Monthly Archives: March 2010

Company says 3.3 million student loan records stolen

Data on 3.3 million borrowers was stolen from a nonprofit company that helps with student loan financing.

The theft occurred on March 20 or 21 from the headquarters of Educational Credit Management Corp. (ECMC), which services loans when student borrowers enter bankruptcy. The data was contained on portable media, said the organization, which is a dedicated guaranty agency for Virginia, Oregon and Connecticut.

via Company says 3.3 million student loan records stolen.

HHS Adds to List of Data Breaches

The five new listings are:

* Montefiore Medical Center, New York, 625 affected individuals, theft of a laptop;

* Private Practice, San Antonio, 21,000 affected individuals, theft of a portable device;

* Thrivent Financial for Lutherans, Wisconsin, 9,500 affected individuals, theft of a laptop;

* Wyoming Department of Health, 9,023 affected individuals, unauthorized access of a network server; and

* Aspen Dental Care P.C., Colorado, 2,500 affected individuals, theft of an undisclosed nature.

via HHS Adds to List of Data Breaches.

Squeezing More Value From Your PCI Assessment

Often, merchants prepare a thoughtful risk assessment and then file it away (a.k.a., “shelfware”) until their QSA returns the next year, at which time it gets dusted off, reviewed and, hopefully, updated. If that describes your situation, you could be missing a golden opportunity to reduce your PCI scope, lower your risk and cut your cost of PCI compliance

via StorefrontBacktalk » Blog Archive » Squeezing More Value From Your PCI Assessment.

OMB outlines shift on FISMA

In the seven years that it has been the law of the land, FISMA, The Federal Information Security Management Act, has helped raise awareness of the need for information security on the federal government's networks, as well as on the networks supporting private industry.

But this latest version of the Office of Management and Budget's FISMA report to Congress pulls into focus the ways that the Obama Administration wants to change how the federal government complies with FISMA at a time when cyberthreats are escalating.

via Federal News Radio 1500 AM: OMB outlines shift on FISMA.

10 Steps To Ace A FISMA Audit

What follows are 10 commonsense steps you can take to prepare for a FISMA audit. While basic FISMA compliance won't always meet every government organization's security requirements–for example, you may be required to implement stricter data control requirements or a more involved change control process–you will have a sturdy base to build on.

via 10 Steps To Ace A FISMA Audit — FISMA — InformationWeek.