Exaprotect BlogManager

HM Revenue and Customs Admit Massive Data Loss

Domenick Lionetti — Tue, 05 Aug 2008 17:16:32 +0000

The problems of putting sensitive information on an easy-to-lose medium such as disks - and not backing up internal policies with good security practice - were brought sharply into focus by the news that the UK’s HM Revenue and Customs has been involved in one of the world’s biggest ID protection failures.

Maturity Models as a Vehicle for Improving Risk Management Practices

Thierry Costa — Thu, 31 Jul 2008 18:57:31 +0000

CEOs now readily recognize that risk is ubiquitous Also boards commonly accept the tenet that risk management improves business performance. However the benefits of risk management derived by organizations will depend directly on the level of maturity of their risk management practices.

Western Governments “Victims of Chinese Cyber Attacks”

Christophe Briguet — Thu, 24 Jul 2008 19:47:05 +0000

The French government has been targeted by Chinese cyber attacks similar to those reported by the US and UK governments, according to the French daily newspaper Le Monde, citing a government official. “We have indications that our information systems were the object of attacks, like in the other countries,” the Secretary-General of National Defence (SGDN) Francis Delon said.

Maturity Models as a Vehicle for Improving Risk Management Practices

Domenick Lionetti — Tue, 22 Jul 2008 19:03:06 +0000

SAP and Oracle Face Copyright Battle

Thierry Costa — Mon, 21 Jul 2008 22:23:14 +0000

Many interested observers, not least the customers of both organizations, are looking on with interest as two heavyweights of the IT industry, SAP and Oracle, lock horns over claims that “SAP has stolen thousands of proprietary, copyrighted software products and other confidential materials that Oracle developed to service its own support customers.”

SOX and the General Control Environment

Christophe Briguet — Thu, 17 Jul 2008 19:19:36 +0000

Good corporate governance depends on the effective management of internal controls and on the availability, confidentiality and integrity of information. Corporate reputation, brand preservation and financial results all depend on the defence of business processes and on compliance with a growing array of legislation and regulation. For companies listed on US exchanges, the Sarbanes-Oxley Act of 2002 (‘SOX’) is of overriding importance and information security has a crucial role to play in achieving compliance.

Don’t be a laptop loser

Thierry Costa — Tue, 15 Jul 2008 18:12:42 +0000

Earlier this year, a laptop containing salary details, addresses, dates of birth, national insurance numbers and phone numbers of some 26,000 employees went missing from a printing firm, which was writing to workers at a major retailer about pension changes. Also, at a large public sector organisation, sensitive information about more than 16,000 council workers was put at risk as the result of another laptop theft. Identity theft is the possible result of such losses.

Growing Insider Threat to Business Data

Domenick Lionetti — Thu, 10 Jul 2008 19:53:22 +0000

The growing threat posed to confidential business data by trusted insiders has been highlighted by two major incidents in the U.S. in recent weeks. In the first, Fidelity National Information Services, a leading provider of core financial institution processing, card issuer and transaction processing services, announced that a former employee of its subsidiary, Certegy Check Services, had misappropriated and sold consumer information to a data broker who, in turn, sold a subset of that data to a limited number of direct marketing organizations.

Consumers ‘Losing Confidence’ in Credit Card Security

Thierry Costa — Tue, 08 Jul 2008 19:19:21 +0000

The swift progress of e-commerce could be halted by a growing crisis of confidence amongst consumers about the security of their credit cards. A recent Mori survey, commissioned by Secerno (the UK supplier of database security technology), found a massive 95% of consumers concerned about data theft and 63% of adults worried about the ability of data centres to protect their information.

Major Phishing Scam Exposed

Christophe Briguet — Thu, 03 Jul 2008 16:30:27 +0000

The FBI has warned of a recently reported spam e-mail purportedly from the Internal Revenue Service (IRS) which is actually an attempt to steal consumer information. The e-mail advises the recipient that direct deposit is the fastest and easiest way to receive their economic stimulus tax rebate.

The message contains a hyperlink to a fraudulent form which requests the recipient’s personally identifiable information, including bank account information. To convince consumers to reply, the e-mail warns that a failure to complete the form in a timely manner will delay the rebate check being issued.

One example of this IRS spam e-mail message is as follows:

“Over 130 million Americans will receive refunds as part of President Bush program to jumpstart the economy.

Our records indicate that you are qualified to receive the 2008 Economic Stimulus Refund.

The fastest and easiest way to receive your refund is by direct deposit to your checking/savings account.

Please follow the link and fill out the form and submit before May 10th, 2008 to ensure that your refund will be processed as soon as possible.

Submitting your form on May 10th, 2008 or later means that your refund will be delayed due to the volume of requests we anticipate for the Economic Stimulus Refund.

To access Economic Stimulus refund, please click here.”

The FBI has reiterated that the IRS does not request personal information via e-mail or ask taxpayers for the PIN numbers, passwords, or similar information for their credit cards or bank accounts. Anyone who has received such an e-mail is asked to file a complaint with the Internet Crime Complaint Center (IC3).