New OWASP Top 10 RC places injection at the top of the list

The Open Web Application Security Project (OWASP) has published the first release candidate for their “Top Ten Most Critical Application Security Risks,” which will supercede the previous version published in 2007. The OWASP Project team made…

European Union going fully opt-in on cookies

In another example of stronger individual-level privacy protections in the European Community compared to those in the United States, the EU Council this week approved a law that requires online users to be asked for explicit…

Federal health information exchange attention still focused on reconciling security requirements

Another opportunity this week for federal health IT executives working on information exchange to continue to focus attention on the challenge of reconciling different security and privacy laws applicable to federal and non-federal entities. As seen…

HIMSS survey shows heath IT organizations not ready for security compliance

The results of a survey conducted recently by HIMSS and Symantec and reported out this week suggest that a majority of healthcare organizations are not yet able to comply with security and privacy requirements and standards,…

Widespread security problems self-reported at Interior

In a sharp departure from the more typical agency-level FISMA self-assessments, the internal FISMA audit by the Inspector General of the Department of the Interior reveals serious systemic problems in DOI’s security management, with blame focused…

Security and privacy going global

Members of Congress show no signs of letting up in efforts to revise or reform or extend various information security regulations. Ideas about updating FISMA — particularly from Senators like Olympia Snowe, John Rockefeller, and Tom…

Security quote of the week

Another article focusing on policies and controls to prevent the use of peer-to-peer file sharing technologies in the wake of the Congressional ethics committee report last week contains the best concise statement we’ve seen in a…