CIOs more concerned than ever about social media and data loss

Survey finds security breaches due to social networking more pressing than ever

A new survey from email security firm Proofpoint finds more organisations are dealing with data loss and security breaches due to employee use of social media sites. Proofpoint polled 261 IT decision makers at organisations with more than 1000 employees. Respondents were asked about the frequency of data loss events in the past 12 months, as well as their concerns, priorities and policies related to email, the web, social media and other sources of data loss risk.

The survey found 20 percent of companies polled had investigated the exposure of confidential, sensitive or private information via a post to a social networking site. In many instances, the events have been severe enough to lead to job loss or disciplinary action, with seven percent of companies reporting termination of an employee for social networking policy violations. Another 20 percent disciplined an employee for not following social networking policy.

read more...

 

Interpol head has identity stolen on Facebook

He’s one of the most powerful people in world policing, but on Facebook Interpol chief Ronald K. Noble is just as vulnerable to identity theft as anyone else. At last week’s inagural Interpol Information Security Conference in Hong Kong, secretary general Noble revealed that criminals had set up two accounts impersonating him on the networking site during this summer’s high-profile global dragnet, ‘Operation Infra-Red’.

The fraud was discovered only recently by Interpol’s Security Incident Response Team. “One of the impersonators was using this profile to obtain information on fugitives targeted during our recent Operation Infra-Red," Noble told delegates.
read more...

Infosys CEO: People willing to trade privacy for tech benefits

"You allow that privacy to be compromised for a benefit," says CEO Kris Gopalakrishnan

People are willing to adjust their ideas about privacy if they can benefit from revealing more of their personal information, the CEO of Infosys Technologies said Thursday.

"You allow that privacy to be compromised for a benefit," CEO Kris Gopalakrishnan said during a talk at MIT's Emerging Technologies conference. The definition of privacy must now take into account whether personal information is "properly used to give additional benefits," he said.
read more... 

Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach’

NIST has recently released the final publication of the "Guide for Applying the Risk Management Framework to Federal Information Systems: A Security Life Cycle Approach".

This NIST special publication (NIST Special Publication 800-37, Revision 1) can be downloaded from csrc.nist.gov website.

As per this guide, the Certification and Accreditation process of the federal government information systems transformed into a Risk Management Framework that stresses security from an information system’s initial design phase through implementation and daily operations

It places equal emphasis both on defining the correct set of security controls and on implementing them in a robust continuous monitoring process.

This is similar to the various Secure Software Development processes such as MS SDL and OWASP CLASP.

The guide can be downloaded from here

Guide to ISO 31000

Three risk associations, Airmic, Alarm, and the IRM, have collaborated to publish a free guide to ISO 31000 titled "A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000".

The guide is organized in two parts each containing four chapters with two appendices. The document is neatly organized and is useful for organizations implementing/ following ISO 31000

The full guide is available here