The lawsuit was inspired by some two dozen cases, 15 of which involved searches of cellphones, laptops, MP3 players and other electronics. Almost all involved travelers of Muslim, Middle Eastern or South Asian background, many of whomÂ… said they are concerned they were singled out because of racial or religious profiling.

While these are rudimentary numbers, the relative risk scores are reasonable and discernable. It is also worth noting that the business partner numbers rose over the duration of the study, making partner crime the leading factor in breaches. This is likely due to the ever increasing number of partner connections businesses are establishing, while doing little to nothing to increase their ability to monitor or control their partner's security posture.

Data breaches and network intrusions occur because the personal information compromised includes data elements useful to identity thieves, such as Social Security numbers, account numbers, and driver's license numbers. Some breaches do not expose such sensitive information; however, they still expose individuals to identity theft and business to a compromise of their electronic assets and that must be disclosed under Sarbanes-Oxley and various state laws.

According to Verizon, nearly nine in 10 corporate data breaches could have been prevented had reasonable security measures been in place.

 The Verizon "2008 Data Breach Investigations Report" spans four years and more than 500 forensic investigations involving 230 million records, and analyzes hundreds of corporate breaches including three of the five largest ones ever reported.

They found that 73 percent of breaches resulted from external sources versus 18 percent from insider threats, and most breaches resulted from a combination of events rather than a single hack or intrusion.

Recommendations for Enterprises

Simple actions, when done diligently and continually, can reap big benefits, the study notes. Key recommendations include:

• Align process with policy. In 59 percent of data breaches, the organization had security policies and procedures established for the system, but these measures were never implemented. Implement, implement, implement.
• Create a data retention plan. With 66 percent of all breaches involving data that a company did not even know was on their system, itÂ’s critical that an organization knows were data flows and where it resides. Identify data and prioritize its risk to the organization.
• Control data with transaction zones. Investigators concluded that network segmentation can help prevent, or at least partially mitigate, an attack. In other words, wall off data when and where appropriate.
• Monitor event logs. Evidence of events leading up to 82 percent of data breaches was available to the organization prior to actual compromise. Data logs should be continually and systemically monitored and responded to when events are discovered.
• Create an incident response plan. If and when a breach is suspected, the organization must be ready to respond, not only to stop the data compromise but to collect evidence that enables the business to pursue prosecution when necessary.
• Increase awareness. Only 14 percent of data breaches were discovered by employees of the victimized organization, even though employees are the first line of defense in safeguarding data. Educate them to be aware.
• Engage in mock-incident testing: Making sure employees are well-trained to respond to a breach. Run drills and test peopleÂ’s abilities, judgements and actions during a mock crisis.

A complete copy of the "2008 Data Breach Investigations Report" is available at http://www.verizonbusiness.com/resources/security/databreachreport.pdf.

They enjoyed an luxurious life style that included trips to the Caribbean, Hawaii, and Europe.  In a very brief period they stole over $115,000 and were in process of trying to steal over $120,000 when they were arrested.

They used simple techniques like breaking into apartment to get information on neighbors, dumpster diving, and getting mail box keys for their apartment complex. They applied for credit cards and then intercepting the cards when they arrived via the mail.  They also had fake driverÂ’s licenses and an industrial machine that made identity cards.

The winner of the 25Mhz piece of spectrum in the 2155MHz band would be required to deliver free wifi Internet access. The operator could choose to use any technology, but in that range, WiMax or many of the mobile technologies would make sense.

The FCC believes this is a good idea and demonstrates the FCC's commitment to supporting initiatives that have a positive impact on the next phase of broadband innovation. This will give consumers greater choices to access the Internet said a FCC spokesperson.

The FCC has developed the plan based on proposals from several companies. In 2006 one company proposed that the FCC give the company the spectrum so that it could offer free wireless Internet access to users. The company planned to fund the network through advertising and said that it would give the FCC 5 percent of its gross revenue. The FCC's current proposal would simply auction the spectrum to the highest bidder and require the free services.

The current proposal also includes a requirement for a content filter that would aim to prevent minors from accessing adult content over the free network. The final plan could also include specified data rates for the free service.

Janco has defined a set of tools which enterprises of all sizes can use to be prepared to protect against breaches and intrusion, know when it occurs, and provides the ability to respond quickly when it does happen.

The Data Breach and Network Intrusion Detection Tools  are the tools that are needed and contain:

• Security Manual Template

• Security Audit Program

• Network Event Viewer

• Smart Disk Monitor

• Text Log Monitor

• Internet Service Monitor

The elimination of jobs will put more pressure on outsource providers as there will be a surplus of employees who will be out of work.

In the 1970s that occurred in the US and that drove a recession.  The question is will that be good for the US job market or not.  Only time will tell.

The California privacy protection act, SB 1386, which is a model for many states including New York, exempts companies that can prove lost data was encrypted from the requirement that they notify consumers. When mobile data is encrypted, thieves hoping for gold bars of valuable data are left instead with a solid, impenetrable and useless brick.

CIOs know their systems are vulnerable and they want to do something about it. In these tough economic times, it is hard to get funding for business continuity and disaster recovery. CIOs who tie business continuity and disaster recovery planning to mandated compliance needs are more successful in obtaining the necessary funding.

Many of these same companies consider disaster recovery investment as a rolling upgrade that consistently augments existing infrastructure and application investments rather than a one-time event that can be delayed.

In one research study by another firm many CIOs blamed disasters on non-natural disruptions and incidents. The data shows that 42% of the firms surveyed said power failure was the most common cause of declared disasters and downtime, while 32% cited hardware failure, and 21% cited network failure.

Absolute is known for its Computrace LoJack for Laptop system, which is currently available and has been responsible for the recovery of over 6,000 stolen notebook computers, including Macs, since it debuted. Additional products in the Computrace family can add comprehensive laptop management features such as IT asset management, remote data delete and software license management.

For more than a decade, Absolute Software has single-handedly created and developed the market for BIOS-persistent, Internet-based tracking of mobile computers. Computrace is also capable of remotely deleting data and physically recovering lost or stolen computers -- assisting customers in complying with data privacy regulations, said the CEO of Absolute Software.

A small group of solution providers in recent years has started a for fee headhunting serivice. Though playing headhunter was not exactly in their original business plans, these solution providers have tackled recruitment as another service for their customers.

To calculate the annual loss expectancy (ALE) of an asset, you use the quantitative risk analysis method. This calculation is determined by first figuring the annual ra te of occurrence (ARO) and the single loss expectancy (SLE).

Once those values are known, ARO x SLE = ALE. Suppose the SLE is US$35,000, and the ARO is 12 (i.e., the cost of the server being down for a day is US$35,000, and this attack happens once every month). In this example, US$35,000 x 12 = US$420,000 per machine.

To protect your financial viability, you need to be able to perform data restoration and bare metal system recoveries more efficiently and faster than ever.   

With wireless security, a single point of control is needed so IT can manage how users interact with your systems. This point of control must sit behind the corporate firewall. Make sure you have the ability to mandate passwords for users, the ability to wipe data from the device remotely, as well as the ability to lock the device remotely. Being able to establish settings through policies or parameters and providing robust control across all devices is extremely important to corporate security.

End-to-end security is a top priority for most companies and government organizations. IT departments also need to be concerned about exposure to viruses, denial of service attacks and malware. Organizations need to ensure that their wireless platform meets appropriate standards to protect their corporate systems and data.

All transmissions from the wireless device to servers behind the corporate firewall should be secure from end to end. Think about confidentiality, integrity and authenticity. Confidentiality is typically achieved using advanced encryption. Integrity ensures a message has not been tampered within transit. Authenticity allows the recipient to identify the sender and trust that the sender actually sent the message.

For additional application security, features such as code-signing can ensure that every application loaded onto a device is tied to an author, which locks out potentially malicious or unauthorized applications. System administrators, once again, should be able to maintain control by setting an IT policy that blocks third-party applications from being loaded on the handheld.

Many attacks are targeting Web browsers and the client applications on the computer itself. And while a small business network may not be as complicated as an enterprise network, they still have desktop and mobile clients.

Because small businesses have fewer IT resources at their disposal, they need solutions that provide comparable protection, at affordable costs and requiring minimal administration.

	Traditional	VoIP
Conference Calls	Special equipment is required for more than three people	Easily conference large numbers
Mobility	Very difficult to set remote users up in systems if they are local	Easily add remote users of any kind
Phones	Can only provide traditional phone services, albeit complex ones	Can be programmed to provide internal and external apps of all kinds
Efficiency	Dedicated voice lines provide known quality levels but no flexibility	More efficient use of network

• Compromise individual PCs
• Compromise Web sites
• Steal data
• Gain control of Web-based management consoles
• Misappropriate corporate data

Internet-Based Support to the Rescue

In recent years, support centers have discovered and adopted a new breed of remote support. It provides the next best thing to being there in person, letting User Help Desks virtually sit next to customers, see what is on their screens, and take over if appropriate. They make it easy to upload and download files to diagnose and resolve issues. And their architecture lets them do this in a way that is secure, under the customers control, fast, and scalable. They do not require time-consuming or undesired software installations on the customer machine. Setting up a connection is fast, no matter how the computers are connected to the Internet.

The results have been dramatic:

• Faster time to resolution, as phone tag and data gathering steps are eliminated, and more issues are resolved at first contact.
• Higher TSR productivity, as support engineers can work directly on the system, and see exactly what is happening without needing to recreate customer environments on lab computers.
• Better root cause analysis, as engineers can see defects exactly as they present themselves at customer sites.
• Training as a byproduct of support, as the customers watches, learns, and duplicates expert resolution processes.
• New tools for workforce monitoring and coaching as Quality Assurance teams can review remote session recordings.
• Higher customer satisfaction and loyalty as a natural side effect of faster, more accurate, and more transparent resolutions.