Tag Archives: audit

[ISN] Survey: Nearly 1 in 4 IT firms suffered security breach

http://www.crainsdetroit.com/article/20150726/NEWS/307269992/survey-nearly-1-in-4-it-firms-suffered-security-breach By TOM HENDERSON Crain’s Detroit Business July 26, 2015 Twenty-three percent of executives at technology companies say their firms have suffered a security breach in the past 12 months, according to the national annual Technology Industry Business Outlook survey conducted by KPMG LLP, the audit, tax and advisory firm. Three-fourths of executives surveyed say their companies will spend between 1 percent and 5 percent of annual revenue on IT security in the next 12 months. “The survey findings on security are an important marker, since tech companies are the pacesetters in IT security. How much and where tech companies spend on IT security, and how successful they are, can serve as guides for all other industries,” Gary Matuszak, global chairman of KPMG’s technology, media and telecommunications practice, said in a release. The KPMG survey was of upper managers at 111 U.S.-based technology companies. Of the respondents, 54 percent were in companies with revenue of more than $1 billion a year, with the rest at companies with annual revenue between $100 million and $1 billion. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Madonna Phone Hacker Sentenced to 14 Months in Jail

http://www.rollingstone.com/music/news/madonna-phone-hacker-sentenced-to-14-months-in-jail-20150709 By Kory Grow Rolling Stone July 9, 2015 The Israeli man who was indicted on four charges of cyber crimes in association with hacking into Madonna’s songs and leaking Rebel Heart tracks before the record’s release has been sentenced to 14 months in jail. Adi Lederman accepted a plea bargain with a Tel Aviv Magistrate’s Court in forming his sentence on Thursday, according to The Jerusalem Post. The man was also fined NIS 15,000 (approximately US $4,000) Lederman, who’d gained fame in 2012 with an audition for the Israeli analog to American Idol, was accused of leaking demos and in-progress versions of the singer’s tunes online in December 2014. Madonna reacted by releasing six songs from the LP and putting out the album earlier than she had intended. The man was arrested in January, and the country’s authorities said they believed he had also hacked into the personal computers of other celebrities. “I am profoundly grateful to the FBI, the Israeli police investigators and anyone else who helped lead to the arrest of this hacker,” Madonna wrote on Facebook at the time. “Like any citizen, I have the right to privacy. This invasion into my life – creatively, professionally, and personally – remains a deeply devastating and hurtful experience, as it must be for all artists who are victims of this type of crime.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Invest Insight: Focus on Imperva

This research looks at various segments relevant to Imperva — Web application firewalls (WAFs), data-centric audit and protection (DCAP), cloud security, and cloud access security brokers (CASBs) — to provide the reader with the ability to assess the company’s prospects. Based in Redwood Shores, California, Imperva provides hardware and software cybersecurity solutions designed to protect data and applications in the cloud and on-premises. Customers use these solutions to discover assets and risks, protect information, and comply with regulations. …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tepco’s frugality rapped after 48, 000 PCs found running Windows XP

http://www.japantimes.co.jp/news/2015/04/21/national/tepcos-frugality-rapped-after-48000-pcs-found-running-windows-xp/ The Japan Times April 21, 2015 Embattled Tokyo Electric Power Co. has been slammed by an independent auditing watchdog for skimping on its computer network, which still uses the Windows XP operating system. Facing multi-billion dollar cleanup and compensation bills from the March 2011 nuclear crisis, Tepco figured it could save a few yen by delaying an upgrade. But the independent watchdog — which usually on the lookout for wasteful spending — warned the nation’s biggest electric utility about its frugality, saying it must replace the outdated computer system because of security concerns. Tepco — effectively nationalized through a government bailout after the triple meltdown at the Fukushima No. 1 nuclear power plant in March 2011 — was hoping to save ¥3.6 billion ($30 million) by continuing to run about 48,000 computers on Windows XP until 2018. Microsoft stopped providing security updates and technical support for Windows XP last year, aggravating concerns about cybersecurity. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] TrueCrypt security audit is good news, so why all the glum faces?

http://arstechnica.com/security/2015/04/truecrypt-security-audit-is-good-news-so-why-all-the-glum-faces/ By Dan Goodin Ars Technica Apr 2, 2015 The ongoing audit of the TrueCrypt whole-disk encryption tool used by millions of privacy and security enthusiasts has reached an important milestone—a detailed review of its cryptographic underpinnings that found no backdoors or fatal flaws. The 21-page Open Cryptographic review published Thursday uncovered four vulnerabilities, the most serious of which involved the use of a Windows programming interface to generate random numbers used by cryptographic keys. While that’s a flaw that cryptographers say should be fixed, there’s no immediate indication that the bug undermines the core security promise of TrueCrypt. To exploit it and the other bugs, attackers would most likely have to compromise the computer running the crypto program. None of the vulnerabilities appear to allow the leaking of plaintext or secret key material or allow attackers to use malformed inputs to subvert TrueCrypt. The report was produced by researchers from information security consultancy NCC Group. “The TL;DR is that based on this audit, TrueCrypt appears to be a relatively well-designed piece of crypto software,” Matt Green, a Johns Hopkins University professor specializing in cryptography and an audit organizer, wrote in a blog post accompanying Thursday’s report. “The NCC audit found no evidence of deliberate backdoors, or any severe design flaws that will make the software insecure in most instances.” “The good news is there weren’t any devastating findings, which is great news,” Kenn White, a North Carolina-based computer scientist and audit organizer, told Ars. “The mixed news is what happens next with the project.” […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tasmanian Audit Office reveals ‘excessive’ online attack risks

http://www.zdnet.com/article/tasmanian-audit-office-reveals-excessive-online-attack-risks/ By Leon Spencer Security ZDNet News March 27, 2015 A report from the Tasmanian Audit Office released on Thursday has revealed that at least five state government departments were open to excessive risk from online attacks. The Tasmanian auditor-general’s report (PDF) No. 8 of 2014-15, Security of information and communications technology (ICT) infrastructure, outlines a number of weaknesses in the audited departments’ digital security. The audit was conducted on five of the state government’s departments, including Treasury; the Department of Primary Industries, Parks, Water and the Environment; the Department of Health and Human Services; the Department of Premier and Cabinet; and the Department of Police and Emergency Management. The Audit Office found that although information was generally safe and secure with reasonable backup and access restrictions, all of the audited departments were at excessive risk from online attacks, due to a lack of Australian Signals Directorate-recommended mitigation strategies. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] US watchdog: Anthem snubbed our security audits before and after enormous hack attack

http://www.theregister.co.uk/2015/03/05/us_watchdog_anthem_audits/ By Shaun Nichols The Register 5 Mar 2015 A year or so before American health insurer Anthem admitted it had been ruthlessly ransacked by hackers, a US federal watchdog had offered to audit the giant’s computer security – but was rebuffed. And, after miscreants looted Anthem’s servers and accessed up to 88.8 million private records, the watchdog again offered to audit the insurer’s systems, and was again turned away. “We do not know why Anthem refuses to cooperate,” government officials told The Register today. The Office of the Inspector General (OIG) for the US Office of Personnel Management (OPM) told us it wanted to audit Anthem’s information security protections back in 2013, but was snubbed by the insurer. According to the agency, Anthem participates in the US Federal Employees Health Benefits Program, which requires regular audits from the OIG, audits that Anthem allegedly thwarted. Other health insurers submit to Uncle Sam’s audits “without incident,” we’re told. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China’s New Rules for Selling Tech to Banks Have US Companies Spooked

http://www.wired.com/2015/01/chinas-new-rules-selling-tech-banks-us-companies-spooked/ By Davey Alba Wired.com 01.29.15 Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build “back doors” into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country. The new rules were laid out in a 22-page document from Beijing, and are presumably being put in place so that the Chinese government can peek into computer banking systems. Details about the new regulations, which were reported in The New York Times today, are a cause for concern, particularly to Western technology companies. In 2015, the China tech market is expected to account for 43 percent of tech-sector growth worldwide. With these new regulations, foreign companies and business groups worry that authorities may be trying to push them out of the fast-growing market. According to the Times, the groups—which include the US Chamber of Commerce—sent a letter Wednesday to a top-level Communist Party committee, criticizing the new policies that they say essentially amount to protectionism. The new bank rules and the reaction from Western corporations represent the latest development in an ongoing squabble between China and the US over cybersecurity and technology. The US government has held China responsible for a number of cyberattacks on American companies, and continues to be wary that Chinese-made hardware, software and internet services may have some built-in features that allow the Chinese government to snoop on American consumers. Meanwhile, China has used the recent disclosures by former NSA contractor Edward Snowden as proof that the US is already doing this kind of spying—and that this is reason enough to get rid of American technology in the country. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail