Speaking of security issues, here's an interesting piece on SOX: http://www.chicagotribune.com/news/opinion/chi-0607170130jul17,0,1709465.story?coll=chi-newsopinion-hed - - Paul Nelson Arbor Solutions, Inc. 708-670-6978 Cell pnelson@xxxxxxxxxx "Jones, John (US)" <John.Jones@xxxxxxxxxx> Sent by: midrange-nontech-bounces@xxxxxxxxxxxx 07/17/2006 09:34 AM Please respond to Non-Technical Discussion about the AS400 / iSeries <midrange-nontech@xxxxxxxxxxxx> To "Non-Technical Discussion about the AS400 / iSeries" <midrange-nontech@xxxxxxxxxxxx> cc Subject RE: FBI CSI annual computer security report Last updated a couple of days ago, here's "A Chronology of Data Breaches Reported Since the ChoicePoint Incident" http://www.privacyrights.org/ar/ChronDataBreaches.htm John A. Jones, CISSP Americas Information Security Officer Jones Lang LaSalle, Inc. V: +1-630-455-2787 F: +1-312-601-1782 john.jones@xxxxxxxxxx -----Original Message----- From: midrange-nontech-bounces@xxxxxxxxxxxx [mailto:midrange-nontech-bounces@xxxxxxxxxxxx] On Behalf Of Al Mac Sent: Friday, July 14, 2006 8:42 PM To: e-com-sec@xxxxxxxxxxxxxxx; dataloss@xxxxxxxxxxxxx Cc: Starbase_club1@xxxxxxxxxxxxx; midrange-nontech@xxxxxxxxxxxx Subject: FBI CSI annual computer security report Each year the FBI ( San Francisco Federal Bureau of Investigation's Computer Intrusion Squad ) http://www.fbi.gov/ teams up with CSI (Computer Security Institute) http://www.gocsi.com/ to produce an annual report on how much damage is being sustained from various computer security problems (not all threats are necessarily found in a single report, because of the manner in how the data is collected). The 2006 report just came out. It is free to download from the CSI web site, http://www.gocsi.com/ but you gotta register with CSI to get a copy, and CSI has had at a very small security breach, with people who registered for a prior year report. They sent out a form for a conference to their registered members, already filled out with registration details to make it easy for us to confirm, but they scrambled the mailing list, so that people generally got the details on other CSI customers. I consider that a very trivial breach compared to what other organizations have sustained. The information in the survey may not be reproduced without permission from CSI, but some news media are sharing highlights, whose info I am passing on here, however some of the news stories seem contradictory, with respect to how they are interpreting the data. ie. in this post I am taking info from what the news reports are saying, not directly from my copy of the report. The 30 page PDF report is downloaded from http://www.gocsi.com/forms/fbi/csi_fbi_survey.jhtml;jsessionid=MMNC3WAXX TVUMQSNDLPSKH0CJUNN2JVN I suggest that other list readers also get a copy of this, since it has a lot of key information not yet in the news reports. In my opinion there are some positive findings in the report with respect to trends, and while the number of companies surveyed might seem small, some of them are extremely large companies. Also the report has good graphs to help us grasp implications. Findings include: * 616 companies participated in the latest survey. * 1/2 of them gave details on financial costs of losses, where the average loss was $ 167,713 (last year it was $203,606) * 3/4 of the financial losses are due to: virus attacks, unauthorized network access, laptop and mobile hardware theft, proprietary information / intellectual property theft. * Breaches are not as lucrative for crooks as in past years, with respect to how much they are getting directly from the companies breached * More than 80% of the surveyed companies now conduct security audits (meaning 1/5 are not doing so) * Companies resist reporting being victims of computer crimes ... many breaches still being swept under the rug * Government mandates and compliance issues are a hot topic. * Security outsourcing is not as prevalent in USA. as previously thought, although I consider the report figures to be significant * IT groups want to educate and train internally to mitigate risks. Several of the news media articles on this FBI CSI report: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1 199280,00.html http://www.securitypronews.com/news/securitynews/spn-45-20060714CSIFBIRe portonVirusAttacksandFinancialLosses.html http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=104&STORY=/www/story/0 7-13-2006/0004396284&EDATE = http://www.crime-research.org/news/14.07.2006/2120/ -- This is the Non-Technical Discussion about the AS400 / iSeries (Midrange-NonTech) mailing list To post a message email: Midrange-NonTech@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options, visit: http://lists.midrange.com/mailman/listinfo/midrange-nontech or email: Midrange-NonTech-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/midrange-nontech. This email is for the use of the intended recipient(s) only. If you have received this email in error, please notify the sender immediately and then delete it. If you are not the intended recipient, you must not keep, use, disclose, copy or distribute this email without the author's prior permission. We have taken precautions to minimize the risk of transmitting software viruses, but we advise you to carry out your own virus checks on any attachment to this message. We cannot accept liability for any loss or damage caused by software viruses. The information contained in this communication may be confidential and may be subject to the attorney-client privilege. If you are the intended recipient and you do not wish to receive similar electronic messages from us in future then please respond to the sender to this effect.
As an Amazon Associate we earn from qualifying purchases.
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.