Most data breaches tied to organised crime

Posted on July 28, 2010 by ipmlogic

Organized criminals were responsible for 85 percent of all stolen data last year and of the unauthorized access incidents, 38 percent of the data breaches took advantage of stolen login credentials, according to the 2010 Verizon Data Breach Investigations report to be released on Wednesday.

While external agents were behind 70 percent of the breaches, nearly 50 percent were caused by insiders and only 11 percent were attributed to business partners, concluded the report, which focused on data breaches that took place in 2009.

The study combined data from investigations and statistics worldwide compiled by Verizon and the U.S. Secret Service in which 141 cases were analyzed involving more than 143 million compromised data records, compared with the more than 360 million records compromised in 2008.

Most of the externally originated breaches came from Eastern Europe, North America, and East Asia, the data shows.

Nearly 50 percent of breaches involved misuse of user privileges, while 40 percent resulted from hacking, 38 percent used malware, 28 percent used social engineering tactics, and about 15 percent were physical attacks.

There was not one single confirmed intrusion that exploited a patchable vulnerability, reflecting that fact that many of the most common hacking methods–SQL injection, stolen credentials, and backdoors–exploit problems that can’t be readily patched.

“Attackers really do seem to be not so much concerned with finding software vulnerabilities as much as finding types of misconfigurations that let them in the door,” Wade Baker, director of risk intelligence for Verizon Business, told CNET on Tuesday.

Ninety-six percent of the breaches in the study were avoidable through simple or intermediate controls and nearly 80 percent of the victims who are subject to PCI DSS (Payment Card Industry Data Security Standard) guidelines had not achieved compliance.

Factoring in the Secret Service data, Verizon’s data breach investigations span six years, more than 900 breaches and more than 900 million compromised records.

Meanwhile, a Ponemon Institute report released earlier this week found that the median annualized cost of cybercrime for 45 organizations that participated in the study was $3.8 million per year and data theft accounts for the greatest amount of total external costs. by Elinor Mills


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Protection, Data Security | Leave a comment

Does Open Source Matter in the Cloud?

Posted on July 26, 2010 by ipmlogic

With the announcement from RackSpace this week about their OpenStack open source cloud computing environment, the issue of the importance of open source software in the cloud is likely to become another bone of contention for cloud technology adopters. But frankly, I think it’s a minor one, despite the online aggravation it is likely to generate.

The vast majority of people following the progress of cloud technologies are going to be consumers of cloud services, not creators. To them, it is the service that will matter, not the underlying technologies. As technologists, we have an annoying tendency to get swept up with our own personal beliefs and and a fascination with what’s cool at the moment, especially those of us who evaluate technology and write about it on a regular basis.

But this is an issue that needs to be looked at from the business perspective and not the IT view. It just doesn’t matter what the back end is as long as it delivers the services that our users need. Unless we are hosting and creating our own cloud services, the technology that drives the cloud is far less important than the business value of the delivered services.

For the long term, everybody on the backend playing nice will be much more beneficial to cloud consumers than the same type of religious war that tends to crop up anytime you get Mac, Windows, and Linux users together in the same place.  As much as zealots like to think that their personal opinion really matters, most of the business world just doesn’t care what operating system or application is being run, as long as it aids them in getting their work done and doesn’t impede them.

So whether the cloud application that is driving the business forward is running on OpenStack, Azure, VMware, RedHat Enterprise, or CP/M isn’t an issue to consumers of cloud services. Results are all that matter.

By David Chernicoff


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in IP Governance, OSS, Open Source Governance, Open Source Policy, Open Source Readiness | Leave a comment

Free Software

Posted on July 26, 2010 by ipmlogic

Free software leaves us free to create more knowledge, to spread the benefits of Moore’s Law to more people at lower price points. It has been a lever on knowledge and the capability of the human mind the likes of which we have never seen before.


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in IP Commercialisation, IP Governance, OSS, Open Source Governance, Open Source Policy, Open Source Readiness | Leave a comment

Open source is filled with freeloaders

Posted on July 26, 2010 by ipmlogic

With OSCON in the rear-view mirror the usual grievances are being aired.

Open source doesn’t innovate. Some open source is vaporware. Big companies take advantage of open source but don’t comply with the license terms.

It usually comes down to this. Open source is filled with freeloaders.

(Red Skelton himself originally painted this, a portrait of his Freddie the Freeloader character. The Plate Lady offers copies for $495.)

It’s true. That’s a bug, not a feature.

Open source is a process, not a technology. Open source uses the economics of the Internet to drive costs out of software development and distribution, while at the same time making the base for computer development and use wider, and deeper, every year.

Open source drives out monopoly profits. An innovator once had decades to take advantage of their breakthrough. Now it’s just a few years, maybe months. This doesn’t just stop Steve Jobs and Bill Gates. It keeps anyone in software from being just like them, ever again.

Who’s the winner in all this?

You are.

Around they time I took on this beat, in 2005, I helped a friend upgrade their Windows installation.

It was a tedious process. Because my friend didn’t want to lose access to his old software, his old installation had to be mirrored. Technically this violated license agreements, but over the years my friend had spent thousands of dollars on his software applications. He lacked the cash to do it otherwise.

I saw him last month and asked how things were. He had upgraded again. But this time the process was quite different.

Now he just downloaded and installed the programs he used most often. Openoffice.org for his office tasks. His Firefox browser. The Gimp for editing pictures. A screen capture program. Thunderbird for his e-mail, a free version of Mailwasher to clear out the spam, iTunes for his music. Those programs that weren’t open source were still free as in beer.

The only software he paid for, he told me, was Windows 7. That came bundled with his machine, he had no choice in the matter. It took him a week, but he was working better than ever. His incremental cost was zero dollars. Much of it would update automatically.

Multiply my friend’s experience by hundreds of millions, maybe billions. Consider how even enterprises, large and small, are taking advantage of these economics and you start to see my point.

Open source has truly changed the world. Most of the benefits have flowed to freeloaders, ordinary users treating the freedom of software as free beer. The money has been lost by developers and venture capitalists and salesmen and computer stores.

Software has been in a deflationary spiral since the world of open source began, and even while its use has expanded its economic value to those who made it has declined toward zero.

Once again that’s a feature, not a bug. Free software leaves us free to create more knowledge, to spread the benefits of Moore’s Law to more people at lower price points. It has been a lever on knowledge and the capability of the human mind the likes of which we have never seen before.

Instead of condemning all this, or complaining about how the glass is half-empty of economic calories, maybe it’s time we took a bow. As with Red Skelton, freeloaders create value, too.  By Dana Blankenhorn


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Uncategorized | Leave a comment

Sensitive patient information leaked on U of L website

Posted on June 7, 2010 by ipmlogic

http://breachblog.com/2010/06/02/sensitive-patient-information-leaked-on-u-of-l-website.aspx Thanks to Scott of Security Perspectives for bringing this to my attention. @ipmlogic


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Protection, Data Security, Public Funding, Uncategorized | Tagged , | Leave a comment

Some Facts on Data Security

Posted on February 7, 2010 by ipmlogic
  •  The total average costs of a data breach grew to €73 in 2009; €79 for private sector, and €67 for public organisations
  • Breaches are costly events for an organisation, the average total cost per reporting company was more than €1.92 million per breach (down from €1.91 million in 2008)
  • High-profile breaches continue to occur in both the public and private sectors

Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Protection, Data Security | Leave a comment

Quality of outcomes for a project relies on building trust into your processes… and trust depends on responsible information protection.

Posted on January 11, 2010 by ipmlogic

In an institutional environment, you face unique issues that demand responsible protection of information assets – whether they be collected data, shared information, financial transactions or even the systems that you rely on to access them. To ensure quality output, key areas of information policy and information flow must be analysed; risks must be assessed; and decisions must be made about acceptable risks. This brings multiple benefits to the organisation in terms of management control, efficiency and public credibility.


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Protection, Data Security | Leave a comment

Sensitive Data……..What’s the worst thing that could happen?

Posted on January 11, 2010 by ipmlogic

What’s the worst thing that could happen?

“Could leaked health information put survey respondents at risk to physical violence?”

“Could malicious actions put years’ worth of research data into question?”

“Could insiders be skimming program funds or other assets without you knowing?”


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Protection, Data Security | Leave a comment

Handling Sensitive Data Effectively

Posted on January 11, 2010 by ipmlogic

”Handling institutional project information responsibly”

Information is a key asset in your institutional research projects…   

- Is it properly protected?

When information is one of the key assets you rely on to provide value to the community, how do you know you are protecting it appropriately? Above all, you need to have a clear view of what’s at risk.

With the diverse information flows in an institutional research program, it can be hard to know what your information assets are, and even where they reside at any given time.

Talk to IPM Logic for more information on their Data Security Awareness and Handling package.

http://www.ipmlogic.ie     or Call John McGuire directly on ++ 353 87-1320769


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in Data Security | Leave a comment

Licensing the use of a process and related royalties

Posted on September 7, 2009 by ipmlogic

Sometimes the licensed intellectual property does not result in a product, but instead is IP that is used in manufacturing existing products. If the product is manufactured using licensed IP, then it is appropriate that a royalty be paid for the use of that process. The most common way of structuring IP royalty rates in relation to a process is to pay the royalty based on the gross sales price of the product manufactured with that process.


Condividi nel tuo profilo Surfpeople
Condividi

Social Share Button

Posted in IP Commercialisation, Intellectual Property, World IPMLogic NEWS | Leave a comment