Archive for the ‘Data Security’ Category

Lawsuit Could Redefine Liabilities of Security Service Providers

Wednesday, June 03, 2009 10:23 AM/EST

Information security managers and executives have long been held accountable for security incidences and breaches, but what about the people who certify or provide the security? In other words, should auditors and managed security service providers be held accountable for breaches that happen after they’ve signed off on security measures?

That is the question before the courts in the case of the 2005 breach of CardSystems, a credit card payment processor that suffered a theft of more than 40 million credit card numbers, according to a Wired.com report. CardSystems has been certified as compliant with Cardholder Information Security Program (CISP), the precursor to the Payment Card Industry Data Security Standard (PCI DSS). But an incident response analysis discovered that CardSystems wasn’t in compliance with the security standards at the time of the breach.

According to the Wired report, a lawsuit brought by Merrick Bank is moving forward against Savvis, the managed service provider that certified CardSystems as CISP compliant. The lawsuit alleges that Savvis was negligent in certifying CardSystems as secure and bears responsibility. Savvis is a partner of such vendors as Cisco, Microsoft and Hewlett-Packard.

To read the entire article, posted by Larry Walsh on June 3, 2009 10:23 AM, follow the link (below).

http://blogs.channelinsider.com/secure_channel/content/data_security/breach_lawsuit_could_reset_security_liabilities_to_service_providers.html

Bookmark It

Hide Sites

Tue, 08 May 2007, 17:30:00 EDT
Edited by Chris Simmons

DALLAS, Texas – May 8 (SEND2PRESS NEWSWIRE) — GEEP International, one of North America’s leading electronics recyclers, has chosen EBAN 2.0 for Mass Drive Wiping as their volume data overwriting utility. It is expected to cover 400,000 hard-drives over the life of the agreement.

The change comes as major corporations outsource more and more of their data destruction duties. Companies seek service providers who will issue third-party verifications of destruction and indemnify their clients against data breaches. These service providers are increasingly computer recycling and re-marketing operations. “We still expect to sell a lot of licenses directly to Fortune 1000 companies, but increasingly our customers will be computer recyclers. Given their drive volumes, they immediately understand the value proposition that EBAN represents,” says Lewis.

About EBAN
EBAN is a Department of Defense compliant mass hard-drive overwriting utility designed for computer recyclers and Global 2000 companies with large-scale electronic data destruction needs. Using the LAN port of the target computers, EBAN can simultaneously overwrite hard-drives on dozens of computers, automatically confirm the wipe against the hard-drive serial number, and then tie the wipe confirmation to a complete hardware manifest pulled from the target computer’s bios. This creates a complete record of data destruction to help client companies with legal compliance issues such as SOX and HIPAA.

Bookmark It

Hide Sites

Why Use EBAN?

Due to government legislation and concerns for client data protection, data breaches have become unacceptable; therefore, certifying the destruction of client data left on decommissioned computers is absolutely necessary. The challenge is to automate data destruction so it’s both cost effective and provides an audit trail for legal compliance. EBAN does all of this and more.

Product Summary

EBAN 2.0 For Mass Drive Wiping is one of the most effective ways to simultaneously overwrite data on multiple hard-drives. It’s Department of Defense 5220.22-M and NIST 800-88 compliant. EBAN also has advanced reporting capabilities that automatically record pass/fail of the overwrite and harvest a complete hardware manifest. EBAN is a proven product with units of code that have been used millions of times.

The Technology

EBAN runs on a server (a laptop or desktop computer) and sends the EBAN data destruction kernel to each target hard-drive (see Figure 1 on reverse). In this way, it can wipe as many hard-drives as are linked to the server. EBAN can wipe hard drives in the computer chassis (desktops and laptops) or it can overwrite loose hard drives.

Reporting

EBAN will automatically record the make, model and serial number of every operational hard drive and alerts the operator of bad or failing hard-drives. In addition, this information can be linked to the asset tag of the individual computer. EBAN also pulls a full hardware manifest that includes processor, RAM, motherboard, etc (see Figure 2 on reverse). Manifest reports are an excellent tool for asset managers who need to do full reconciliations and computer re-marketers who need to perform equipment valuations. The ability of EBAN to create automated, accurate reports is not only a time savings, but provides crucial documentation that mitigates future risk and liability. EBAN reports can be exported or printed in industry standard formats.

Cost & Licensing

EBAN pricing is volume based. As the volume increases, the price per drive decreases. One year Enterprise and Site licenses are available, as are 14-day free trials.

Additional Information

Figure 1– EBAN Process Overview

Figure 2– Hardware Manifest Report

Bookmark It

Hide Sites