Information security analytics

The Association of Regional Banks of Russia has sent the State Duma amendments to the Tax Code that would compensate the cost of complying with Basel II. According to experts at InfoWatch, it is unlikely the amendments will be accepted in full, but the country’s banks could gain some benefits.

A number of online shops are offering databases belonging to St. Petersburg web hosting operator Valuehost.ru. The databases, which reportedly come with the logins and passwords of 70,000 users, are being sold for $300. According to experts at InfoWatch, the databases could be fakes, but if they turn out to be genuine, the company needs to think seriously about combating insiders.

An insider who stole intellectual property from Indian firm Acme Telepower and sold it to a rival, causing losses of $166 million, has prompted the company to leave the country and move to Australia. According to experts at InfoWatch, the move is hardly likely to prevent further loss of confidential information because the company makes no use of technical security measures.

A study has revealed that the high costs of complying with SOX section 404 are due to inactivity by the Securities and Exchange Commission and the incomplete nature of COSO 1992. According to experts at InfoWatch, the problem is exasperated further by the fact that many normative acts duplicate each other, but still require separate audits.

For at least a year an insider from Russian oil company Tatneft and his unemployed friend made money by putting Tatneft shares on the market, cashing them in and then returning them to their rightful owners. The whole scheme was made possible because the insider had access to private databases and could manipulate software to carry out operations with the shares. Experts at InfoWatch point out that this is a perfect example of why big business needs to take the problem of insiders much more seriously.

A laptop containing the private details of 2,400 US servicemen has been lost. According to experts at InfoWatch, it appears that the Pentagon has once again failed to make use of encryption to protect the private data of its employees.

A college security guard stole private student and employee data before going on an Internet spending spree using the information. According to experts at InfoWatch, it is unlikely that the college administration ever carried out a risk assessment and the security guard probably had access to all the information in the office.

An Internet firm that sold people’s telephone numbers and credit card details has agreed to US Federal Trade Commission demands to halt its business and pay a fine. According to experts at InfoWatch, privacy is a top priority for the US public today, meaning companies have to tread carefully where private data is involved.

An insider at Acme Tele Power downloaded the intellectual property of his employer – patents and R&D innovations – and sent it to a rival firm. Experts at InfoWatch have expressed surprise at how the Indian telecom firm could leave such valuable information unprotected, especially when preventing such a leak is very straightforward.

General Electric has lost a laptop containing private data on 50,000 of its employees, while medical firm Compass Health has lost a computer that had the Social Security numbers and medical records of an undisclosed number of patients. According to experts at InfoWatch, confidential information on portable devices must be encrypted, but organizations are failing to do so despite the growing number of thefts.