[ISN] Countering cyberterrorism at heart of Tel Aviv conference next month

http://www.israelhayom.com/site/newsletter_article.php?id=16181 [InfoSec News is a media sponsor, complete details are on the sidebar of the website – www.infosecnews.org, and there’s a 10% discount code if you’re interested in attending. – WK] By Ilan Gattegno Israel Hayom March 17, 2014 Institute for National Security Studies, a prestigious academic think tank, to host large event with the help of U.S.-based Cyber Security Forum Initiative and Prime Minister’s Office – Issues to include cybercrime, cyberterrorism, and cyber defense law. The annual Defensive Cyberspace Operations & Intelligence Conference is scheduled to take place April 8-9 in Tel Aviv. The forum will be held under the auspices of the Institute for National Security Studies, a prestigious Tel Aviv think tank headed by former Military Intelligence Director Maj. Gen. (ret.) Amos Yadlin. It will focus on the ways government can prevent and counter strategic cyber attacks. The Prime Minister’s Office National Cyber Bureau, the Intelligence Ministry and the Office of the Chief Scientist are actively involved in the organization of this conference, as is the Cyber Security Forum Initiative, a nonprofit organization headquartered in Omaha, Nebraska and in Washington, D.C. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Healthcare data encryption trends and methods

http://healthitsecurity.com/2014/03/17/healthcare-data-encryption-trends-and-methods/ By Patrick Ouellette Health IT Security March 17, 2014 There are varying responses from healthcare organizations and security experts when the question of why an organization would not encrypt its data is posed. For some, it’s a numbers game and their budget simply can’t fit encryption technology. Others philosophically are opposed because they believe, to a degree, it degrades the data. However, there may be a more fundamental reason for a lack of encryption for some organizations: the belief that their “four walls” are enough to protect patient data. Michael Leonard, Director of Product Management for Healthcare IT at Iron Mountain, told HealthITSecurity.com that many organizations don’t encrypt their data for that reason. What encryption trends are you seeing on-site v. off-site within healthcare organizations? Leonard: We see in many organizations a lot of the content is still not encrypted, especially if it’s being stored onsite, and that has been, I think, historically because it’s within their four walls there’s less concern, right or wrong, but there’s less concern that it should be encrypted if it’s in-house, so to speak. I don’t see anybody, at least that we’ve talked to, moving content out into the cloud or out to a managed service provider unless it is encrypted, and that’s clearly a best practice. Also, many of the existing clinical applications don’t really have a native way of encrypting content, so it’s like extra work for the organization to encrypt much of that clinical information. So, we see quite a bit of the content that’s stored within the four walls of an organization as unencrypted. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Court approves first-of-its-kind data breach settlement

http://www.computerworld.com/s/article/9247017/Court_approves_first_of_its_kind_data_breach_settlement By Jaikumar Vijayan Computerworld March 17, 2014 Courts have generally tended to dismiss consumer class-action lawsuits filed against companies that suffer data breaches if victims can’t show that the the breach directly caused a financial hit. A federal court in Florida broke the mold by approving a $3 million settlement for victims of a data breach in which personal health information was exposed when multiple laptops containing the unencrypted data were stolen. The Dec. 2009 theft of laptops belonging to AvMed, a Florida-based health insurer, exposed the patient records of tens of thousands of its customers. Several victimes later filed a putative class action lawsuit against AvMed. The plaintiffs suffered no direct losses or identity theft from the breach but nevertheless accused AvMed of negligence, breach of contract, breach of fiduciary duty and unjust enrichment. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Sally Beauty confirms data breach

http://www.washingtonpost.com/business/economy/sally-beauty-confirms-data-breach/2014/03/17/c644049a-adf5-11e3-96dc-d6ea14c099f9_story.html By Amrita Jayakumar The Washington Post March 17, 2014 Sally Beauty confirmed Monday that hackers broke into the supplier’s network, stealing the payment data of up to 25,000 customers. The information stolen included payment card numbers and the three-digit security codes, known as CVV numbers, the company said. The retailer said it does not store customers’ personal identification numbers (PINs). Customers will be notified if their information was stolen, said Sally Beauty, which is advising shoppers to check their bank statements for suspicious transactions. The company did not provide details on the nature of the breach, including whether it affected only shoppers who came into a store or also those who shopped online. The confirmation follows a statement by Sally Beauty this month that said it detected a breach Feb. 24 but had no evidence that customers’ data had been stolen. The breach was first reported by security blogger Brian Krebs. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail