Failing to update virus software--another potential exposure to employers. Situations like the one below are bound to be a catalyst for civil actions for negligence. ____________________ Sent: Monday, June 09, 2003 6:53 AM To: Information Technology Subject: [Information_technology] Daily News 6/09/03 June 06, Mercury News Virus sends confidential Stanford information out in e-mail. People at Stanford University got spam Thursday containing sensitive information including confidential details about employee salaries and bonuses. The Bugbear.B virus that infected the university's computer system Thursday sent out files at random from campus PCs. It's unclear if outsiders read the rogue e-mails, but some of the 35,000 computer users inside Stanford did -- including the man in charge of Stanford's computer systems. The university Web site said Stanford's computer crew intercepted messages containing salary and bonus information. Source: http://www.siliconvalley.com/mld/siliconvalley/6027714.htm June 05, Computerworld New regulations have companies turning to risk management. Regulatory changes are causing financial services and health care companies to lead the way in rethinking the role of information security. As a result, security is finding a new home in the field of corporate risk management. In addition to the privacy impact of the Gramm-Leach-Bliley Act and the Health Insurance Portability and Accountability Act, the tighter financial controls levied by the Sarbanes-Oxley Act will force chief financial officers to take steps to guarantee financial information, said Gartner Inc. privacy and security analyst Arabella Hallawell at last week's Gartner Enterprise IT Security and Sector5 infrastructure protection conference in Washington. The result is likely to be the hiring of chief information security officers (CISO) who are independent of the CIO and who report to the CFO from within the corporate risk management entity. The toughened privacy regulations are also forcing customers to seek stronger contractual guarantees from their IT suppliers in the event they suffer unauthorized privacy disclosures as a result of software flaws. A routine part of every IT purchase should be an evaluation of the amount of security built into a supplier's product, as well as the supplier's security processes, Hallawell said. Source: http://www.computerworld.com/securitytopics/security/story/0,10801,81827 ,00. html Internet Security Systems - AlertCon: 2 out of 4 https://gtoc.iss.net/ Last Changed 6 June 2003 Security Focus ThreatCon: 3 out of 4 www.securityfocus.com Last Changed 9 June 2003 Current Virus and Port Attacks Virus: #1 Virus in USA: BAT_SPYBOT.A Source: http://wtc.trendmicro.com/wtc/wmap.html, Trend World Micro Virus Tracking Center [Infected Computers, North America, Past 24 hours, #1 in United States] Top 10 Target Ports: 137 (netbios-ns), 80 (www), 1434 (ms-sql-m), 445 (microsoft-ds), 113 (ident), 139 (netbios-ssn), 53 (domain), 0 (---), 25 (smtp), 41170 (---) Source: http://isc.incidents.org/top10.html; Internet Storm Center _______________________________________________ Information_technology mailing list Information_technology@listserv
This archive was generated by hypermail 2b30 : Mon Jun 09 2003 - 09:44:51 PDT