Company says 3.3 million student loan records stolen
Data on 3.3 million borrowers was stolen from a nonprofit company that helps with student loan financing. The theft occurred on March 20 or 21 from the headquarters of Educational Credit Management Corp. (ECMC), which services loans when student borrowers enter bankruptcy. The data was contained on portable media, said the organization, which is a [...]
OMB outlines shift on FISMA
In the seven years that it has been the law of the land, FISMA, The Federal Information Security Management Act, has helped raise awareness of the need for information security on the federal government's networks, as well as on the networks supporting private industry. But this latest version of the Office of Management and Budget's [...]
Simple Log Review Checklist Released!
Today, many people are looking for very simple solutions to big and complex problems – and the area of logging and log management is no exception. Following that theme, we have created a “Critical Log Review Checklist for Security Incidents” which is released to the world today. In addition to HTML, PDF or DOC versions [...]
Does the storm over cloud security mean opportunity?
Absent such standards, Feigenbaum noted that Google received SaS 70 certification and shares the audit results on its security controls with customers. Google is also now seeking certification to comply with the Federal Information Security Management Act (FISMA). via Analysis: Does the storm over cloud security mean opportunity?.
GRC goes into the Cloud – Express Computer
eGestalt has announced the availability of SecureGRC, a solution that provides an end-to-end integration of security monitoring with IT-Governance, Risk Management and Compliance (IT-GRC) management solutions using a cloud-based delivery model. via GRC goes into the Cloud – Express Computer.
PCI DSS Names New Chair
On Jan 25th, the PCI Security Standards Council, a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced that Bruce Rutherford, group head, fraud management solutions, payment system integrity, MasterCard, has been [...]
PCI Security Standards Council Launches Global Website with New Resources in Eight Languages | SYS-CON INDIA
Today, the PCI Security Standards Council (PCI SSC), a global, open industry standards body providing management of the Payment Card Industry Data Security Standard (PCI DSS), PIN Transaction Security (PTS) Security Requirements and the Payment Application Data Security Standard (PA-DSS), announced the launch of a new PCI SSC micro site, providing resources to secure payment [...]
SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance
In particular, the new rules require disclosures in proxy and information statements about: * The relationship of a company’s compensation policies and practices to risk management. via Press Release: SEC Approves Enhanced Disclosure About Risk, Compensation and Corporate Governance; 2009-268; Dec. 16, 2009.
OMB, NIST release draft of new FISMA metrics
The National Institute of Standards and Technology and the Office of Management and Budget are proposing 11 new performance metrics to guide agencies in how they measure their computer network security. via Federal News Radio 1500 AM: OMB, NIST release draft of new FISMA metrics.
ISO 31000 Risk management
By now, many of you have read the newly released ISO 31000 Risk management — Principles and guidelines standard. (Others may have seen its release draft or be familiar with its predecessor the AS/NZS 4360 standard.) It provides a well-written, step-by-step guide to risk management processes that can be applied to whole organizations, or any [...]
