Archive for March, 2012
2012 Application Security Gap Study: A Survey of IT Security & Developers
Posted by brianfpennington in brian pennington on 29/03/2012
In this Security Innovation sponsored Ponemon study 567 IT security practitioners were asked about the following topics: Application security processes considered most effective Adoption and use of technologies that are affecting the state of application security Gaps between people, process and technology and the affect they have on the enterprise Different perceptions security and development practitioners have […]
PCI Security Standards Council pushing for feedback as window starts to close
Posted by brianfpennington in PCI DSS Compliance on 28/03/2012
The Payments Security Council (PCI) Security Standards Council (PCI SSC) called upon its global constituents to submit feedback for development of the next version of the PCI Data Security Standard (DSS) and PA-DSS. As part of the three-year life-cycle for standards development, the official feedback period, which opened in November 2011, will be closing on April […]
2,000 lost Medical Records leads to an investigation by the Information Commissioner
Posted by brianfpennington in brian pennington on 27/03/2012
Pharmacyrepublic Limited lost around 2000 patients personal details when a computer was stolen from their premises. Pharmacyrepublic Limited contacted the ICO in September 2011 to report the theft of a Patient Medication Record (PMR) system. The system contained details of the medicine handed out to patients at one of its pharmacies, and was stolen while the pharmacy was being […]
Verizon 2012 Data Breach Investigation Report – a summary with a PCI DSS view point
Posted by brianfpennington in PCI DSS Compliance on 27/03/2012
The 2012 Verizon Breach Investigation Report is out and I have attempted to summaries all 80 pages below. The study conducted by the Verizon RISK Team with cooperation from the Australian Federal Police, Dutch National High Tech Crime Unit, Irish Reporting and Information Security Service, Police Central e-Crime Unit, and United States Secret Service. The […]
UK Card Fraud losses fall because of technology and risk awareness
Posted by brianfpennington in brian pennington on 26/03/2012
The UK Card Association along with the Cheque & Credit Clearing Company, Financial Fraud Action UK and other industry groups has produced their report on UK fraud activities during 2011. The results released in March 2012 show, Fraud losses on UK cards fell 7% from £365.4m in 2010 to £341.0m in 2011, a ten year low. […]
RSA’s March Online Fraud Report
Posted by brianfpennington in brian pennington on 26/03/2012
In their March Online Fraud Report RSA reports on the activity of online fraudsters, full summary below. As well as the usual interesting statistics on fraudulent activity this report sheds light on the changes to the Zeus and Citadel Trojans as cybercriminals “migrating” from one Trojan botnet to another. FraudAction Research Lab has recently analyzed a Zeus 2.1.0.1 variant downloading […]
PCI Security Standards Council continues focus on mobile payment acceptance security
Posted by brianfpennington in PCI DSS Compliance on 23/03/2012
The PCI Security Standards Council (PCI SSC) is participating in a Congressional hearing titled “The Future of Money: How Mobile Payments Could Change Financial Services,” held by the Subcommittee on Financial Institutions and Consumer Credit. Representatives include the: Atlanta Federal Reserve MasterCard Smart Card Alliance The Consumer Union The PCI Security Standards Council Chief Technology […]
Police fined by the Information Commissioner. If the Police can lose sensitive that then anyone can.
Posted by brianfpennington in Uncategorized on 14/03/2012
The Lancashire Constabulary has been fined £70,000 by the Information Commissioner’s Office (ICO) after papers containing sensitive information about a 15 year old girl. This is the first penalty the ICO has served to a police force. The missing person’s report was discovered by a member of the public on 23 July 2011. The report had previously been used by […]
RSA’s February Online Fraud Report
Posted by brianfpennington in brian pennington on 12/03/2012
In their February Online Fraud Report RSA shed light on one of the latest Fraud-as-a-Service (FaaS) offerings to be purveyed in the criminal underground, a new release of the “Darkness”, aka “Optima,” DDoS bot crimeware; a commercially available toolkit that not only allows fraudsters to launch DDoS attacks at a target of their choice, but which has also […]
School boy error at a University
Posted by brianfpennington in brian pennington on 02/03/2012
How many other people will have done this? Taken a screenshot for training purposes, to demonstrate a technical error, share a section of a document, etc. and how many people have inadvertently included another application, image or data without realising or not thinking it was important. What ever the reason, if we include Personal information in those […]