Information security analytics

Employees widely ignore safe-use policies Most American office workers have performed risky acts with e-mail, and the vast majority are clueless about it, indicates a recent Harris Interactive poll. Sixty-one percent admitted personal use of office e-mail, 48 percent admitted sending or receiving junk e-mail with questionable content, and 22 percent admitted passing log-in information via e-mail. But 92 percent say they've done nothing risky. Half had saved e-mail outside the corporate network, and the more they earned the more likely they were to do so.

SEC committees suggest SOX 404 exemptions for small and micro-cap firms Subcommittees of the SEC's Advisory Committee on Smaller Public Companies last week presented some preliminary proposals that would grant smaller firms certain exemptions to Sarbanes-Oxley Section 404 auditing requirements. Official proposals will not be submitted until December 14.

Continuing private data leakages and attendant ID thefts allow Chinese to use Korean IT resources without any pangs of conscience. It's a so burning issue that Korean government decided to interfere and design new identification systems specific for the virtual world.

Suggestions can be submitted until year's end concerning FIPS 200 Mandatory security practices for federal agencies will probably not be revised until next February, and until then the National Institute of Standards and Technology will continue to accept suggestions for the revision.

A national law should trump state rules, but current proposals aren't strong enough, company says Recoiling from the idea of 50 different state privacy laws, Microsoft has come out in favor of a federal standard for personal data security. Speaking to congressional staffers in Washington, a Microsoft vice president said that the bills currently being considered at the federal level actually don't do enough. They should set security standards for both physical and digital data, make the data transparent to consumers, and allow consumers to opt out of collection, he said.

CSO Magazine supposes that there too many weak data theft bills in Congress, so lawmakers don't have time to pass an effective legislation before 2006. As for toothless acts that are proposed by some organizations, they don't have a chance, because privacy advocates and public groups are opposed to them.

According to Mobile Usage Survey 2005, a third of professionals using portable devices such as PDAs and smartphones doesn't protect its mobile data with passwords or any other security protection. However three out of ten store their Pins, passwords and other corporate information on the devices. The findings come from the Mobile Usage Survey 2005, conducted by SC Magazine. Almost 80% of users do not encrypt the information on their PDA or smartphone even though sensitive personal and valuable corporate information is being stored on the devices.

FBI arrested four men who allegedly conspired to steal sensitive information about Navy warships and smuggle it to China. One of them was insider who worked in defense contractor and stole secret data of his employer.

Congress is going to examine one more bill called the Data Accountability and Trust Act. Although the legislation require companies whose data is compromised to notify each individual affected in writing, it has very weak “security breach" definition that leaves up to the data companies to decide if they should inform potential ID theft victims about the incident or not.

ID theft is the fastest-growing and the most expensive crime there is in the United States. Thieves using personal data they obtained both legally and illegally raked in $54.6 billion last year.