Optimal Security : the Lumension Blog

As I’ve discussed before, one of the requirements of the HITECH Act is for the Secretary of the Department of Health & Human Services (HHS) to publish a list of all breaches of healthcare data covered by the HIPAA security rule on a yearly basis. The first such publication has been made, covering the period [...]

Today, Wednesday, February 17, 2010, marks one year since the HITECH Act of 2009 passed. This means that most of the Act’s provisions are now enforceable – particularly, the breach notification and penalties aspect of the Act. While most healthcare organizations are concerned about the “meaningful use” requirement, for us in the IT security space [...]

Recently Dennis Blair, director of national intelligence, presented the Annual Threat Assessment of the U.S. Intelligence Community to the Senate Select Committee on Intelligence and painted a much starker picture of the current state of cybersecurity in the country compared to his testimony last year.
According to Blair, the United States confronts a dangerous combination of [...]

The latest fifth annual US Cost of a Data Breach study by the Ponemon Institute and sponsored by PGP was released this week. [Disclosure: Lumension has a relationship with the good folks at Ponemon.] The key findings of this report are well articulated in the Executive Summary …

US organizations continue to experience an increased cost [...]

Last week, the House passed the Data Accountability and Trust Act bill that would provide a law for notifying potential victims of identity theft whenever their electronically stored personal information is exposed. It’s now on to the Senate for their review and vote. If it does pass through the Senate, it will have implications across [...]

October was National Cybersecurity Awareness month. What did this initiative accomplish? Not much, I’m afraid. The fact that a lot of people in the private sector don’t even know it was Cybersecurity Month speaks to the problems we face in ensuring that people take cybersecurity seriously.
We still don’t really understand the value of cybersecurity and [...]

Gosh, my apologies dear readers (Hi Mom), it’s been a while since I’ve written a post … not for a lack of news, but my day job has kept me hoppin’ lately.
But the news out of California was enough to jolt me out of my lethargy. Seems the Governator has vetoed SB 20, the widely [...]

Gartner recently released a report on operationalizing endpoint security – on how signature-based anti-malware is losing effectiveness in the face of an overwhelming volume of threats. I have a few thoughts about the report’s findings and what organizations can do to better protect their endpoints.
As the Gartner report made clear, signature-based anti-malware is losing its [...]

SQL Injection attacks are getting a great deal of coverage lately, and with good reason. After all, it was recently revealed that SQL injection may have enabled the breach at Heartland Payment Systems. Obviously, this issue is serious enough to warrant concern and action.
When considering ways to mitigate SQL injection attacks, it’s easy to get [...]

By now, most of us have heard of the data breach that affected Heartland Payment Systems.  It’s been front page news, and Heartland themselves went public with news of the breach in January 2009.  What many people might not know is that Heartland’s QSA (Qualified Security Assessor) had declared them as PCI compliant shortly before [...]