Cyber Security Industry Alliance Newsletter •  Volume 3, Number 10  • September 2007

President’s Message

Working in Washington, DC, on issues before Congress in September feels like the emotionally charged rush of returning for a new school year. Members of Congress come back charged up by issues. This year is no different, with this fall's crowded congressional agenda laden with issues such as Iraq troop withdrawal debates, almost all federal agency appropriation bills, the energy bill, global warming recommendations, sub prime mortgage lending, bridge safety, mine safety, and sometimes controversial judicial appointments. All of these are important and deserving of immediate attention. But so is the issue of data security and data breach notification.



CSIA Releases Compilation of Data Sources for Information on Cyber Security Issues

When researching cyber security issues, one quickly learns there is no single source of information on either the scope of the problem or its impact. While a lot of important studies have been conducted by both industry and government, finding needed statistical information can be a challenge because there is no complete listing of reliable information on attack trends and vulnerabilities, the economic and consumer impact of data breaches and cyber crime, and other relevant industry data.



Recent Survey Highlights Challenges of Securing Sensitive Data

Application Security, Inc. and the Ponemon Institute recently released the inaugural study on database security to document how business and government organizations secure database resources and respond to targeted threats.  Its findings suggest that information security practitioners understand the importance of databases and their role in advancing secure business operations.  



U.S. Cyber Security Briefs

Anti-Malware Company Wins 'Spyware' Court Case

159 Million People Affected by Data Breaches in Under Three Years
DHS Head: Cybersecurity Remains a Concern
Information Security Still an Issue in Health Care
Laws Only Go So Far
Congress Moves to Limit Use of Social Security Numbers
Report: Align Disparate Security Regs Before Imposing More
How Close Is World War 3.0?
Doctors Not Adopters
Over-Confidence Is Pervasive Amongst Security Professionals



Letter from the Director of European Affairs

Now that the summer holidays are over and EU officials are flocking back to the capital over Europe, Brussels, legislative activity has picked up again as well. On the agenda of the first plenary session of the European Parliament after the summer break was a vote on the report on the Green Paper on the review of the Consumer Acquis. The Green Paper, published by the European Commission in February of this year, aims to identify a number of problems with current legislation in the area of consumer protection.



UK House of Lords Wants Data Security Breach Notification Law As Soon As Possible

Following a year long inquiry, the UK House of Lords presented its 121 page report on personal Internet security in August this year. The report lambastes the UK government’s position that the individual is ultimately responsible for her personal internet security, noting that ‘this is no longer realistic’. It notes that everyone with a stake in the Internet can and should do more to promote personal Internet security.



E.U. Cyber Security Briefs

EU's Frattini Says New Europe–Wide Anti–Terror Measures Needed

Debate Rages Over German Government Spyware Plan
Lords Push for Wide–Ranging Security Improvements
“Promiscuous” RFID a Data Threat, Warns Privacy Watchdog



Cyber Security Corner: Long Term Data Integrity and Compliance Tips

Advances in technology – broadband, the internet, and mobile devices – are enabling us to communicate more effectively and collaborate globally, regardless of network and geographic boundaries. In today's wide open world, just about anyone can access, share and disseminate unlimited amounts of information, any time, anywhere. While these newfound capabilities empower employees and speed the flow of business, they also make it more difficult to secure all of the sensitive data that we depend upon.



CSIA Member Spotlight

CSIA Member Spotlight: Lavasoft AB

About Lavasoft: As the pioneer for commercial anti–spyware applications, Lavasoft established the groundwork back in 1991 for what has become an industry of economic proportions, both for the offenders and defenders. Since that time, the flagship Ad–Aware anti–spyware program has been downloaded over a quarter of a billion times, currently hitting 300 million downloads, and continues to provide trusted protection against privacy invasion.


Social Engineering: Good Triggers and Bad Triggers

Call them shortcuts. Call them rules of thumb. Call them heuristics. Herein I will call them triggers. We all have these triggers, we all use them, and, in fact, we all need them to survive in today’s world. Robert Cialdini gives an excellent description of these triggers in his book “Influence: Science and Practice.”