Blogs

  • California Information Security Legislative Update

    by Stephen Wu on May 5, 2010

    Last year, California addressed the disposal of personal information by enacting AB 1094, which provides a safe harbor for storage companies or landlords when they end up with others’ records containing personal information. Governor Schwarzenegger, however, vetoed legislation, SB 20, to enhance the state’sbreach notification law to require notification to the California AttorneyGeneral, in…

  • The Illusion of Due Diligence

    by Ben Rothke on April 28, 2010

    The Illusion of Due Diligence is a great new book from Jeff Bardin. Full disclosure, Jeff is a friend of mine, and I wrote the introduction to the book, so this is more of an announcement and not a book review. The book is an in the trenches narrative about Jeff’s experiences in the CISO wild. Jeff is a guy who really gets security, and the book is a must read for anyone who also wants to get the…

  • Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet

    by Ben Rothke on April 23, 2010

    Fatal System Error: The Hunt for the New Crime Lords Who are Bringing Down the Internet is a non-fiction cyber-thriller with super analytical advice. As computing and technology has evolved, so too have the security threats correspondingly evolved. The classic Yankee Doodle virus of 1989 did minimal damage, all while playing a patriotic, albeit monotone song. In 2010, aggressive malware now…

  • Smart Grid Security Jitters

    by Gib Sorebo on April 21, 2010

    Over the last couple years, those in the Smart Grid security community have witnessed a number of news reports on vulnerabilities with Smart Grid technology that are not particularly flattering. For example, a widely circulated AP article called into question the security of various smart meters currently being deployed. However, the article left out some of the caveats noted during their…

  • North Carolina's Amendment to its Breach Notification Law

    by Stephen Wu on April 17, 2010

    Although almost all the states have some form of breach notification law, the legislative process regarding breach notification has not reached an end. Some states are changing their breach notification laws in an effort to enhance their protections. Last July, North Carolina enacted S.B. 1017, which amends the state’s breach notification law. N.C. Gen. Stat. § 75-65. Click here for a copy of S.B. …

  • How to build a safety culture in three steps

    by Ben Rothke on April 14, 2010

    This is an article from Aviation International News. While it is about aviation safety; the keys points, namely about a culture, ring true for information security. How to build a safety culture in three steps By: John Goglia April 1, 2010 There are no petri dishes where we could grow a perfect strain of safety culture and inject it into those aviation organizations that clearly seem to need it. …

  • Missouri's Breach Notification Law

    by Stephen Wu on April 13, 2010

    Missouri became the 45th state to enact a breach notification law. Mo. Rev. Stat. §§ 407.1500.1-407.1500.4. Missouri’s governor signed the enabling legislation, H.B. 62, into law last July. It went into effect last August 28. For a copy of H.B. 62, click here. H.B. 62 covers “personal information” consisting of a name in combination with a driver’s license number, Social Security number, or…

  • Montana's Amendments to Its Breach Notification Law

    by Stephen Wu on April 7, 2010

    Last April, Montana added a public sector breach notification requirement to its existing private sector breach notification law. Mont. Code Ann. § 30-14-1704. The new law, enacted as H.B. 155, went into effect on October 1, 2009. It applies to “state agencies,” and creates a breach notification requirement for agencies maintaining data containing personal information. For a copy of H.B. 155, …

  • Washington's New PCI-Based Card Reissuance Liability Law

    by Stephen Wu on March 27, 2010

    On March 22, 2010, Washington’s governor signed a new law that holds businesses and card processors liable for the cost of reissuing cards following a security breach caused by their negligence. The legislation, H.B. 1149, goes into effect on July 1, 2010. H.B. 1149 § 3 (2010). For a copy of H.B. 1149, click here. Covered businesses are those that process more than 6 million card transactions a…

  • Preview - Cryptography Engineering: Design Principles and Practical Applications

    by Ben Rothke on March 26, 2010

    I just got a copy of Cryptography Engineering: Design Principles and Practical Applications . Think of it as an update to Applied Cryptography. While not as dense as Applied Cryptography, it does update the contents significantly. This should be a required read for any serious student of cryptography.

This document was retrieved from http://www.rsaconference.com/blogs on Thu, 24 Jul 2014 15:19:48 -0400.
© 2014 EMC Corporation. All rights reserved.