Information Security Blog

Internet Freedom Upheld, Worst Government Breaches of 2012 Recalled


4 Flares

4 Flares


×

These Government links are part of a weekly series, Ethical Hacker Roundup, featuring recent information security and cybersecurity related articles that we’ve read over and thought worth sharing.

These articles were emailed to us, shared on Twitter @pivotpointsec and our Google+ page, and read in RSS subscriptions this week.

Blocked UN Treaty Means the Internet Will Stay Free… For Now

Proponents of a free and open Internet got good news today, as the US, Canada, Costa Rica, the Czech Republic, Denmark Egypt, Kenya, the Netherlands, New Zealand, Poland, Qatar and Sweden blocked a proposed global telecom treaty that would have empowered national governments to monitor and control the web. The major proponents of the failed treaty were Russia, China and the United Arab Emirates.

The treaty was debated for two weeks at an International Telecoms Union (ITU) conference in Dubai. Originally intended to update outmoded current telecom treaties, the effort evolved into what many democratic nations deemed an overreach.

The US response was (in part): “The internet has given the world unimaginable economic and social benefit during these past 24 years. All without UN regulation. We candidly cannot support an ITU Treaty that is inconsistent with the multi-stakeholder model of internet governance.”

10 Worst Government Data Breaches of 2012 Recalled

Government agencies from local election boards to NASA suffered significant data breaches in 2012. Here are the top three, according to Microsoft News:

#3: Utah health programs
Capitalizing on servers left unprotected during an upgrade, Eastern European hackers succeeded in stealing 780,000 Medicaid records from Utah’s Department of Technology Services. Among the records stolen were many pertaining to children. Since child identity theft is often not discovered until the victim is an adult, this breach could have long-term as well as immediate financial consequences.

#2: California Department of Child Support Services

Contractors Iron Mountain and IBM lost storage devices in transit that contained the names, addresses, Social Security numbers and other sensitive data of over 800,000 people. The tapes were believed to have fallen out of an improperly secured shipping container during a disaster recovery exercise.

#1: South Carolina state government

When a hacker stole a database from South Carolina’s Department of Revenue, 75% of state residents were put at risk of identity fraud. A staggering 3.6 million Social Security numbers and 387,000 payment card records were exposed, along with sensitive information for 657,000 businesses.

Just released: Cybersecurity Handbook for Cities and Counties

In the wake of a well-publicized cyberattack earlier this year, (see above), Utah governor Gary Herbert said that hackers had mounted 1 million attacks per day on state IT systems prior to the breach. With threats increasing in frequency and complexity, and cybersecurity costs spiking in the face of IT budget and staffing cuts, information systems and data maintained by cities, counties and other smaller government agencies are particularly vulnerable.

Based on the activities of task forces making up the Digital Communities program, a partnership among public- and private-sector IT professionals working to support local governments, a “Special Report: Cybersecurity Handbook for Cities and Counties” is now available on the Digital Communities and Government Technology magazine websites.

The report defines the current threat landscape, describes the most common cyberattacks that small agencies face, and outlines some of the most important and cost-effective approaches for mitigating the majority of threats. To know that your agency’s information systems are secure from malicious attacks targeting sensitive information, Security Certification and Accreditation is the most comprehensive approach.

Government IT Security

Pivot Point Security has the right combination of Information Security/Compliance domain expertise, government knowledge and experience, and organizational character to help you define and execute on the best course of action to know you’re secure and prove you’re compliant. See how we can help.

0


Is ISO 27001 Right for (Y)our Organization?

iso-27001-webinar

Thinking about ISO 27001 Certification? View our free On-Demand ISO 27001 Webinar

  • How to deal with increasing threats
  • How to manage multiple regulatory requirements
  • How to handle client requests for attestation
  • To validate that significant changes did not have unanticipated results

Best Practices for Firing A Network Security Administrator

Firing A Network Security AdministratorWant to know how to fire a Network Admin? Need to know what precautions to take? Firing any employee can be a stressful event. Firing one who has significant knowledge of and privileged access to your Information Technology/Security infrastructure is even more stressful, as the risks are so notable.

Free Whitepaper: Five Best Practices for SIEM

siem-whitepaper

The promise of SIEM is the consolidation of all relevant Security Event Logs from disparate sources into a single unified and normalized data store.

Free Download: A Best Practices Guide to Database Security

database security roadmap

Because data is only as secure as the systems & processes it relies on – a holistic approach to data security is essential. This roadmap is not meant to be exhaustive but rather to stimulate the necessary thought process to put you on the path to good data security.

Free Download: ISO 27001 Vendor Selection Toolkit

“ISOOur ISO 27001 Toolkit will help you to select an ISO 27001 consulting firm.
  • Review the Issues Critical to Your Environment
  • "Vet" Vendor Qualifications
  • Compare the Top 3 Vendors
  • Sample RFP Included

Free Download: ISO 27001 Implementation Roadmap

ISO 27001 RoadmapHave no fear – our “roadmap” will guide you, step by step, through the entire ISO 27001 process.

Getting to ISO 27001 certification is a process made up of things you already know – and things you may already be doing!

Free Whitepaper: Stop Wasting Money on Penetration Testing

penetration-testing-whitepaper

Penetration Testing is most frequently performed to:

  • Substantiate the net effectiveness of a mature control environment
  • Prove to a third party that an environment is secure/trustworthy
  • Quickly assess the security of a less mature control environment (in a sense a technical risk assessment)
  • To validate that significant changes did not have unanticipated results

Download: Information Security Attestation Guide

Information Security GuideA Best-Practices Guide to Information Security Attestation

Download our proven Information Security Guide to simplify the process of protecting your data, proving you’re secure and growing your business.

About the Author:

Marketing at Pivot Point Security

Add a Comment

4 Flares Twitter 3 Facebook 0 Google+ 0 LinkedIn 0 Reddit 0 StumbleUpon 0 Email -- 4 Flares ×