Monthly Archives: May 2009

Virtualization Could Collide With PCI, But Help Forensics

With lingering questions about how virtual environments will play with compliance, security experts here have warned organizations to avoid virtualizing any highly regulated applications — and to also consider new ways to use virtualization to enhance security.

via Virtualization Could Collide With PCI, But Help Forensics – DarkReading.

Do Executives Take Security Seriously? Survey Says Yes.

Our exclusive InformationWeek survey shows that IT and executives are on the same page when it comes to information security threats, policies and more.

Asking a C-level executive if security is important is like asking a politician if they love America. Everyone knows the right answer is “Yes.”

via Do Executives Take Security Seriously? Survey Says Yes. – Analytics – InformationWeek.

Aetna contacts 65,000 after Web site data breach

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.

The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.

via Aetna contacts 65,000 after Web site data breach – Network World.

PCI and Fraud Analysis: To Have and Have Not

As merchants work to reduce the scope of PCI compliance and the risk due to having credit card data in their environment, some companies are actually taking access to this data away from people who need it to do their job, including the managers who are charged with investigating fraudulent credit card transactions. Instead of PCI controls helping reduce fraud, for some companies, they are making fraud detection more difficult.

via StorefrontBacktalk » Blog Archive » PCI and Fraud Analysis: To Have and Have Not.

Microsoft Brings Secure Development Help to Application Developers for Free

Microsoft wants to speed adoption of its security development lifecycle (SDL), starting with the release of a free SDL Process Template that is integrated with the Visual Studio Team System. The company also announced additions to its SDL Pro Network and updates to the SDL process.

via Microsoft Brings Secure Development Help to Application Developers for Free.

National Archives Breach Includes Clinton-Era Data

Either through accidental loss or theft, the National Archives and Record Administration informs Congress of more than a terabyte of missing data from the Clinton administration, including sensitive information on hundreds of individuals who visited the White House. Accident or not, the FBI has launched a criminal investigation into the matter.

via National Archives Breach Includes Clinton-Era Data.

‘Security Metrics’ and risk-assessment guides out this week

For security professionals, two free risk-management guides out this week provide directions on how to establish corporate security metrics, as well as tips on organizing risk-assessment and presenting findings.

The Center for Internet Security’s “Security Metrics 1.0” is a pithy compilation of 20 “metrics definitions” covering six areas: incident management; vulnerability management; patch management; application security; configuration management; and financial metrics. The 83-page paper shoots for a mathematical approach that lets an organization build a scorecard for each category to assess and chart progress—or decline—in each of the six security-management areas.

via ‘Security Metrics’ and risk-assessment guides out this week – Network World.

Insurers keep an eye on cloud security threats

The Hartford has a dedicated insurance offering called CyberChoice that pays off if failure of the IT infrastructure results in liability for loss of personal information, intellectual property and the like. The insurance pays for investigation of the failure and payment of the costs of notifying customers if there is a reportable breach.

via Insurers keep an eye on cloud security threats – Network World.