GoIPNow Security NetWork

         Home       Thai     Eng
Your Flash Player is Old Version Please Download New Version Here

News GoIPNow

GoIPNow Logo  Government Data Loss: Double Standard


One of the greatest challenges to network security is the illegitimate use of legitimate access - insider abuse. There are a number of insider abuse cases in the headlines, from the Countrywide employee that grabbed 20,000 customer records every Sunday for nearly two years, to the recently disclosed State Department Breach.


One of the greatest challenges to network security is the illegitimate use of legitimate access - insider abuse.  There are a number of insider abuse cases in the headlines, from theCountrywide employee that grabbed 20,000 customer records every Sunday for nearly two years, to the recently disclosedState Department Breach.

While the State Department breach is relatively small, it’s newsworthy for several reasons. 

 

  1. It’s another failure for an organization that seems to be plagued with network security challenges.  Considering they have detailed identity data on nearly 200 million U.S. passport holders, it’s reasonable to ask, “Who’s guarding this information, and how?”
  2. We’re dealing with identity theft originating from within a branch of the federal government! 

We might be able to choose not to do business with a specific retailer, but we don’t have a choice when it comes to the government.  If you apply for a passport, your records are stored in their database, apparently easily accessible, and with little to no oversight.  While many states have passed data breach notification laws, these laws don’t seem to apply to the State Department. It wasn’t required to notify applicants that their records may have been compromised and their identities were at risk - and they didn’t notify them for over seven months.

Will the federal government be held to the same security and compliance standards that it has mandated for corporations or that states impose on businesses operating within their borders?

It seems unlikely, so we’re faced with a serious dilemma.  The national ID campaign, and of course the drive toward national healthcare will both embody massive, centralized databases that we’re “assured” will be secure.  How can we be sure as citizens that the ever-growing volume of citizen and visitor data being compiled by the government will be “secure”?

I’m not a cynic, just a practicing pragmatist.  The challenge is enormous, the risks are real, and I’ve seen little evidence to-date that suggests the problem is being addressed.  There are no easy answers, and certainly no cheap ones, but we can start by demanding the government play by the same rules they’ve imposed on business.  I’d like to see the people signing off on government IT audits held to the same standards (and penalties) that SOX places on executives.  At the very least, responsible disclosure requirements should be implemented.

 



        all News

GoIPNow Logo BalaBit Presents Syslog-ng Store Box
Centralized logging helps organizations in policy compliance.


GoIPNow Logo Reliablilty and Compliance - Syslog-ng PE 3.0
The syslog-ng Premium Edition v3.0 application has been released. It offers high-level security and availability on the market of logging infrastructures.


GoIPNow Logo Government Data Loss: Double Standard
One of the greatest challenges to network security is the illegitimate use of legitimate access - insider abuse. There are a number of insider abuse cases in the headlines, from the Countrywide employee that grabbed 20,000 customer records every Sunday for nearly two years, to the recently disclosed State Department Breach.


GoIPNow Logo What we can learn from Obama's digital campaign
Paul Brennan, CEO of Zeus Technology, the company that powered Obama’s online fundraising efforts reflects on the new President’s online campaign and explains why the UK political scene has a lot to learn.


GoIPNow Logo Economic Uncertainly? Maybe it's Good Thing...
I see this economic downturn as an incredible opportunity for TriGeo. We’re in the best position out of all our competitors to weather this storm. TriGeo is profitable, cash flow positive, has a huge cash reserve and is debt free. I’m certain you won’t find any other private SIEM vendor who can say the same.


GoIPNow Logo Guest comment: Christmas time, mistletoe and downtime
With online retail forecast to hit its peak this week, Paul Brennan, CEO of online delivery specialist Zeus Technology, offers advice on how to manage online traffic.


GoIPNow Logo Syslog-ng Store Box (SSB)
BalaBit syslog-ng Store BOX (SSB) offers a simple, reliable, and convenient way of collecting log messages centrally. It is essentially a high- capacity log server with high-availability support. Being able to collect logs from several different platforms makes it easy to integrate into any environment.


GoIPNow Logo Monthly Malware Statistics: November 2008
Two Top Twenties have been compiled from data provided by the Kaspersky Security Network in November 2008. The first Top Twenty is made up of those malicious programs most frequently detected on users’ computers by the 2009 antivirus products.


GoIPNow Logo Several Leading Companies Select ZeroOutages For Internet Uptime, Bandwidth Management, Redundancy And Peace-of-Mind
Irvine, CA, November 3, 2008 - XRoads Networks, the worldwide leader in Unified Bandwidth Management platforms, today announced that three top companies, representing three different industries, have selected the industry-leading ZeroOutages service.


GoIPNow Logo Sawmill and BalaBit Announce Alliance
Sawmill Analytics and BalaBit IT Security agree on technical and commercial cooperation 30 January 2008, Swindon UK .............Sawmill Analytics and BalaBit Security today announce their far-reaching commercial and technical cooperation designed to provide an integrated log management/data intelligence solution that will benefit both sets of customers worldwide. Under the agreement Sawmill Analytics will offer full technical and commercial support for the syslog-ng family offering enterprise level data access and collection coupled with Sawmill’s world-class analytics and reporting. End users and Resellers will be able to purchase both products from Sawmill Analytics as an integrated solution with a single point of commercial and technical support.