Search

Home > Down the Security Rabbithole > DtSR Episode 165 - NewsCast for October 19th, 2015


	Podcast:		Down the Security Rabbithole
	Episode:		DtSR Episode 165 - NewsCast for October 19th, 2015
	Category:		Technology
	Duration:		00:36:25
	Publish Date:		2015-10-19 00:00:00
	Description:		In this episode... Standard & Poor's Adding Cybersecurity to Ratings The headline In a report issued this week, the rating agency says it could issue a downgrade before a cyberattack if a bank looked ill-prepared, or following a breach that causes significant damage to a bank's reputation or which leads to substantial monetary losses or legal damages. Behind the curve? Stop. Michael wrote about it this week - stop calling it gaps… 16 questions… good start? How long has it typically taken to detect a cyberattack? What containment procedures are in place if the bank is breached? How many times was the business the target of a high-level attack during the past year, and how far did it reach in the system? What's the internal phishing success rate? What kind of expertise about cyberattacks exists on the board of directors? How much does the bank spend on cybersecurity, what resources does it devote, and what is the total tech budget this year versus last? Including security in the ratings - and we’re crying? Claim this leads to more insurance… how about that… http://www.bankinfosecurity.com/sps-cybersecurity-warning-late-to-game-a-8556 Crisis Services Top Insurers’ Cyber Claims Payouts; Average Claim at $674K This is interesting; and it’s a good data point, too -- in contrast to the “costs” we hear about in briefings all the time. Saw other stories that suggested the insurance is going to get jacked… of course they are. More insurance, more insight, more claims, more data…. this is all good http://www.insurancejournal.com/news/national/2015/10/05/383785.htm New California law requires warrants for online data Same warrant requirements as files in your filing cabinet Doesn’t change Federal law capabilities to not have warrant. Worth remembering: feds can compel your biometric, but not your password Do you encrypt? policies? practices? http://www.cnet.com/uk/news/new-california-law-requires-police-to-get-warrants-for-online-data/ Obama administration opts not to force firms to decrypt data (for now) for now…. opportunity for involvement great chance to connect with your legal and other groups; what is the best way for your organization to handle it https://www.washingtonpost.com/world/national-security/obama-administration-opts-not-to-force-firms-to-decrypt-data--for-now/2015/10/08/1d6a6012-6dca-11e5-aa5b-f78a98956699_story.html Apple removes several apps from store, they could be spying on you Key issue: root certificates installed http://arstechnica.com/security/2015/10/apple-removes-several-apps-that-could-spy-on-encrypted-traffic/
	Total Play:		0