To download this report go to:

http://www.csoboard.com/Publications

The University of California, Berkeley, has setup a website http://datatheft.berkeley.edu/ informing the general public about a data security breach carried out by hackers who may have accessed a database at the university's campus health services center.

My thoughts...It is my hope, this incident will serve as a wake up call to healthcare organizations and educational institutions of the need for stronger information security management.  I've long believed that healthcare and educational institutions have a greater responsibility for the confidentiality, integrity, and availability of the personal information entrusted to them by their students, staff, and business partners. 

As a former Chief Information Security Officer (CISO) in healthcare, I know first hand the data security and privacy risks for that industry.The healthcare industry collects and processes more personal information on patients, than most financial institutions. For hackers seeking to steal personal information to be able to conduct financial fraud, healthcare organizations are easy targets, given the limited financial resources those organizations have devoted to protecting the personal information of patients, staff, and business partners. Healthcare organizations need to invest in more information security defenses and education for their staff.  Meeting an audit report for regulatory compliance is not sufficient and healthcare organizations must invest in information security as an integral part of their way of doing business.

The suspected hackers deleted the pharmacy records of 8 million patients in the state's databases and hijacked the PMP website with a $10 million dollar ransom note to return the data records.  The state is referring all inquiries to the U.S. FBI.

More news regarding this incident:

FBI Probes $10M Hacker-Ransom Claim in Virginia
http://www.cbsnews.com/stories/2009/05/05/tech/main4992372.shtml

Alleged hacker demands $10 mil for Va medical records
http://www.timesdispatch.com/rtd/news/local/article/HACKGAT05_20090504-212004/265693/

The SC Magazine 2009 Awards Gala event was held last night at the Hilton Hotel were the best awards that I've attended in recent years.  Despite the economic news we hear every day, you could tell from observing the companies attending, nominated, and honored are growing and providing solutions that customers are demanding.  This leads me to believe that the IT industry in general has at least one very large bright spot and that is IT security.

I won't pontificate on the merits of IT security solutions or the value of purchasing those solutions.  I'll let you be the judge of those solutions.  Here is the link for a the list of winners of the SC Magazine Awards 2009 -- http://www.scmagazineus.com/pages/section/945/

Thanks to SC Magazine, the judges, nominees, winners, and most importantly thanks to the customers and clients we in the IT security industry serve.  You, our customers in many industries have allowed us the privilege and honor of serving you with IT security solutions that protect your organizations from risks both on-line and offline.  Thank you for aallowing us to serve you, our customers.

The SF Chronicle article crystallized for me what I have been feeling as an information security professional, a feeling that today more than ever, cybersecurity has a real impact on our daily lives.  Unfortunately due to the current economic crisis, many organizations are being forced to scale back their Information Technology (IT) and information security budgets. 

Organizations should carefully consider their investments in light of current economic conditions and make wise investments in cybersecurity.  Prudent investments in cybersecurity will help to safeguard an organization's intellectual property, business transactions, and the data/information entrusted to them by their clients and business partners.

As I travel to the RSA Conference this week, I hope to interact with other information security professionals and colleagues and learn how they are helping their organizations by adding value and performance improvements to their organizations.

According to news reports, Yusuf Acar, the Information Systems Security Officer (ISSO) for the OCTO has been arrested by the FBI.

Yusuf Acar worked for Vivek Kundra, who recently left his role as Chief Technology Officer for the District of Columbia to become President Obama's nominee for Chief Information Officer for the Federal Government.

See more at:

Washington Post - Breaking: D.C. Tech Official Busted in Federal Bribery Sting  http://voices.washingtonpost.com/dc/2009/03/breaking_dc_tech_official_bust.html

Associated Press - FBI searches DC government office, arrests worker
http://www.google.com/hostednews/ap/article/ALeqM5hMT9GSjeFeuiRWPCUKflpfkvfw3QD96SIU584

ABC News - FBI Arrests DC Official
http://blogs.abcnews.com/politicalpunch/2009/03/fbi-arrests-dc.html

Fox News- Obama's Pick for Information Officer Raided by FBI
http://www.foxnews.com/politics/first100days/2009/03/12/obamas-pick-information-officer-raided-fbi/

As the drumbeat of negative economic updates seems to overwhelm our daily news cycles, we tend to forget that at the heart of any business engine is people.

Read the full article here:
http://www.scmagazineus.com/Leading-through-the-good-and-bad/article/128340/

The only information I have at this time are two technical support trouble ticket numbers TT000009764939 and TT000009768806.  As soon as I find out more information I will post it here.

I have been a loyal premier business customer of AT&T Wireless for a very long time and hope they can find a resolution to this network outage.  I have posted this on twitter under #ATTWireless if you would like to follow any further updates to my experience on this issue affecting users of AT&T Wireless services.

The University has notified the FBI, the New York State Attorney General, the Consumer Protection Board, and the Office of Cyber Security.  The University is also offering to pay for credit monitoring services for the victims affected by this data breach. 

It is up to those responsible for information technology and security management to find ways to add operational and financial value to their organization. To my fellow information technology and security colleagues, I urge you to make 2009 a year in which you actively brainstorm and produce tangiable added value to your organization. Let's do our part to help the economy grow--every action of added value can help! One thing I'm confident about is the ingenuity and resourcefulness of information technology and security professionals.

If you have an idea on how information technology and security can bring added value in 2009 to any organization, please share it with me or the readers of this blog.

Best wishes for success in 2009!