Blogs

  • Survey Shows More than Half of US Businesses Are Not Prepared for eDiscovery

    by Stephen Wu on November 16, 2009

    On October 21, 2009, Kroll Ontrack announced the results of an eDiscovery readiness survey of "commercial businesses" in the US and UK. Most of the surveyed businesses have a document retention policy, but fewer than half (46% of the surveyed US businesses) say that they have an "eDiscovery readiness strategy." For a link to the Kroll Ontrack press release announcing the survey, click here. You can…

  • More FUD from the Mainstream Media?

    by Gib Sorebo on November 11, 2009

    Many of you may have watched the “60 Minutes” segment on Sunday entitled “Sabotaging the System.” The 20-minute segment highlighted a number of alleged past and potential cyber attacks, including power outages in Brazil, an attack on the military’s Central Command, and theft of millions through hacks of ATM networks. Beyond somelegitimate disputes as to whether the Brazilian blackouts were caused…

  • Massachusetts Issues Final Data Security Regulations

    by Stephen Wu on November 6, 2009

    On November 4, 2009, the Massachusetts Office of Consumer Affairs and Business Regulations announced that it promulgated final data security regulations to take effect on March 1, 2009. In a previous blog post, I described imminent changes to the regulations and some of the history of the Massachusetts regulations. The final regulations appear at Title 201 of the Code of Massachusetts Regulations, …

  • Amendments to Massachusetts Data Protection Regulations

    by Stephen Wu on October 23, 2009

    Massachusetts' Office of Consumer Affairs and Business Regulations recently amended Massachusetts' identity theft regulations, and last month held hearings on possible new amendments that the Office may issue soon. A copy of the latest version of the regulations is linked here. The latest regulations will take effect on March 1, 2010. A year ago, the Office issued final regulations at Title 201 of…

  • What Does Smart Grid Security Mean to You?

    by Gib Sorebo on October 15, 2009

    As someone who has been knee-deep in Smart Grid security research, collaboration, assessments, and integration projects for the past year, it is sometimes easy to forget that most of the information security community hasn’t had much exposure to this area. Given that we received several submissions for sessions related to Smart Grid security, and it has been getting a fair amount of media…

  • What Is Taum Sauk?

    by Gib Sorebo on October 7, 2009

    Sometimes the significance of critical infrastructure doesn’t hit home for people until they’re faced with the consequences of its failure. In 2005, the people in the Missouri Ozarks learned firsthand the value of information integrity and what can happen when efforts are not made to ensure the accuracy of data. Taum Sauk is a pumped-storage hydroelectric plant run by the AmerenUE electric…

  • Welcome to the Critical Infrastructure Blog

    by Gib Sorebo on October 2, 2009

    Welcome to the inaugural posting for the Critical Infrastructure blog. I hope this will help to broaden the scope of information security coverage provided by RSA ® Conference 365. As part of the recognition of this increasingly important area, the RSA Conference will feature a track entitled Physical Security and Critical Infrastructure, which had previously been covered under the Physical…

  • Alaska Data Protection Law

    by Stephen Wu on August 26, 2009

    This is another in our series of articles about data protection laws around the country. The focus for this post is on Alaska. On June 19, 2008, Alaska became the 44 th state with a breach notification law when then-Governor Sarah Palin signed HB 65, the Alaska Personal Information Protection Act (“Alaska Act”). Most of the Alaska Act became effective on July 1, 2009. The Alaska Act contains a…

  • Connecticut Data Protection Law

    by Stephen Wu on July 22, 2009

    As part of our ongoing efforts to keep you up-to-date concerning information security legislation around the country, this post covers a fairly recent Connecticut law of interest to information security professionals, executives, risk managers, and attorneys. Connecticut enacted a new data protection law that became effective October 31, 2008. It includes both protection of Social Security…

  • New California Electronic Discovery Act

    by Stephen Wu on July 3, 2009

    On June 29, 2009, Governor Arnold Schwarzenegger signed into law Assembly Bill 5, which enacts California's new Electronic Discovery Act. The new legislation's provisions are similar to the ediscovery rules in the Federal Rules of Civil Procedure, but are not identical to the Federal Rules. Some of the highlights are as follows. The rules allow the discovery of electronically stored information…

This document was retrieved from http://www.rsaconference.com/blogs on Sat, 20 Sep 2014 03:56:56 -0400.
© 2014 EMC Corporation. All rights reserved.