Risk
3/12/2014
09:06 AM
Connect Directly
Twitter
RSS
E-Mail

Snowden, Bitcoin, Data Breaches Foretell New Regulations

It's inevitable that more businesses will be penalized for breaking customer trust. Is your enterprise prepared for new security laws?

Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
pfretty
100%
0%
pfretty,
User Rank: Apprentice
3/19/2014 | 1:13:03 PM
Culture
These ongoing events should be a wake-up call for organizations around the importance of a security first culture. Beyond simply integrating the best technologies fighting this fight means embracing an education-based strategy that improves awareness and ultimately helps bring costs back under control.  Some interesting stats that paint the full picture within the 2013 HP Ponemon Cost of Cyber Crime report available here: (http://www.hpenterprisesecurity.com/ponemon-study-2013).  

 

Peter Fretty (j.mp/pfrettyhp)
PeteJW
50%
50%
PeteJW,
User Rank: Apprentice
3/13/2014 | 6:42:43 PM
Re: Variable-size teeth
Interesting - I quite like the idea of variable-sized teeth, though how easy it would be to administer and control I'm not so sure. IMO regulations have to be more prescriptive so that large organiztions can't manouvre their way around by achieving only the very basic levels of compliance -- tick-in-the-box approach.
Ariella
50%
50%
Ariella,
User Rank: Apprentice
3/12/2014 | 7:25:59 PM
Re: Variable-size teeth
@Lorna that makes sense. For some companies the fines are a relative drop in the bucket. 
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
3/12/2014 | 10:54:32 AM
Variable-size teeth
Here's what's smart: "fines of up to 5% of annual revenue are being proposed for noncompliance."

Part of the problem with HIPAA and some other regs is that for large institutions, it's less expensive to pay the fines than to do the work to comply. Yet if fines were high enough to really bite those orgs, they'd put small practices out of business. A sliding scale is needed.
Laurianne
50%
50%
Laurianne,
User Rank: Apprentice
3/12/2014 | 9:30:54 AM
More regs?
Our own security expert Mathew Schwartz has argued more financial penalties are necessary in order to make some retailers bear down on security. Structuring those rules to ensure that both retailers and the major credit card companies make changes (changes that will require serious financial investment) will be no small feat. Do you agree readers?
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0607
Published: 2014-07-24
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executable file.

CVE-2014-1419
Published: 2014-07-24
Race condition in the power policy functions in policy-funcs in acpi-support before 0.142 allows local users to gain privileges via unspecified vectors.

CVE-2014-2360
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules allow remote attackers to execute arbitrary code via packets that report a high battery voltage.

CVE-2014-2361
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules, when BreeZ is used, do not require authentication for reading the site security key, which allows physically proximate attackers to spoof communication by obtaining this key after use of direct hardware access or manual-setup mode.

CVE-2014-2362
Published: 2014-07-24
OleumTech WIO DH2 Wireless Gateway and Sensor Wireless I/O Modules rely exclusively on a time value for entropy in key generation, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by predicting the time of project creation.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Sara Peters hosts a conversation on Botnets and those who fight them.