A good source of information for data breaches reports: datalossdb.org. The statistics page is impressive (in all sense of the term). Good job guys!

In 2007, Google acquired Postini, a global leader in on-demand communications security and compliance solutions. It looks that Google introduced some nice features based on Postini technologies to prevent leakage of sensitive data.

Google Apps Premier is a full set of online collaboration tools (email, calendar, IM access and office applications) offered to organizations. But lot of them are still reluctant to “move into the cloud” (for excellent reasons that I fully understand).

Like in Gmail Premier, Google introduced some features in Apps to increase the overall security:

• Custom outbound mail filtering tools to prevent sensitive information from being distributed.
• Custom information sharing rules to determine how broadly employees are allowed to share with Google Docs, Google Calendar and Google Sites.
• Custom password length requirements and visual strength indicators to help employees pick secure passwords.
• Enforced SSL connections with Google Apps to ensure secure HTTPS access.

This is off course very “light” and does not replace a true DLP solution but this is a nice initiative. The goal is clear: attract more companies to move to cloud computing.

Source: google.com.

Click to enlarge

Nymity, global privacy and data protection research services firm specializing in compliance and operational risk management, published interesting maps which give a decent overview of the legislative landscapes regarding the data breaches for United States, Canada, and the EU.
arround

Source: nymity.com.

Microsoft COFEE (“Computer Online Forensic Evidence Extractor) has been leaked and is available for download via BitTorrent.

Source: slashdot.org, crunchgear.com.

Communication! This is a key element in the incident management procedure when a data breach has been discovered by a company or organization. Soon, in the United States, it will become mandatory to report data breaches:

“It would make it illegal for a company to conceal a breach if it resulted in unauthorized access to sensitive personal information. Entities that experience the breach of such data would have to notify the affected victims and consumer reporting agencies if the breach involves more than 5,000 individuals. They would have to notify the U.S. Secret Service if the intrusion involves more than 10,000 individuals.”

Source: wired.com, govinfosecurity.com.