situations where an account may be compromised:Information Security Resourceshttp://information-security-resources.com/2009/10/11/critical-steps-when-your-email-is-breached/Anthony M. Freedafreed5361001Beware of Identity Theft This Easterurn:com:businessweek:bx:article:3173093432434311463-8fcf21449b83f22a40b0ffa6bcf1ddd32009-04-03T20:14:00.000-04:00Posted in Easter, Holidays, Humor, Kid Friendly, Silly Tagged: Easter, HumorPosted in Easter, Holidays, Humor, Kid Friendly, Silly Tagged: Easter, HumorFaerie♥Kat's Faerie♥Kornerhttp://faeriekat.wordpress.com/2009/04/03/beware-of-identity-theft-this-easter/565600Software Defects Still Key Factor in Data Lossurn:com:businessweek:bx:article:6106123372331778223-31a21423ee8d1b937359937d5956b2e52009-10-07T10:50:50.888-04:00The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).The root cause of application security vulnerabilities is usually design bugs, and often there are implementation defects. The empirical data showed that software bugs accounted for over 55% of the contributing vulnerability to the event (see the Business Threat Modeling study).information-security-resources.comhttp://information-security-resources.com/2009/10/07/software-defects-still-key-factor-in-data-loss/Anthony M. Freedafreed5362101The Hacker Perspective on Cyber Securityurn:com:businessweek:bx:article:5511142529186010496-054afefb2a67e515f2208a95f43df1fa2009-10-05T07:14:35.083-04:00SecurityBinge – a team composed of Chris Martin aka pr4ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hacker’s perspective. Tim and Stefan, the show’s co-hosts, have years of experience both in corporate and hacker circles.SecurityBinge – a team composed of Chris Martin aka pr4ch, Tim Elrod aka ri0t, and Stefan Morris aka Janus – are forging a video podcast show addressing information security from the hacker’s perspective. Tim and Stefan, the show’s co-hosts, have years of experience both in corporate and hacker circles.Information Security Resourceshttp://information-security-resources.com/2009/10/04/the-hacker-perspective-on-cyber-security/Anthony M. Freedafreed5362101Swarm Intelligence Fights Worms with Antsurn:com:businessweek:bx:article:13531878122201979061-1c7ebb9bc6a5f2a22c74ce4f6f290e3c2009-10-05T07:26:16.594-04:00Currently most security technology is reactive, taking action only against known threats that have been defined and can therefore be found. Researchers are hoping that by proactively scanning a network for unusual behavior, digital ants can discover zero-day threats before they do harm.Currently most security technology is reactive, taking action only against known threats that have been defined and can therefore be found. Researchers are hoping that by proactively scanning a network for unusual behavior, digital ants can discover zero-day threats before they do harm.Information Security Resourceshttp://information-security-resources.com/2009/10/04/swarm-intelligence-fights-worms-with-ants/Anthony M. Freedafreed5361001IBM's Encryption Breakthrough for the Weburn:com:businessweek:bx:article:3042770516200996839-061e867c1e7f3e37dfd455de399c73ba2009-10-01T09:13:39.939-04:00In the dog days of summer 2008, an intern at IBM Research was sitting in a Manhattan café turning a problem over in his head. Craig Gentry was thinking about cryptography, the science of codes and data protection, tussling with a question that had...In the dog days of summer 2008, an intern at IBM Research was sitting in a Manhattan café turning a problem over in his head. Craig Gentry was thinking about cryptography, the science of codes and data protection, tussling with a question that had...BusinessWeekhttp://www.businessweek.com/technology/content/sep2009/tc20090930_463595.htm?chan=technology_technology+index+page_top+storiesTom Gilestgiles6033201Future Internet Privacy Worries Europeurn:com:businessweek:bx:article:4939788797663579622-27866a1e4f76fe6dbbf875a2b83ca79e2009-10-10T03:01:54.211-04:00There is a dark side to some of the impressive new online technologies that are appearing, from social networking to behavioural advertising to RFID 'smart chips', the European Commission's internet chief has warned. While such technologies offer...There is a dark side to some of the impressive new online technologies that are appearing, from social networking to behavioural advertising to RFID 'smart chips', the European Commission's internet chief has warned. While such technologies offer...BusinessWeekhttp://www.businessweek.com/globalbiz/content/oct2009/gb2009109_528501.htmAndy Reinhardtareinhardt6263300