Automated FISMA Reporting Tool Unveiled
The Office of Management and Budget this month unveiled an interactive collection tool called CyberScope that should help agencies fulfill their IT security reporting requirements under the Federal Information Security Management Act.
via Automated FISMA Reporting Tool Unveiled.
Agency Infosec Spend a Mystery to OMB
The White House Office of Management and Budget does not know how much its departments and agencies specifically spend on IT security, Federal CIO Vivek Kundra told a Senate panel Thursday.
Kundra said he was shocked to learn that the OMB never collected from agencies specific IT security expenditures, just aggregate data, when he took over [...]
Tokenization Vs. End to End Encryption #PCI
A recent study conducted by PriceWaterhouseCoopers on behalf of the Payment Card Industry Security Standards Council shows that end to end encryption and tokenization are the top choices for companies seeking to employ new emerging technologies to protect payment card and other critical data. And both approaches have their public proponents, including Heartland Payment Systems [...]
DHS agencies don’t sustain info security programs, IG says — Federal Computer Week
Homeland Security Department agencies don’t sustain their information security programs year-round or perform continuous monitoring to maintain systems’ accreditations and action plans, according to DHS Inspector General Richard Skinner.
The IG’s findings come from an annual independent evaluation of the department’s information security programs required by the Federal Information Security Management Act (FISMA)
via DHS agencies don’t [...]
New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters
70 Percent of Surveyed Hospital Security Professionals Say Senior Management Fail to Prioritize Privacy and Data Security
via New Study Reveals Push to Electronic Medical Records Puts Patient Privacy at Risk | Reuters.
Feds’ Security Spending On a Roll: Over 8 Percent Growth Over Next Five Years – DarkReading
The U.S. federal government’s IT security spending will jump from $7.9 million to $11.7 billion in 2014 thanks to tightening federal security regulations, a 300 percent jump in attacks on feds’ networks and systems during the past five years, and the Obama administration’s emphasis on security, according to new data from research firm Input.
via Feds’ [...]
Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues
Heartland relationship managers were told that PCI compliance was not a big deal. One of Heartland’s relationship managers resigned on or around April 23, 2009, in part because of Heartland’s statements regarding its PCI compliance
via StorefrontBacktalk » Blog Archive » Lawsuit: A Heartland Manager Resigned Because Of PCI Compliance Issues.
Federal Taskforce To Focus On Cybersecurity Metrics — Cybersecurity — InformationWeek
FISMA metrics need to be rationalized to focus on outcomes over compliance,” Kundra wrote in a blog post announcing the move. “Doing so will enable new and actionable insight into agencies #FISMA
via Federal Taskforce To Focus On Cybersecurity Metrics — Cybersecurity — InformationWeek.
HEARTLAND Lawsuit filed #PCI
Months before announcing the Heartland Payment Systems (HPY) data breach, company CEO Robert Carr told industry analysts that the Payment Card Industry Data Security Standard (PCI DSS) was an insufficient protective measure.
This is a class action lawsuit brought by the FI Plaintiffs,
individually, and on behalf of similarly situated banks, credit unions and
other financial institutions that [...]
PCI-DSS – I am certified, therefore I am secure #PCI
Interesting article …
PCI has done a LOT to further security in an industry where information security was never considered a topic worth mentioning. I can remember 5-7 years back when retailers were all about razor-thin margins (they still are – that hasn’t changed) and security to them meant physical security – guards, sensors, cameras – [...]
