Overheard and Noted: "eRisk Hub is an unparalleled resource for absolutely everything you need to deal effectively with a breach - before and after it happens."                             "eRisk Hub puts everything at your fingertips. It's not a data dump - it's the best of the best."
REGISTER   |   NEWSLETTER SIGNUP   |   CONTACT US   
 
Healthcare Data Breaches
Total Number Reported: 63
Latest Incident
University Health System
State: Nevada
# of Records: 7,526
Type of Breach: Theft
See more at www.HHS.gov

Featured Articles
The Intersection of Business Continuity and Data Breach Preparedness

New Data Breach Legislation

Data Breaches: A Sidewalk Sale of Consumer and Personal Information

The “Should” Rule of Cloud Computing

Social Networking: Setting Boundaries in a Borderless Brave New World


Cyber Risk News
Zurich UK cops $4m data loss fine

Conn. AG investigates Yale med school data breach

Milton Hospital apologizes for breach of confidentiality

Portland psychologist's laptop stolen; 4,000 patients face possible identity breach

Thousands of online banking customers have accounts emptied by 'most dangerous trojan virus ever created'


Security Wire
Microsoft to address DLL load hijacking flaw, issues new tool
 
Researchers, ISPs fail to contain notorious Pushdo botnet
 
CA to acquire Arcot Systems for SaaS identity management
 
Security information sharing is a shared responsibility
 
Intel-McAfee marriage could fuel renewed chip security interest
 
Cyber Security is an Economic Issue – Cyber Insurers Should Provide Economic Incentives, ISA Reports
by Richard Bortnick, Cozen O'Connor

In the security industry there is a generally accepted philosophy that no system or network is completely secure – a competent attacker with enough time, patience and resources will eventually find a way into a target.

We may have gotten a good chuckle out of the various messages that were left on the Twitter accounts for Barack Obama, Britney Spears, and Bill O’Reilly, but the implications are serious; with every new technology comes new risk. Viruses can permanently erase an entire system, sensitive system files can be accessed and altered by intruders, computer networks can be infiltrated and used to attack others and credit card information can be absconded and used to make unauthorized purchases.

Cybersecurity” refers to the protection of that information by preventing, detecting and responding to attacks. Although there may be a tendency to consider cybersecurity to be a technical issue with technical solutions, it may also be useful to think of cybersecurity as an economic issuewith economic solutions.

This is the message that the Internet Security Alliance (“ISA”) has made in a landmark report issued earlier today, December 3, 2009.  The ISA is a trade association which represents a gamut of corporate interests ranging from Defence and Aerospace, Banking & Financial, Food Service, Entertainment, Telecommunications and Manufacturing industries. In its report, entitled Implementing the Obama Cyber Security Strategy via the ISA Social Contract Model,” the ISA emphasizes that cybersecurity is an economic rather than a technical issue and that both the U.S. government and private industry need to revisit their assessments of cybersecurity by creating economic incentives and other programs to foster broader, and more enhanced, cybersecurity efforts and systems.

At present, the government has been relying on regulations to ostensibly improve cybersecurity.  The ISA suggests that this method is not only outdated, but also ineffective in dealing with a 21st Century problem.  The report sets forth a number of proposed economic solutions, many of which focus on encouraging companies to educate their executives about the economic and social benefits of cybersecurity. Key among these proposals is the suggestion that businesses should create risk management programs that educate their executives about the growing problem of cyber theft and abuse, and assist them incorporating cybersecurity solutions in their corporate business plans (rather than ceding such responsibilities to computer “geeks” in their IS or IT, as is typically the case today).

-------------------------------------------------------------

This article was originally published at cyberINQUIRER, a blog by Richard Bortnick and Pamela Pengelley of Cozen O'Connor. The article is reprinted here with permission.

To continue reading, you must be a subscriber.
SUBSCRIBE NOW
FOR FULL ACCESS
TO THE eRISK HUB.
SUBSCRIBE NOW
Ask about our
enterprise solution
eRISK HUB PRO
Powered by NetDiligence   |   Privacy Policy   |   Terms of Use
© 2010 NetDiligence®