-
More from SearchSecurity -- April 2005
Let SearchSecurity.com take you beyond this month's issue of Information Security magazine. Monthly Magazine Highligh
-
Do you speak geek: Respecting the letter of the law
Test your knowledge of security laws and regulations. Quiz
-
Quiz: Compliance
Test your knowledge of legislation and standards. Quiz
- See More: Essential Knowledge on Identity Theft and Data Security Breaches
-
SEC filing: VeriSign security breach in 2010 was limited, execs say
In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems. News | 02 Feb 2012
-
Symantec issues new pcAnywhere security guide following flaw resolution
Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks. News | 01 Feb 2012
-
Understanding data security breaches eclipses preventing them
Companies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey. News | 26 Jan 2012
-
Symantec pulls pcAnywhere, man-in-the-middle attacks are possible
Source code theft from Symantec’s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products. News | 25 Jan 2012
-
Symantec breach: Data breach basis of Norton source code leak
Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software. News | 19 Jan 2012
-
Website weaknesses at fault in T-Mobile hacktivist attack
A hacktivist group is claiming responsibility for exploiting website vulnerabilities and stealing the personal information of approximately 80 T-Mobile employees. News | 17 Jan 2012
-
RSA SecurID breach: Executives attempt to repair tarnished image
While the RSA SecurID breach cost EMC’s security division more than $60 million, executives admit it could take years to restore its tarnished image. News | 16 Jan 2012
-
Stratfor unveils new website, improves security following breach
Intelligence firm CEO apologizes for failing to properly secure customer credit card data and email addresses. Firm now outsources processes to third-party payment processor. News | 12 Jan 2012
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News | 17 Oct 2011
-
Sony appoints former Homeland Security official as CISO
Recovering from a massive, high-profile breach of its systems, Sony Corp. is looking to Philip Reitinger to lead its security initiatives. News | 06 Sep 2011
- See More: News on Identity Theft and Data Security Breaches
-
Hacktivism examples: What companies can learn from the HBGary attack
A few simple security best practices may have spared security company HBGary Federal from the recent attack by the hacktivist group Anonymous. Nick Lewis explains what happened and how to prevent such an attack against your company. Tip
-
Data breach procedures to stop Gawker-type Web password security leaks
Following its recent security breach, Gawker.com has promised to boost its security, but, in this tip, threats expert Nick Lewis looks at what the site could've done to pre-empt the breach in the first place. Tip
-
Create a data breach response plan in 10 easy steps
Having a solid data breach response plan in place can make the threat of a security breach less intimidating. In this tip, learn 10 steps to take that will lead to an effective data breach response plan. Tip
-
How to prevent iPhone spying: Mobile phone management tips
So you have an iPhone, you don't access the Internet, you use a PIN to authenticate and you never let the device out of your site. Michael Cobb explains why iPhone spying still isn't out of the question. Tip
-
An inside look at security log management forensics investigations
David Strom provides some examples of log data that provided key clues to enterprise data breaches. Tip
-
Data security best practices for PCI DSS compliance
The glut of recent data breaches, such as the one at Heartland Payment Systems Inc., leaves some security pros wondering if PCI DSS is doing its job. Is it worth all the effort to become PCI compliant if breaches still seem inevitable? In this expert... Tip
-
The 'appropriate' way to comply with Data Protection Act 1998
The U.K. Data Protection Act is 10 years old, but the evidence shows that many organisations are still not up to standard when it comes to the seventh data security principle: using "appropriate and adequate security measures" to protect personal dat... Tip
-
Web 2.0 and e-discovery: Risks and countermeasures
Enterprise employees often love Web 2.0 services like wikis and social networking services, but the data employees may create with or provide to those services can put an enterprise at risk, especially when litigation calls for electronic discovery o... Tip
-
Security breach management: Planning and preparation
All organizations face the risk of an information security breach. While it can be a gut-wrenching ordeal, learning how to manage a breach can make it much easier to contain the damage. In this tip, contributor Khalid Kark unveils several key priorit... Tip
-
Worst practices: Recognizing the biggest compliance mistakes
With all of the compliance requirements and regulations organizations need to abide by these days, corporate compliance blunders are inevitable. In this tip, security management expert Mike Rothman highlights the biggest compliance mistakes seen in t... Tip
- See More: Tips on Identity Theft and Data Security Breaches
-
Personally identifiable information guidelines for U.S. passport numbers
Do U.S. passport numbers count as personally identifiable information? Learn more about guidelines for PII in this security management expert response from David Mortman. Ask the Expert
-
What are best practices for secure password distribution after a data breach?
After an information security data breach, it might seem like a good idea to create new user IDs and passwords for all employees in the user directory. But is there an easier way to handle the aftermath of a data breach? Find out more in this IAM exp... Ask the Expert
-
Is insider activity or outsider activity a bigger enterprise threat?
According to Verizon's 2008 Data Breach Investigations Report, outsider activity is much more likely to be the cause of a data breach than insider activity. Does that mean security managers are spending too much time worrying about insiders? Security... Ask the Expert
-
Are Internet cafe users' email credentials at risk?
Most browsers store all Web pages, including a user's message and other information, in a cache from which it is retrievable with relative ease. Expert Michael Cobb explains how to keep the personal data from getting into the wrong hands. Ask the Expert
-
Is it possible to delete search data from a search engine's servers?
Search engine history can be very sensitive, and can be used against the searcher if it falls into the wrong hands. Security threats expert Ed Skoudis addresses the possibility of deleting search history from a search engine's servers. Ask the Expert
-
What techniques are being used to hack smart cards?
Hacked smart cards are a large potential threat to enterprises that utilize them. Learn how to thwart smart card hackers. Ask the Expert
-
What are the roles of a liaison officer?
Security incident response is one of the main duties of a liaison officer. Security management expert Mike Rothman explains. Ask the Expert
-
How to prevent hack attacks against smart card systems.
What are smart cards, and how can the security of a smart card itself be maintained? Ask the Expert
-
Why are there still various independent credit card security standards?
PCI DSS has become the well-known information security standard for credit cards, but vendors can still have different approaches to card data security. Ask the Expert
-
How can birth certificate fraud and passport fraud be prevented?
Best practices for preventing birth certificate and passport fraud from expert Mike Rothman. Ask the Expert
- See More: Expert Advice on Identity Theft and Data Security Breaches
-
privilege escalation attack
A privilege escalation attack is a type of network intrusion that takes advantage of programming errors or design flaws to grant the attacker elevated access to the network and its associated data and applications. Word
-
data breach
A data breach is an incident in which sensitive, protected or confidential data has potentially been viewed, stolen or used by an individual unauthorized to do so. Data breaches may involve personal health information (PHI), personally identifiable i... Word
-
extrusion prevention
Extrusion prevention is the practice of stopping data leakage by filtering outbound network traffic. Extrusion prevention protects sensitive digital assets from unauthorized transfer by stopping the movement of packets across the network. Extrusion d... Word
-
Rock Phish
Rock Phish is both a phishing toolkit and the entity that publishes the kit, either a hacker, or, more likely, a sophisticated group of hackers. While the authors of the kit remain anonymous, Rock Phish has become the most popular phishing kit availa... Word
-
parameter tampering
Parameter tampering is a form of Web-based hacking event (called an attack) in which certain parameters in the Uniform Resource Locator (URL) or Web page form field data entered by a user are changed without that user's authorization... (Continued) Word
-
bot worm
A bot worm is a self-replicating malware program that resides in current memory, turns infected computers into zombies (or bots) and transmits itself to other computers. A bot worm may be created with the ultimate intention of creating a botnet that ... Word
-
drive-by pharming
Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain access to user data... (Continued) Word
-
pretexting
Pretexting is a form of social engineering in which one individual lies to obtain privileged data about another individual in order to engage in identity theft or corporate espionage. A pretext is a false motive. Word
-
CISP-PCI (Cardholder Information Security Program - Payment Card Industry Data Security Standard)
CISP (Cardholder Information Security Program) and PCI (Payment Card Industry Data Security Standard) are specifications developed and used by credit card companies for the purpose of ensuring and enhancing the privacy and security of financial data.... Word
-
cookie poisoning
Word
- See More: Definitions on Identity Theft and Data Security Breaches
-
Cloud failures, privacy issues and data breach woes
Eric Holmquist of Holmquist Advisory joins the editorial team to talk about the Verizon DBIR, the recent Apple privacy debacle and the Amazon cloud failure. Podcast
-
Podcast: Data breaches highlight systemic failures
The editorial team discusses the RSA SecurID breach, Epsilon’s massive email breach and the Briar Group’s credit card data loss settlement. Serious blunders led to each breach. Podcast
-
Video: Inside the Verizon Data Breach Investigations Report 2011
Verizon's Wade Baker previews the 2011 Verizon Breach Investigations Report and shares surprising insight from the 2010 report on tactics that do and don't help prevent breaches. Video
-
Fact or fiction: Inside extrusion detection and prevention technology
According to our latest survey of more than 608 enterprise security pros, 80% of enterprises say protecting data is more important in 2007 than last year, and 72% admit they need a better strategy. SearchSecurity.com is responding to this growing nee... Podcast
-
Courts turn aside data breach suits
Class action suits based on data breaches have failed without exception. But, companies still face heavy sanctions and have settled in most cases rather than risk losing in court. Video
-
Security incident response 101
Even the best procedures fail to overcome the stresses in the initial throes of an incident. Security consultant Lenny Zeltser explains how to run a well coordinated response. Video
-
The challenges of incident response plans and procedures
Mandiant's Kevin Mandia reviews his top five incident response challenges. Video
-
Fact or fiction: Building and enforcing DLP policies
Deploying a data loss prevention (DLP) solution is just the first step in the process of controlling the sensitive data flowing through your company's network. But DLP solutions need robust policies and procedures to increase their effectiveness. Thi... Podcast
-
SEC filing: VeriSign security breach in 2010 was limited, execs say
In an October 2011 regulatory filing, VeriSign said its corporate network was breached in 2010, exposing data on a “small portion” of its systems. News
-
Symantec issues new pcAnywhere security guide following flaw resolution
Organizations that have applied the latest patches should follow more stringent security best practices to guard against external attacks. News
-
Understanding data security breaches eclipses preventing them
Companies are spending more time investigating the source of data breaches and their impacts to reduce expenses, says a survey. News
-
Symantec pulls pcAnywhere, man-in-the-middle attacks are possible
Source code theft from Symantec’s systems in 2006 places pcAnywhere software at risk of being attacked. Company says software is bundled with many of its products. News
-
Symantec breach: Data breach basis of Norton source code leak
Investigators confirmed that a 2006 breach at Symantec Corp. is the root cause of a source code leak of its Norton Antivirus software. News
-
Website weaknesses at fault in T-Mobile hacktivist attack
A hacktivist group is claiming responsibility for exploiting website vulnerabilities and stealing the personal information of approximately 80 T-Mobile employees. News
-
RSA SecurID breach: Executives attempt to repair tarnished image
While the RSA SecurID breach cost EMC’s security division more than $60 million, executives admit it could take years to restore its tarnished image. News
-
Stratfor unveils new website, improves security following breach
Intelligence firm CEO apologizes for failing to properly secure customer credit card data and email addresses. Firm now outsources processes to third-party payment processor. News
-
SEC guidelines push companies to disclose potential breaches
The U.S. Securities and Exchange Commission guidelines help companies determine how security breaches should be disclosed to potential investors. News
-
Sony appoints former Homeland Security official as CISO
Recovering from a massive, high-profile breach of its systems, Sony Corp. is looking to Philip Reitinger to lead its security initiatives. News
- See More: All on Identity Theft and Data Security Breaches
About Identity Theft and Data Security Breaches
Get advice on data security, identity theft and information security breaches. Learn about corporate data breach laws and legislation, state disclosure laws including Calif. SB-1386, notification requirements and legal ramifications of data breaches, and how to prevent hackers from stealing credit card data and social security numbers.