Tuesday, September 20, 2011
'We reassure you it was old data'. Sure, my DOB's changed By Guardian Healthcare Network Posted in Government, 20th September 2011 An NHS trust has told patients that it is acting to improve its data handling practices after a rebuke from the Information Commissioner's Office (ICO) for losing a CD containing details on 1.6 million people. Chief executive of NHS Kent and Medway Ann Sutton said that information is now more secure following the implementation of encryption systems to replace the use of floppy discs and CDs. Last week the trust was handed an undertaking by the information watchdog after sending the personal information to a landfill during an office move in March. The ICO said the data contained the names, addresses, dates of birth, NHS numbers and GP details of those affected. In a statement on the trust's website, Sutton said that the data had not been recovered and that the trust had accepted the ICO's report on the incident. She said: "While the breach was unfortunate, I would like to reassure patients that the data stored in the filing cabinet was not current - the most recent information was from 2002. Sutton added: "We have already strengthened our information governance policies, procedures and training on the basis of our internal investigation of the incident. The information commissioner's recommendations to improve them further will be implemented fully." ® This article was originally published at Guardian Professional. Join the Guardian Healthcare Network to receive regular emails on NHS innovation.
FISMA compliance to require monthly reports Dan Kaplan September 19, 2011 Federal agencies soon will be required to report on their information security health on a monthly basis, instead of annually, according to a memo from the federal Office of Management and Budget. As part of their compliance with the Federal Information Security Management Act (FISMA), agencies must, beginning next month, submit data from their automated security management tools into CyberScope, an application that went online in 2009, and is used to securely and efficiently report security-related information and provide analysis. "This shift from the once-a-year FISMA reporting process to a monthly reporting of key metrics through CyberScope allows security practitioners to make decisions using more information – delivered more quickly than ever before," OMB Director Jacob Lew wrote in the memo, issued last week. The monthly requirements also include answering questions in CyberScope that address risk. They are meant to determine whether an agency effectively is implementing its security functionality. In addition, under the reporting mandates, agencies must work with government specialists through sessions and interviews to improve their security stance. Marcus Sachs, a former U.S. government cyber official, said increased reporting requirements, in both the private and public sector, tend to occupy man-hours that would be better served working the problem. But he said that forcing senior management to sign off on regular reports could shine a light on the need for more security resources. "I think it one sense, increasing the [reporting] burden does take away from the few people who are really good at cybersecurity," he told SCMagazineUS.com on Monday. "On the other hand, it does increase the awareness of the senior leaders. Nobody is going to sign off on it unless it's accurate."
Sunday, September 18, 2011
Friday, September 16, 2011
Sunday, September 11, 2011
This is an ongoing diagram of the DigiNotar SSL Hack. I will update this as I work on it. I just think that this will help some people to understand the scope of this attack. This is from the spreadsheet I got from the TORProject… http://uscyberlabs.com/blog/?p=840