Network security threats abound, and news of data breaches are constantly made public. Are information security professionals doing something wrong? Where are enterprises most vulnerable? And what can network pros do to keep a company more secure? in order to solve security issues, we need to think of information security as risk management, says Interop IT security track chair John Pironti, who is president of IP Architects, LLC. Here’s why:

Read full story

At CSI/SX, Verizon Business’ Peter Tippett talks trends and lessons learned in data breaches

Given the nature of data breaches today, organizations are better off saving money and doing “lightweight” security testing across more of their infrastructure than conducting deep assessments across a few systems, Peter Tippett, vice president of innovation and technology for Verizon Business, told attendees at the Computer Security Institute (CSI) Security Exchange conference here this week.

Read full story

Employee had access to patient database as part of her job, report says

An employee at Johns Hopkins Hospital may have leaked the personal information of more than 10,000 patients in an identity fraud scam.

According to a report filed to the administrator of the state of Maryland’s Identity Theft Program (PDF), some 31 individuals with connections to Johns Hopkins have reported identity thefts since Jan. 20. Law enforcement agencies suspect the thefts might be part of a fraudulent driver’s license scheme discovered in neighboring Virginia.

Continue reading …

A soon-to-be released ethical hacking report finds 60 percent of organizations budget for penetration testing

Call it realism, or call it pessimism, but most organizations today are resigned to getting hacked. In fact, a full 94 percent expect to suffer a successful breach in the next 12 months, according to a new study on ethical hacking to be released by British Telecom (BT) later this week.

Continue reading the article …

The number, scale and sophistication of data breaches fueled by hackers last year is rekindling the debate over the efficacy of the credit card industry’s security standards for safeguarding customer data.

All merchants that handle credit and debit card data are required to show that they have met the payment card industry data security standards (PCI DSS), a set of technical and operational requirements designed to safeguard cardholder information from theft or unauthorized access.

Continue reading the article

Concerns about insider security threats remain a low priority for enterprise organizations, according to Lieberman Software survey
Despite recent headlines announcing major corporate data breaches, concerns about insider security threats remain a low priority for enterprise organizations. According to a survey of IT industry professionals, insider security threats and corporate data breaches are lesser security concerns than more traditional security risks, such as viruses, Trojans and worms. The survey was conducted by Lieberman Software Corporation, a developer of privileged account password management solutions.

Continue reading the article