SEARCH RESULTS
 
Showing 1-10 of 193 records
 
Expand article

Ask the Auditor: Who is Responsible for Information Security?

2007-12-29 06:24:50 by Editor in Security Links
 
...responsible for information security By Dan Swanson A Reader Asks: Who is responsible for information security The Auditor Responds: In short, the board of directors, management (of both staff and business lines), and internal audit functions all have significant roles in auditing information security. The big question for many companies is...
 
Tags: information, information security, information policy, information security risks, information assurance, information security governance, information security managers, information security management, assign information security
 
 
 
 
Expand article

Responsible-ish Disclosure

2008-05-08 20:50:57 by Chris Eng in Zero in a bit
 
...responsible. But look at the code its completely generic, just a textbook example of what it looks like when you forget to check a return value after calling operator new. Sure, Core gives you the exact offsets into the executable, but so what? If I have the binary, then its not going to be too hard to find the vulnerability anyway. Its not...
 
Tags: text, esi, 00405c1b mov esi, ecx, 00405c31 push esi, 00405c3e mov ecx, recent dos vulnerability, vulnerability, 00405c21 test esi
 
 
 
 
Expand article

Sensitive Milwaukee County information posted to Web

The Article has images
2008-02-13 17:06:24 by Evan Francen in The Breach Blog
...Responsible Government Network Victims Persons involved with the county Number Affected Unknown Types of Data patient and legal records Breach Description Milwaukee County officials released a copy of their "county spending database" to the activist group Citizens for Responsible Government Network that contained sensitive personal...
 
Tags: milwaukee county, milwaukee county officials, information, county, county officials, sensitive personal information, confidential information, county clerk, county records crg
 
 
 
 
Expand article

NERC CIP Rules Out - Logs In!

2008-01-24 13:06:00 by Dr Anton Chuvakin in Anton Chuvakin Blog -
 
...Responsible Entity shall establish methods, processes, and procedures that generate logs of sufficient detail to create historical audit trails of individual user account access activity for a minimum of ninety days and R6.4. The Responsible Entity shall retain all logs specified in Requirement R6 for ninety calendar days R6.5. The...
 
Tags: logs, review logs, preserve computer logs, responsible entity, security, cyber security, regulatory security guidance, guidance, review
 
 
 
 
Expand article

Some Comments on PayPal's Security Vulnerability Disclosure Policy

2007-11-27 18:07:00 by Security Retentive in Security Retentive
 
...responsible side of the line From Don's post I got a creepy feeling about actually trusting the statement. I will probably never attempt to test the security of PayPals site, but for those who do I would hate for the disclosure statement to change suddenly As I said earlier, we do believe the policy is a work in progress. We will modify it...
 
Tags: disclosure, encourage responsible disclosure, responsible disclosure, security, security vulnerability disclosure, policy, security vulnerability, disclosure policies, disclosure statement
 
 
 
 
Expand article

New Banking Code shifts more liability to customers

2008-04-09 14:08:49 by Steven J. Murdoch in Light Blue Touchpaper
 
...responsible for all losses on your account. If you act without reasonable care, and this causes losses, you may be responsible for them. (This may apply, for example, if you do not follow section 12.5 or 12.9 or you do not keep to your accounts terms and conditions Clauses 12.5 and 12.9 include some debatable advice about anti-virus software...
 
Tags: code, customers, banks, fraud-detection algorithms, fraud, code claims, electronic fraud, code deals, fraud threat
 
 
 
 
Expand article

Service Canada employee loses flash drive

The Article has images
2008-06-28 23:18:19 by Evan Francen in The Breach Blog
...responsible for the security of some very sensitive personal information belonging to thousands (maybe millions) of Canadians. As such, the people that are permitted to access (assuming that role-based access control is enforced at Service Canada) confidential information must be properly trained and made constantly aware of the risks...
 
Tags: service canada, employee, service canada recently, canada, service canada employees, employee aware, practices, security practices, employee service canada
 
 
 
 
Expand article

Colorado Division of Motor Vehicles cited in audit report

The Article has images
2008-07-11 09:18:07 by Evan Francen in The Breach Blog
...responsible for security Evan] Or is it no one is responsible for security High turnover - 60 percent of entry-level workers leave during their first year - and low, $26,280-a-year starting salaries make fraud more attractive and management more difficult, DMV officials said Evan] This is another problem that contributes significantly to the...
 
Tags: information, personal information, information security, information security breaches, sensitive information, information security strategy, information security program, security, cyber security
 
 
 
 
Expand article

Deloitte & Touche and IKON lose confidential information

The Article has images
2007-12-20 14:23:09 by Evan Francen in The Breach Blog
...responsible for scanning pension fund documents Although IKON definitely has blame in the cause of this breach, Deloitte & Touche certainly does to. It seems that Deloitte & Touche makes some attempts to deflect their responsibility. Deloitte & Touche was given the information in the first place and they are responsible for what happens to...
 
Tags: information, touche, ikon, confidential information, information security controls, deloitte, third-parties secure information, touche partners, ikon office solutions
 
 
 
 
Expand article

66.1 Host Locked

The Article has images
2007-11-28 16:13:28 by HASH0x89e99bc in Dancho Danchev's Blog - Mind Streams of Information Security Knowledge