The National Institute of Standards and Technology has approved an additional mode of operation for using the Advanced Encryption Standard to secure data stored on government systems which comes in Special Publication 800-38E, Recommendation for Block Cipher Modes of Operation: The XTS-AES Mode for Confidentiality on Storage Devices.
Read More >>
The annual U.K. Cost of Data Breach Study tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Read More >>
It is a well know fact that IT employees are a special breed. They may be seen as overly paranoid and sometimes very singleminded and demanding about the issue of security and protection of the company and its technical and informational assets, but they are the people who are most aware of the consequences of [...]
Microsoft’s top lawyer is calling for the EU to update data protection and data retention laws to better suit cloud computing.
Read More >>
The Los Angeles Times reports:
A major security breach caused patients data to fall into hackers hands. The Los Angeles bureau criminal investigation responsible to look into internet fraud has confirmed a massive data theft which literally has put 10.000 patients at risk of stolen identity theft. The Hospital has acknowledged that an intruder bypassed security [...]
This post is a slight adaptation of an old post of mine on the BPX Community of SAP on the 2nd of May of 2007. Almost years have passed by, but most companies are still far away from reaching the described state, so what I describe is still very actual.
The originating question was: What kind [...]
Part 1
A while back a query was made on a mailing list (by James McGovern I believe) what questions do you ask architects in job interviews and my response was, without being facetious, “What is the purpose of an architect?” The answer is straight forward but many people will give you a circuitous route through [...]
Segregation of Duties, also called Separation of duties (SoD) has been in the headlight of public accounting firms since the beginnings of the Sarbanes-Oxley regulations, specifically the 404 section. Wikipedia describes it as: “the concept of having more than one person required to complete a task. It is alternatively called segregation of duties or, in [...]
The annual U.S. Cost of Data Breach Study tracks a wide range of cost factors, including expensive outlays for detection, escalation, notification and response along with legal, investigative and administrative expenses, customer defections, opportunity loss, reputation management, and costs associated with customer support such as information hotlines and credit monitoring subscriptions.
Read More >>
The Javelin report, End-to-End Encryption, Tokenization, and EMV in the US: Vendor Analysis of Emerging Technologies and Best Hybrid Solutions, assesses the capabilities of end-to-end encryption, tokenization, virtual terminals, magnetic-stripe security and the EMV standard as solutions to combat payment-related data breaches. It finds that while current solutions fall short of offering true end-to-end encryption, [...]