http://www.krollfraudsolutionsblog.com A Dialogue on Data Security Mon, 14 May 2012 19:59:47 +0000 http://backend.userland.com/rss092 en Considering the exposure it’s gotten in mainstream news sources recently, it’s highly likely you’ve seen some fairly ominous headlines recently proclaiming that, on July 9, 2012, hundreds of thousands of people around the world will lose their access to the Internet. Are you one of them? How do you know? Before ... http://www.krollfraudsolutionsblog.com/2012/05/the-end-of-your-life-online-what-you-should-know-about-dnschanger-part-one/ The U.S. House of Representatives recently passed two cyber security bills. The Federal Information Security Amendments Act of 2012 (HR 4257) modifies the Federal Information Security Management Act of 2002 (FISMA) by providing for, among other things, automated security monitoring of government information systems. It also requires federal agencies to ... http://www.krollfraudsolutionsblog.com/2012/05/house-passes-two-cyber-security-bills-more-possible/ Today marks the release of the third installment of the 2012 HIMSS Analytics Report: Security of Patient Data, commissioned by the information security practice of Kroll Advisory Solutions.  The bi-annual survey (previously released in 2008 and 2010) examines survey data from U.S. healthcare industry professionals on the state of patient ... http://www.krollfraudsolutionsblog.com/2012/04/2012-himss-analytics-report-security-of-patient-data-released-today-webinar-on-may-2/ In April, Kroll will be releasing its 2012 HIMSS Analytics Report: Security of Patient Data. This is the third in a series of biannual studies that examine the patient data security practices at hospitals across the U.S. While this has always been a popular and highly regarded report, this year’s ... http://www.krollfraudsolutionsblog.com/2012/03/third-annual-himss-report-security-of-patient-data-to-be-released-in-april/ When the Federal Trade Commission released its 2011 Consumer Sentinel statistics (self-reported consumer complaints to the FTC) in February, it revealed that once again, identity theft was the number one complaint. More specifically, 24 percent of the identity theft complaints filed with the FTC in 2011 fell into the category ... http://www.krollfraudsolutionsblog.com/2012/03/identity-theft-and-tax-season-go-hand-in-hand/ Responding to a security incident involves a lot of fact-gathering, and the precious information needed to advance the investigation is frequently found in the form of log files. But how do you make decisions as to which logs to keep, and for how long? And, more importantly, how do you ... http://www.krollfraudsolutionsblog.com/2012/02/locating-log-files-during-an-investigation/ Cyber incidents that require investigation are a little like snowflakes: No two are alike. Every case we investigate seems to have its own unique challenges that vary from previous investigations. There are frequently a multitude of operating systems, network configurations, and industry-specific applications, among other things. But with all of ... http://www.krollfraudsolutionsblog.com/2012/02/understanding-logs-as-a-critical-component-of-investigation/ Malware as a data breach threat is a hot topic these days, but is it really as big a threat as it is sometimes characterized? Emphatically, YES! You may recall in a previous post discussing data breach response, I mentioned the very real threat that malware has become, as well as ... http://www.krollfraudsolutionsblog.com/2012/02/the-malware-data-breach-threat/ On January 25, 2012, the European Commission (EC) released its final draft of a regulation that would replace the current EU Data Protection Directive.  The regulation includes a data security section requiring organizations to implement appropriate technological and organizational measures to protect personal data.  Specific guidance on the type of ... http://www.krollfraudsolutionsblog.com/2012/01/regulatory-roundup-part-4-ec-releases-final-draft-of-eu-data-protection-reforms/ The Canadian Parliament is again considering a requirement for organizations in Canada to notify individuals and the Office of the Privacy Commissioner of Canada in the event of a data breach. Under proposed amendments to the Personal Information Protection and Electronic Documents Act (PIPEDA), organizations would be required to ... http://www.krollfraudsolutionsblog.com/2012/01/regulatory-roundup-part-3-proposed-canadian-breach-notice-requirements/