FREE Newsletter!

Get actionable information and the latest news on SOX and GRC delivered to your inbox each week. It's free. Sign up today!

 

Our Privacy Pledge

We hate spam just as much as you do. Rest assured that we won't share your information with third parties for marketing purposes.

News & Announcements

Our Holiday Schedules:

Summer:
Last week in July
(approximately July 21-30:
SOX and DF anniversaries)

Winter:
Last week in December
(approximately Dec 25-31:
i.e. Christmas-New Year's)

 

2011 GRC MVP

Meet the Winners

Inside GRC Journal

Login to access

Are You LinkedIn?

Join GRC Group Forum over at LinkedIn to network and connect with the GRC community. Just log in to your LinkedIn account and search goups for GRC Group Forum. See you there!

Member Login

Current member login:

Email:     Password:

 
If you are a member and have forgotten your user ID and/or password click here.

Contact Us

USA: 1-888-WHY-GRCG
Fax: 1-888-FAX-GRC-G
E-mail: email@grcg.com

Main: +1.212.626.9016
Fax : +1.212.712.8897

Entries in information security (4)

Monday
Jun272011

Relentless Hackers Attack

Reuters reports that Sega Corporation is the latest company to fall victim to hackers, following breaches at Citigroup, Sony, and the International Monetary Fund. In the government sector, the U.S. Central Intelligence Agency and the U.S. Senate sites were hacked by Lulz Security, which also took responsibility for the Sony breach. Ironically, Lulz has offered to help Sega track down those who targeted the video game company, while also releasing a letter promising new attacks on government and corporate websites. The New York Times reports that British police have arrested a man suspected of being involved in hacking international business and intelligence agencies, and possibly affiliate with Lulz. In the meantime, the Washington Post reports that the National Security Agency has rolled out a pilot program whereby it feeds Internet service providers data sets in order to help them combat cyberattacks against defense contractors.

Thursday
May122011

FTC Hammers Companies for Ineffective IS Practices

The Federal Trade Commission has reached consent agreements with Lookout Services and Ceridian Corporation for inadequate data protection practices. In both cases, the FTC charged that the companies’ stated information security policies did not align with their practices, leading to a security breach that compromised 65,000 Social Security numbers and other personal data. The FTC settlement mandates that the companies implement an information security program with a third-party security audit every other year for 20 years.

Thursday
Apr212011

Two Cyberattacks Highlight the Need for Information Security 

According to the Washington Post, a few weeks ago, EMC reported to the SEC that its RSA Security SecurID system was victimized by “an extremely sophisticated” cyberattack. SecurID tokens are used by more than 30,000 private companies and government agencies. EMC said that, while personally identifiable information wasn’t compromised, other stolen information might pave the way for a future successful attack.

 

More recently, Reuters reports that online marketer Epsilon fell victim to a hacker, who accessed the names and email addresses of customers from major banks, retailers, and service providers. Affected companies included TiVo, Walgreen, Capital One Financial Corp., Target, HSN, and Citigroup. While sensitive information, such as account and credit card numbers, wasn’t stolen, the breach highlights the need for information security.

 

Now, the U.S. Senate Privacy, Technology and the Law subcommittee is investigating the Epsilon breach, and may move toward legislation designed to increase protection of online consumer information.



Wednesday
Dec152010

Information Security Lessons From WikiLeaks

Gawker has been hacked. MasterCard’s website was brought to its knees. Amazon was attacked. The backlash of cyberattacks from supporters of WikiLeaks founder Julian Assange has reverberated through the business community, putting into stark relief the need for information security. This BNet blog post emphasizes the need for an information security policy, coupled with training and buy-in for those at all levels of an organization, is paramount.