Enterprise Security 05|06

Last month, 26 million vets were told to keep a close eye on their credit reports. Now is the time to ensure that your business never has to issue that kind of a warning.

Data loss strikes again

This time, though, it affects veterans of the United States armed forces and Sacred Heart University students.

The Veterans Affairs breach is particularly troubling, potentially opening the door to millions cases of identity theft. The agency revealed last week that a laptop containing data on 26.5 million members of the military was stolen from a worker's home. The personal details of every veteran discharged after 1975, including social security numbers and birth dates, are, to put it simply, unaccounted for.

It turns out that the worker had violated policy by taking the laptop with the data home. Though that does little to explain how that worker was able to tote all that data out of the office to begin with.

According to testimony from Secretary of Veterans Affairs Jim Nicholson, there's not only a bit of a disconnect between security policies and technical safeguards, but there also seems to be gaping holes in the accountability department. Nicholson wasn't made aware of the breach -- the second largest to date -- for two weeks.

InternetNews journalist Roy Mark jotted down this observation in his Reporter's Notebook:

In another curious bit of testimony, Nicholson said the VA has a policy of encrypting sensitive data to reduce the chances of identity theft in the case of a data breach.

Nevertheless, the stolen data was unencrypted.

The agency's advice to vets? Basically, keep an eye on those credit alerts.

And though it pales to the VA case, 135,000 students and alumni of Sacred Heart University in Fairfield, CT may also want to subscribe to a credit alerting service. However, they don't have a laptop-carrying member of the faculty to blame.

The school revealed that a rootkit was found on one of its computers during a virus sweep. And though it cannot say for certain that sensitive files were accessed, the nature of the intrusion leads them to believe that the hacker had the ability to do so.

Sizing up Vista Anti-malware

Though it may be optimistic of Microsoft to think that businesses will be snapping up Vista the minute it hits, it's not going to stop the company and its partners from lining up the apps and utilities required to get it up and running from day one.

Given the Windows operating system's spotty security track record, companies are already touting Vista compatibility and offering free trials to beta users.

Among them are Trend Micro and CA, while McAfee preps VirusScan Enterprise 8.5i Beta. Microsoft, meanwhile, is also planning to add Vista to the list of supported operating systems of its just-released Windows Live OneCare subscription service. Currently, OneCare only supports XP SP2 and its variants (Home, Pro, Media Center, Tablet...).

Disaster recovery in the wake of Katrina

After the battering some southern US states endured last year, this year's hurricane season is being watched with apprehension, and justifiably so. Businesses, those that didn't fold outright, learned harsh lessons in disaster recovery and business continuity.

Last month we opened up a new Disaster Recovery Planning Forum where members can discuss their own experiences, best practices, and bits of news on the topic. Notable posts include "DR Lessons from Hurricane Katrina" and " Large Systems Backup & Recovery."

This article was first published on EnterpriseITPlanet.com.






Comment and Contribute

 


(Maximum characters: 1200). You have characters left.