That headline is not my assertion, but the conclusion reached by the Department of Justice itself. More specifically it's the conclusion of a report by the Department's Office of the Inspector General (OIG). The OIG's charter as stated on its website is below.

The Office of the Inspector General (OIG) conducts independent investigations, audits, inspections, and special reviews of United States Department of Justice personnel and programs to detect and deter waste, fraud, abuse, and misconduct, and to promote integrity, economy, efficiency, and effectiveness in Department of Justice operations.

Typically, the OIG's reports review the finances and activities of each of the Department's nine bureaus.  This particular report, however, reviews the entire Department of Justice's activities around identity theft since President Bush...

At the recent RSA Conference in San Francisco, I had the pleasure of moderating a panel on the topic of data breaches and how to handle them.  Along with Larry Ponemon, Founder and Chairman of the Ponemon Institute, and Jerry Archer, SVP and CSO at Sallie Mae, was David Shettler from the Open Security Foundation (OSF), publishers of DataLossDB.

Post-panel, as we were walking back through Moscone, David answered a question I had been wondering about: When was the first reported data breach?  Turns out that it happened over a century ago, in 1896, where the dispensary records for the Southern California Hospital for the Insane went missing, and were thought to be stolen.  So protection of PHI...

This past Tuesday, we held a webcast on the new Massachusetts Data Protection Law, a.k.a. 201 CMR 17.  Here's a link to the replay [reg. required].  I ran out of time to answer all of the questions, but there were so many good ones so I decided it was worth writing a post to answer them.

Q: If you use a workgroup version of PGP Whole Disk Encryption can you still get reports on compliance or do you need the Universal Server to prove compliance?

A: Yes, PGP Whole Disk Encryption Workgroup Edition does provide basic reporting that you can use to demonstrate compliance.

Q: What is the impact of computer speed when the entire disk in encrypted?

A: We generally see negligible impact on performance once the initial encryption has taken place.

Q:  How does encrypting the BES server affect data on the hand held devices?

A: PGP Support Package for...

There's no shortage of words written about Cloud computing.  Even the topic of security and the Cloud yields over 28 million results on Google (13 million on Bing for those keeping score).  Given how important a topic securing Cloud computing is, how is one to cut through the clutter?  To help out, here are five of my favorite resources on Cloud Security: 1) Cloud Security Alliance "Security Guidance for Critical Areas of Focus in Cloud Computing"

A comprehensive look at the most important areas of security in the Cloud, written by an esteemed group of security practitioners.

2) Jericho Forum "Cloud Cube Model"

A nice paper that "provides a framework for exploring in more detail the nature of different cloud formations and the...