23andMe Data Leak – October 2023

The 23andMe data leak was first reported in October 20231. Approximately 6.9 million 23andMe customers had their data compromised after an anonymous hacker accessed user-profiles and posted them for sale on the internet earlier that year. The breach exposed sensitive information, including health data, and raised concerns about privacy and security. The company confirmed the… Continue reading 23andMe Data Leak – October 2023

MOVEit Data Breach – August 24, 2023

The MOVEit Data Breach was reported on August 24, 2023. This breach affected millions of consumers and organizations, including the U.S. Department of Energy, British Airways, and pension funds, among others Incident: The MOVEit data breach occurred, impacting millions of consumers and organizations. Affected Parties: Organizations using MOVEit, including financial services companies, government agencies, and others. Date Reported:… Continue reading MOVEit Data Breach – August 24, 2023

Cues from OMB Zero Trust Architecture memo

Towards the end of January 2022, the Office of Management and Budget (OMB) released its memorandum on moving government agencies to a zero-trust model. Enterprises that align themselves to industries regulated by the federal agencies can take a cue from it to improve their security posture. The memo considers the recent ransomware attacks on various… Continue reading Cues from OMB Zero Trust Architecture memo

Facilitated Risk Analysis and Assessment Process (FRAAP)

FRAAP is a structured approach to an accelerated assessment of each component of a system within a short timeframe. It is consistent with the National Institute of Standards and Technology October 2001 Special Publication “Risk Management Guide of Information Technology Systems” and the FFIEC December 2002 “Information Security Risk Assessment.” The approach allows us to… Continue reading Facilitated Risk Analysis and Assessment Process (FRAAP)

Cloud Computing and Data Security

We cannot attribute the beginning of cloud computing to a particular person or time. It evolved with the evolution of Internet and enterprise computing. We may be able to trace its roots all the way back when Dr. Larry Roberts developed the ARPANET in 1969. (Whitman & Mattord, 2016) While the evolution of ARPANET, to Ethernet… Continue reading Cloud Computing and Data Security