Log in

Posts Tagged ‘Information Technology’

Cloud computing could be the answer to the recent hacking attacks

July 28th, 2011

Time to move to Cloud computing?

It is high time security standards for data are redefined. The recent hacking attacks stress this need and laws against hackers need more strengthening.

Is cloud computing the answer to the hacking question?

The Commission on the Leadership Opportunity in U.S. Deployment of the Cloud, or CLOUD2 — came up with a plan as to how the government should work with industry, academia, and other nations to use Cloud technology effectively.

The government will study viable cloud computing solutions for technology and make a decision about its implementation in federal IT.

The CLOUD2 commission body consists of 71 of the nation’s experts from the cloud computing industry who dedicate more than 2,000 hours of work in person and in the cloud. The Commission is headed by Salesforce.com Chairman and CEO Marc Benioff and VCE Chairman and CEO Michael Capellas.

The CLOUD2 commission is hoping to use cloud adoption to foray into the global IT world and create employment.

“The debate around cloud computing is over – everyone agrees the shift to the cloud is inevitable,” said Marc Benioff, chairman and CEO, salesforce.com and the Commission’s Co-chair. “The Cloud First Buyers Guide for Government provides the best practices for how agencies can evaluate and deploy cloud services, helping them make huge gains in productivity and efficiency.”

According to Michael Capellas, CEO of VCE, a cloud venture backed by Cisco and EMC “Today’s recommendations by the commission will help further accelerate adoption of cloud computing within the government infrastructure,” Capellas said in a statement. “Faster adoption of cloud computing will strengthen the United States’ leadership position in the global marketplace and ignite creation of jobs that will be in high demand over the next decade.”

The 14 recommendations include four important areas of cloud computing

Trust –organizations must trust that the cloud can help secure their data and provide protection against hacking

Transnational Data Flows – Cloud has no national borders. Its full potential will be realized only via data flow across international borders

Transparency- cloud providers will earn confidence from corporate America and government agencies by providing users meaningful ways to evaluate cloud implementations and for vendors to share relevant and reliable information about their capabilities to build trust in the system.

Transformation – For cloud’s implementation there must be a change in how the federal government acquires technology; thereby creating jobs

The Commission has also produced a Cloud Buyer’s Guide, it is available online at http://www.cloudbuyersguide.org/

Presentation of the above recommendations

The committee has presented its recommendations with federal CIO Kundra (outgoing), Commerce Secretary Gary Locke, and Pat Gallagher, director of NIST.

Concerns over cloud

Although companies can benefit from the cloud, they are still concerned about the security risks.

David LeDuc, SIIA’s senior director of public policy says ” “The reality is that most of the fear associated with security as it pertains to cloud computing, is that people think they’ll have less control over the systems and the information. They feel they’re relinquishing direct control of their data,”

Data stays safe with Alertsec

Alertsec Xpress offers a customizable data encryption software solution from Checkpoint, the industry leader in encryption software (former Pointsec). Alertsec has come up with a web based encryption service that helps in deployment and management of PC encryption.

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags: business Check Point Chief executive officer Cloud computing disk encryption European Commission Federal government of the United States Information Technology Michael Capellas Software and Information Industry Association United States Victorian Certificate of Education

To escape from Data Breaches, New Law Proposed in Colorado

March 7th, 2011

It is important for every state to be alert for its people’s security. In the case of continuous data breaches various states have adopted laws, rules and regulations requiring companies to implement security procedures to protect individual’s personal information. According to these laws if sensitive information is accessed by an unauthorized person, the company must report this to individuals, state agencies and national credit reporting agencies. The most common ways of data security breaches are network security breaches like hacking, electronic transmission of personal information to a third party like emailing and the loss or theft of computer or disk containing personal information.

GREAT SEAL OF THE STATE OF COLORADO

The Colorado Law

A fresh bill has been proposed in the state of Colorado which takes an innovative approach of incentivizing companies for implementing healthy data security. This recently enacted law is imposing significant obligations upon companies which conduct business in Colorado and own electronically stored personal data about Colorado residents. The personal information can include individual’s personal detail, social security number, financial account numbers, driving license details etc. This law is being also imposed on the businesses that maintain computerized human resource records, collect or sell electronic data or provide data support services to other companies.

According to this law if a person owns or use computerized data in Colorado and that data includes personal information of Colorado’s residents, in the case of a data breach a prompt investigation should be conducted. Colorado’s data security law is very much similar to the other states data breach notification laws. Presently over 27 states and territories have enacted data-breach notification statutes.

Challenges for Implementing Colorado Law

There are number of challenges for implementing Colorado law and one of the most important one is the establishment of best practices and IT security standards. The CIO of the State of Colorado did not provide additional guidance in this bill, that how those practices shall be determined or whether there will be one set of best practices that will apply to all entities. The bill requires an entity to establish these best practices and standards for commercial entities and the business man who owns or use electronic data.

The top most challenge coming out of this is whether novel approaches to information security and privacy legislation will work or not? While this law may provide immunity from negligence claims for cases contained in Colorado, it may not help with lawsuits like the cases which are filed in other jurisdictions, where Colorado law is not the choice of law. The challenge for the law makers is to provide enough clarity and certainty so that companies have confidence that they are in the safe harbour. They need to provide enough flexibility in the law to allow companies of all shapes and sizes.

Data Security

Secure your Sensitive Data with Alertsec

Above incident shows that in the absence of full disk encryption, privacy of such a huge number of people can get affected. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. There are many incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpressoffers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

What Is a Data Breach? (brighthub.com)
Where do security breaches occur? What type of data is stolen and who makes the discovery? (brianpennington.co.uk)
Imation Picks up Colorado Data Security Firm ENCRYPTX (tech.mn)
How Much Does Your College Spend on Data Security? (q-ontech.blogspot.com)
RSAC 2011: Data Security Wunderkind: Tokenization (thetechherald.com)

No comments »

Posted in Data Protection

Tags: Colorado Computer security data security Data Security Law Data Security System Encryption Information Technology security

News Update About Data Loss in Healthcare

February 27th, 2011

Image via Wikipedia

Ever since the usage of electronic records has increased, the vulnerability of data has become higher.

Kaufman, Rossin & Co. has released a report which shows the compromise of personal information of 4.9 million patients. The health information was compromised as a result of 166 data breaches that happened in the 1^st year of the implementation of HITECH act which is the Health Information Technology for Economic and Clinical Health (HITECH) Act

The act was implemented about a couple of years ago in February 2009. The idea was simple: Promote the usage, implementation of information technology in health sector. Not only that, it also calls for stricter rules/financial penalties for any breach incidents related to privacy.

The greatest source of the breach according to the study is laptops. Laptops were found out in 43 incidents and created an impact on more than 1.5 million individuals. The breach incidents happened occurred between Sept. 21, 2009 and Sept. 21 2010. In the first year, the breach incidents were publicly reported to the Secretary of the Department of Health and Human Services

Jorge Rey who is co-author and director of information security and compliance with Kaufman, Rossin said, “There are so many various ways for data to be breached in this day and age and many businesses are not properly prepared or are completely unaware of just how vulnerable this information is”. “The HITECH Act is changing the way PHI must be protected and those companies that are not serious about protecting their patients’ information find themselves facing serious reputation, legal and financial repercussions.”

Here are some of the other findings of the study:

Business associates, over 20% of them were affected by the data breach incidents
As far as individuals are concerned, around 3.12 million were impacted
32 percent of breaches were reported within the first three months
Needless to say, the data breach was caused by “Theft” incidents with these happening about 58% of the time.
It was only in 14% of the cases that theft was caused by loss and similar percentage accounted for misc. incidents.

The biggest learning from this report is the variety of formats in which the breach incidents can happen. Examples of such incidents are somebody sending confidential medical information to the wrong destination or the information being hacked by someone.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

UK Government Bodies Are More Vulnerable To Data Breaches (enterprisedrm.info)
EU study frowns over data breach notification rules (go.theregister.com)

No comments »

Posted in Data Protection, data breach

Tags: data data breach data security Health Insurance Portability and Accountability Act information security Information Technology Personally identifiable information security

‘Long-term’ Employee Responsible for Massive Mesa Data Breach’

December 4th, 2010

: Courthouse in Mesa County

In what can be termed as one of the biggest disasters, a data breach incident happened in Mesa County. The authorities are still trying to figure out the extent of a security breach that has put secured law enforcement files and people’s personal information out on the internet for anybody to view.

How did the incident happen?

The incident happened during the stage of software transition and was primarily caused by the mistake of a Mesa County IT employee. It resulted in thousands of internal sheriff’s department records being available for public viewing on the Internet.

The Sentinel also describes how the data breach happened. The employee had been working in Mesa County’s Information Technology group on a project integrating computer databases between Grand Valley law-enforcement agencies, Mesa County Sheriff “Stan Hilkey” said. In April, authorities said the man had “parked” files from the sheriff’s records-management system on a county-run server that the man believed was secure: a “file transfer protocol site.” Hilkey said the files were kept at that location, which has its own Mesa County URL address, awaiting conversion to be compatible with the new law-enforcement database.

Impact of Data Loss

The kicker is that records were accessible for seven months before the sheriff’s office caught wind of the situation and took them down. The information included names of confidential informants who worked with a drug task force, e-mails between officers about crime victims and home addresses for sheriff’s department employees. Hundreds of thousands of pieces of personal information have been leaked onto an un-secure file-transfer website or FTP.

The Mesa County Sheriff’s Department says its files include information on up to 200,000 people

What the Authorities are Saying?

Interim Mesa county administrator Stefani Conley said, “This employee thought this was a password-protected, encrypted website.”

While there was no official confirmation to the number of The sheriff declined to say how many times the data was accessed, only describing it as multiple hits from local, national and international computers.

Sheriff Stan Hilkey said, “It’s the county’s fault that it was there, on purpose or not, Mesa County is dealing with a pretty big problem”. Stefani added, “This was a situation that again, should not have happened.” “It was an error by an IT employee and that employee is no longer with the county”. The county wouldn’t divulge any information about the employee, other than saying in a statement that “this person was a long-term county employee.”

Even though all signs point to this being just an honest mistake, it is off-course something that hadn’t happened overnight. The data was moved to the un-secure website about seven months ago in April. Although, the first security breach only happened at the end of October. “There was no criminal activity during the first breach,” Hilkey said. But, it still took county I.T. engineers almost a month to notice and shut down the problem. County attorneys are trying to figure out if they could face any legal ramifications if somebody’s identity is stolen.

If you are reading this article and are victim of one of these breach incidents you can call these three creditors: Equifax Credit Bureau Fraud Department – 800) 525-6285, Experian Information Solutions Fraud Department – (888) 397-3742, and the TransUnion Credit Bureau Fraud Department – (800) 680-7289.

How Alertsec Xpress Would Have Helped

Whether it is done with intention or out of ignorance, the sheer fact is “Data Breach” hurts the processes and functioning of organizations badly.

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Mesa calendar (eventkeeper.com)
Mesa County Accidentally Posts 20 Years Of Confidential Data Online (huffingtonpost.com)

No comments »

Posted in Uncategorized

Tags: Barack Obama Colorado data breach Employment Grand Junction Colorado Information Technology Law Law Enforcement Mesa County Mesa County Colorado Sheriff

Increasing Laptop thefts, a major cause of worry

August 31st, 2010

Laptop thefts have been increasing this year, both on-campus & off-campus, according to a report from Information Technology.

The convenience and portability offered by laptops over desktop computers have made them popular among the masses and the thieves. “A laptop takes six seconds to grab,” said Harvard Townsend, chief information security officer. “Desktop machines are growing less common, Townsend said, and thieves realize this. Everyone should invest in a locking security cable,” he said. “Even at home, leave it kind of secured with that cable; it will eliminate opportunistic theft.”

A locking security cable locks the laptop with a heavy, immovable object, thus making it difficult for a thief to walk away with it. “The locks are available at any electronics retailer, including the K-State Student Union Computer Store. Laptops, whether they are in a room in a residence hall, apartment or house, are the easiest items to steal and have high value,” he said.

He also advised to record identification information about the laptop such as the serial number, hardware specifications, make and model and MAC (Media Access Control) address. The MAC address is an identification code, specific to every computer, both Mac and PC that can help the police track down a possible stolen device.

He also advises to back up data frequently so that incase of the theft, at least the invaluable data is not lost. A more secure way of protecting data is hard disk encryption.

Choose Alertsec’s Security Products right now

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Check out our convenient and cost-effective computer security software for Windows 2000, XP, Vista and 7.