InfoSecMinds

For like-minded people

The Faces of Fraud: Fighting Back

Dec 31

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment, ISMS, ISO 27001:2005, Risk Assessment | 1 Comment

See How Financial Institutions Respond to the Latest Threats

From skimming and POS attacks to ACH fraud and payment card hacks, 2010 was “The Year of Fraud,” and the year’s incidents have left banking institutions and their customers anxious for new solutions to prevent fraud in all its forms.

In response to the growing fraud threats – and to the demand for new solutions – Information Security Media Group just concluded its latest survey, “The Faces of Fraud: Fighting Back.”

This is the Executive Summary of the survey results and what they suggest for fighting fraud in 2011.

One of the most telling responses of the survey is to this question:

Read the rest of this entry »

Tags: , , , , , , , , , , , , , , , ,

Healthcare & Security: A Hacker’s Perspective

Dec 30

Posted by Vinod Puthuseeri in HIPAA, Information Security, Information Security Management System | No Comments

by Renee Chronister, CEO, Parameter Security

Here’s another heart-stopper. The latest Ponemon Institute study reveals 60% of healthcare providers had more than 2 security breaches in the last year with the average breach costing them $2 million. Whoa! It then goes on to state that 70% of hospitals say protecting patient data is not a priority.

Healthcare providers in the Ponemon study also say they lack resources, trained personnel, policies and procedures to safeguard patient records. 58% claim they have little or no confidence in their ability to protect records in their possession. Forget WikiLeaks, as a hacker, this is music to my ears.

So what this really means for healthcare is that something has got to change. Specifically, the mindset that data security is not a priority and that all I have to be is HIPAA compliant to be secure. Well, I hate to be the bearer of bad news but I can’t tell you how many times I’ve hacked HIPAA compliant healthcare providers but I guess telling your patients, personnel and anyone else affected by the data breach that “I was HIPAA compliant” is better than “Data security isn’t a priority” but I’m guessing that will still go over like a lead balloon.

Read the rest of this entry »

Tags: , , , , , , , , , , , , , ,

Top 10 Security SNAFU’s of 2010

Dec 29

Posted by Vinod Puthuseeri in Information Security, Risk Assessment | No Comments

That old phrase SNAFU (“Situation Normal, All F—ked Up!”) certainly describes our choices for 2010′s top 10 security screw-ups.

Not surprisingly some of the biggest names in technology – Google, Cisco, McAfee, AT&T – are prominent on the list, either because they’re obvious hacker targets or because whenever they make a security mistake, it’s big news. Without further ado, the list:

Aurora attacks on Google: In what’s come to be called the “Aurora attacks,” Google in January acknowledges valuable intellectual property was stolen via a network break-in during that past December, intimating China to be the origin of the cyberattack. About a dozen other high-tech and industrial companies appear to have been struck in similar fashion. The Chinese government says it doesn’t know what they’re talking about. Outraged over the cyber-intrusion, Google, which had been adhering to Chinese dictates regarding search-engine censorship, says it will defy them, putting its search-engine license in China in jeopardy. But by year-end, under Chinese pressure, Google abandons its tactic of re-directing Chinese user traffic to its more liberal Hong Kong site and its renewed China license requires censorship.

Read the rest of this entry »

Tags: , , , , , , , , ,

Two factor authentication

Nov 8

Posted by Vinod Puthuseeri in Information Security, Information Security Management System, Information Security Risk Management, ISMS, Technical | No Comments

What it is, what are the solutions

Today, banks providing internet banking facilities are looking for implementing or have already implemented two factor authentications. This has been done by either identifying risks by the banks themselves or has been mandated by the regulatory authorities. Whatever has initiated this, it is more important to understand what a two factor authentication is, what are the business requirements and how is it going to impact the customers. Read the rest of this entry »

Tags: , , , , ,

Classification and labeling – A double edged sword?

May 5

Posted by Vinod Puthuseeri in Information Security, Information Security Risk Assessment | 2 Comments

I use a public transport to commute between office and home. Recently, I had one gentleman sitting next to me reading a document. I just peeped into the document and all I could instantly read is the document name and it was labeled as “Confidential”.

Now why would somebody read a confidential document during his commute to office on a public transport? Did the classification serve any purpose..? I was getting curious about this and asked him “any urgent review going on…?” He said, “No, why”..? I said, I could see the document classified “Confidential”. He has his explanation as “It is just an old document, maybe sometime in 2006”. Well why the document not re-classified if it was old…?

Read the rest of this entry »

Tags: , , , ,