security

What are GCs and Directors Thinking About Corporate Governance? | Law.com

August 17, 2011 By Global EDD Group Leave a Comment

Risk

The top concerns for directors this year are operational risk, data security, and managing the company’s reputation.

Over 50 percent of GCs, meanwhile, cite major concerns about electronic discovery for litigation/ investigation, managing outside legal fees, and data security, too.

A bit further on down the line, at least a third of GCs consider governance/compliance, operational risk, the Foreign Corrupt Practices Act, and managing company reputation to be major concerns.

Dodd-Frank Act

Not many fans of the 2,300-page financial reform legislation in these parts. Directors and GCs were evenly aligned in their thoughts on Dodd-Frank: 94 percent of directors and counsel alike think the measures need to be re-evaluated, while 94 and 95 percent, respectively, think the law incentivizes employees to bypass internal whistleblower procedures and go straight to the SEC.

Additionally, most directors and GCs “agree that the ultimate impact of Dodd-Frank will be increased oversight, reduced earnings, and a less-attractive capital market environment for prospective public companies.”

Compliance

There’s some ambivalence amongst GCs about the possibility of regulatory actions against their companies. Fifty-six percent of general counsel said they are more fearful of regulatory action than in the previous year’s study, while 42 percent said their level of concern is about the same as before.

With regards to the Foreign Corrupt Practices Act, the landscape looks a little dicey: “Just 36% of responding general counsel serving companies subject to FCPA believe their board and management have done a good job with FCPA training and compliance. Another 63%. . .believe there is room for improvement.”

Finally, 69 percent of general counsel respondents think that regulatory compliance is what will increase their law department’s workload the most over the next year. That’s up from 37 percent of GCs who thought that way in 2009.

via What are GCs and Directors Thinking About Corporate Governance?.

Filed Under: From The News Tagged With: company reputation, compliance, Corporate, corrupt practices act, electronic discovery, percent, security, Thinking

Department of Defense tries to court hackers – CNN.com

August 5, 2011 By Global EDD Group Leave a Comment

Dear hackers: The U.S. government wants you.

Or, at the very least, the Department of Defense’s research wing wants to pay you to help it block cyber threats, a project manager at the Defense Advanced Research Projects Agency said Thursday.

Former hacker Peiter Zatko announced the start of a fund-the-hackers program, called Cyber Fast Track, in a keynote talk at the Black Hat conference, which is aimed at hackers and computer security experts. The program began officially late Wednesday, he said.

Experts say the government has done a lousy job in the past of getting money to security researchers quickly enough for them to actually help mitigate cyber threats. Or the feds have avoided dealing with hackers entirely.

via Department of Defense tries to court hackers – CNN.com.

Filed Under: From The News, Tech Bytes Tagged With: CNN, com, computer security experts, cyber threats, defense advanced research projects agency, Manager, research projects agency, security

U.S. warns that Anonymous, LulzSec could up their game – Computerworld

August 3, 2011 By Global EDD Group Leave a Comment

Hacker groups such as Anonymous and Lulz Security may need to be monitored more closely in the event they are assisted by other hackers with higher skill levels and decide to strike critical infrastructure.

The warning comes from the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the U.S. Department of Homeland Security.

“Some members of LulzSec have demonstrated moderately higher levels of skill and creativity that include using combinations of methods and techniques to target multiple networks,” according to the six-page advisory. “This does not take into account the possibility of a higher-level actor providing LulzSec or Anonymous more advanced capabilities.”

Anonymous and a splinter group known as LulzSec have wreaked havoc against government and business websites and servers, from low-level defacement of websites up to more sophisticated actions such as stealing sensitive data.

The agency categorized the attacks as “rudimentary” and associated with youths known as “script kiddies” for their use of simple tools to hack. But law enforcement agencies in countries such as the U.S., U.K., Spain and the Netherlands have made arrests in attempts to stem their activities.

via U.S. warns that Anonymous, LulzSec could up their game – Computerworld.

Filed Under: From The News, Tech Bytes Tagged With: department of homeland security, game, Hacker, integration, National, script kiddies, security, u s department of homeland security

Infographic: Keeping Tabs on Google+ Privacy | News & Opinion | PCMag.com

July 29, 2011 By Global EDD Group Leave a Comment

Google+ has proven popular, but is it secure? In the few weeks that it has been open to a small group of Google users, the new social network has not had any major privacy snafus, but as more and more people join Google+, keeping tabs on how your data is presented, and secured, will likely become a bigger issue.

Check Point, which produces the ZoneAlarm security suite, put together a list of Google+ privacy tips, the first of which is to take advantage of the Circles feature, which lets you select which group of people can see your links, photos, and other updates.

“It’s no big shock that cybercriminals–perhaps too easily caught on other social networking platforms such as Facebook–will pick Google+ as a new target,” Check Point said in a blog post. “Should this give Google+ users a cause for concern? Maybe, but let’s take a look at several ways you can keep your privacy secure.”

via Infographic: Keeping Tabs on Google+ Privacy | News & Opinion | PCMag.com.

Filed Under: Tech Bytes Tagged With: com, google users, issue, networking platforms, PCMag, privacy news, security

Russia Enacts Amendments to Data Privacy Law : Privacy & Information Security Law Blog

July 29, 2011 By Global EDD Group Leave a Comment

As reported in BNA’s Privacy Law Watch, on July 25, 2011, Russian President Dmitry Medvedev signed a new federal law amending Russia’s personal data privacy law, “On Personal Data.” The amended law, which was made public on July 27 and is effective retroactively from July 1, 2011, imposes new rules on international data transfers. As we previously reported, and as noted by the BNA, Russia had been considering improving its data protection regime and has enacted two other laws regarding the protection of personal data in the past several weeks.

The new rules allow personal data to be transferred outside of Russia to (1) EU member states, or (2) nations that are approved by a Russian federal agency authorized to designate countries that can guarantee adequate protection for personal data. In addition, personal data may be transferred with the prior written consent of data subjects, or if required by Russian federal legislation or international treaties.

via Russia Enacts Amendments to Data Privacy Law : Privacy & Information Security Law Blog.

Filed Under: From The News Tagged With: BNA, dmitry medvedev, eu member states, information, personal data privacy, protection, security

Security experts knock Google on PC infection warnings – Computerworld

July 21, 2011 By Global EDD Group Leave a Comment

Google has taken the unprecedented step of warning millions of users whose PCs it believes are infected with fake security software and other malware, the company said yesterday. But some security experts are leery of Google’s move.

The warning appears as a bright yellow banner that reads “Your computer appears to be infected,” at the top of the page after users conduct a search with Google.

Google has started to slap this warning at the top of its search results when it suspects that the PC is infected with malware.

“It appears that your computer is infected with software that intercepts your connection to Google and other sites,” the alert continues. The alert also includes a link to a help page that provides more information on the alert and infection, as well as advice about how to remove the malware.

Google first posted the warning on Tuesday after it detected what it called “unusual search traffic” when doing maintenance at one of its data centers. Google decided that the abnormal traffic was a symptom of infected PCs.

“This particular malware causes infected computers to send traffic to Google through a small number of intermediary servers called ‘proxies,’” said Damian Menscher, a Google security engineer, in a blog post updated Wednesday.

Menscher added that the proxy traffic originated from fake antivirus (AV) programs, often called “scareware.” Millions of machines are infested with the malware, he said.

via Security experts knock Google on PC infection warnings – Computerworld.

Filed Under: Tech Bytes Tagged With: Alert, computer, Google, security, security engineer, software, traffic

Anti-Corruption Firm Sets up Camp in South Sudan – Law Blog – WSJ

July 11, 2011 By Global EDD Group Leave a Comment

The world’s newest nation will be welcoming its newest U.S. corporate resident next week as an anti-corruption and security firm opens its doors.

SolutionPoint International, which operates Guidepost Solutions, NSM Surveillance and Bode Technology, will set up shop next week in South Sudan. The timing couldn’t be better. See this New York Times story for the issues facing South Sudan.

SolutionPoint will offer anti-corruption services, security and surveillance for use by military and law enforcement, DNA forensics as well as compliance services.

“This is a crucial time for this emerging new nation, and we are committed to helping it prosper,” said Joseph Rosetti, Vice Chairman of SolutionPoint International.

Rosetti was a vice chairman and co-founder of Kroll and for many years worked for Director of Worldwide Security for IBM, responsible for security programs in physical security, investigations, personnel security, trade secret protection, information asset security and financial asset security.

via Anti-Corruption Firm Sets up Camp in South Sudan – Law Blog – WSJ.

Filed Under: From The News Tagged With: Asset, chairman, security, Sets, vice

Unstructured data compliance costs firms an average of $2.1 million annually | Infosecurity (USA)

July 1, 2011 By Global EDD Group Leave a Comment

The average cost of compliance associated with storing unstructured data is $2.1 million per year, according to a report prepared by the Ponemon Institute for software firm Novell.

The average compliance cost of unstructured data varies with the size of the organization. Companies with fewer than 5,000 employees have an average compliance cost of $1.23 million, while companies with more than 75,000 employees have an average compliance cost of $2.71 million, indicating that smaller businesses pay six times more per employee than larger businesses, according to the report.

Heavily regulated industries, such as financial services, pharmaceuticals, communications, and healthcare, have higher average compliance cost, incurring an average of $2.5 million annually, according to a review of 94 large US firms.

Ponemon breaks down compliance costs into the following activities: access governance, configuration management, assessment and audit, policy management, e-discovery, monitoring and scanning, backup and disaster recovery, specialized equipment cost, and specialized software costs.

A number of these activities include implementation of information security policies and regulations. For example, “access governance” includes cost associated with identity, authentication, provisioning, and access rights, which all have an information security component.

“Assessment and audit” includes compliance cost associated with review, evaluation, and verification of data storage based on the organization’s data security requirements, including regulatory compliance audits. “Policy management” includes cost associated with development, implementation, and enforcement of a company’s data storage policies, including those specified by laws and regulations. E-discovery involves the cost associated with discovery of electronic documents for litigation, data breach investigation, and compliance with the Health Insurance Portability and Accountability Act privacy rules.

The most expensive compliance cost associated with the storage of unstructured data are e-discovery, access governance, and internal auditing activities. Together, these activities cost businesses over $1.9 million on average annually.

via Infosecurity (USA) – Unstructured data compliance costs firms an average of $2.1 million annually.

Filed Under: Tech Bytes Tagged With: access, compliance, compliance costs, cost, Ponemon, security

Internet Security Experts Introduce Secure DNS in Singapore – NYTimes.com

June 25, 2011 By Global EDD Group Leave a Comment

A small group of Internet security specialists gathered in Singapore this week to start up a global system to make e-mail and e-commerce more secure, end the proliferation of passwords and raise the bar significantly for Internet scam artists, spies and troublemakers.

“It won’t matter where you are in the world or who you are in the world, you’re going to be able to authenticate everyone and everything,” said Dan Kaminsky, an independent network security researcher who is one of the engineers involved in the project.

The Singapore event included an elaborate technical ceremony to create and then securely store numerical keys that will be kept in three hardened data centers there, in Zurich and in San Jose, Calif. The keys and data centers are working parts of a technology known as Secure DNS, or DNSSEC. DNS refers to the Domain Name System, which is a directory that connects names to numerical Internet addresses. Preliminary work on the security system had been going on for more than a year, but this was the first time the system went into operation, even though it is not quite complete.

The three centers are fortresses made up of five layers of physical, electronic and cryptographic security, making it virtually impossible to tamper with the system. Four layers are active now. The fifth, a physical barrier, is being built inside the data center.

via Internet Security Experts Introduce Secure DNS in Singapore – NYTimes.com.

Filed Under: Tech Bytes Tagged With: com, nytimes, proliferation, security, system

Thieves Found Citigroup Site an Easy Entry – NYTimes.com

June 14, 2011 By Global EDD Group Leave a Comment

Think of it as a mansion with a high-tech security system — but the front door wasn’t locked tight.

Using the Citigroup customer Web site as a gateway to bypass traditional safeguards and impersonate actual credit card holders, a team of sophisticated thieves cracked into the bank’s vast reservoir of personal financial data, until they were detected in a routine check in early May.

That allowed them to capture the names, account numbers, e-mail addresses and transaction histories of more than 200,000 Citi customers, security experts said, revealing for the first time details of one of the most brazen bank hacking attacks in recent years.

The case illustrates the threat posed by the rising demand for private financial information from the world of foreign hackers.

In the Citi breach, the data thieves were able to penetrate the bank’s defenses by first logging on to the site reserved for its credit card customers.

Once inside, they leapfrogged between the accounts of different Citi customers by inserting vari-ous account numbers into a string of text located in the browser’s address bar. The hackers’ code systems automatically repeated this exercise tens of thousands of times — allowing them to capture the confidential private data.

via Thieves Found Citigroup Site an Easy Entry – NYTimes.com.

Filed Under: Tech Bytes Tagged With: com, Entry, security, site