Oct 11 2011

California governor allows warrantless search of cell phones

Category: Smart PhoneDISC @ 9:12 pm
Cell phone Sagem my202X ubt

Image via Wikipedia

Here’s another reason to password-protect your mobile phone: California’s governor just recently vetoed a bill that requires a court-ordered warrant in order to search mobile phones upon arrest. This means that if you get arrested in the state of California, the arresting officer can search your smartphone — which gives him access to emails, call logs, texts, location data, banking apps, and more — without needing a warrant.

To Read More on the CNN article….

Tags: Arrest, california, California Supreme Court, CNN, Jerry Brown, Mark Leno, mobile phone, Search warrant


Dec 03 2009

2010 Compliance Laws

Category: pci dss,Security ComplianceDISC @ 2:13 am

Information Security Wordle: PCI Data Security...
Image by purpleslog via Flickr
In 2010 there will be two important compliance laws introduced which will affect the majority of North American organizations and many global organization too.

45 US States followed California when they introduced “SB1386“, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.


  • From the 1st January 2010, ALL businesses that collect or transmit payment card information, will be legally obliged, by Navada Law, to comply with PCI DSS.

  • Every organization who collect, owns or licenses personal information about a resident of the Commonwealth shall be in full compliance with 201 CMR 17.00 (The Massachusetts Data Protection Law) on or before March 1, 2010.



  • Similarly to the SB1386 Law, California, Massachusetts & Texas are already looking at making PCI DSS Law and history tells us that when California moves, everyone else follows!
    To help you comply with these impending laws ITG have developed a range of solutions which are aim to make the process as cost effective and simple as possible:

    The Nevada PCI DSS Law:

    The PCI DSS requires you to:

  • apply a number of specific controls, or safeguards.

  • These include documented policies and procedures; as well as

  • a number of technical IT and network configurations.

  • You will also have to provide staff with appropriate training; and

  • You will have to have quarterly scans.



  • PCI DSS v1.2 Documentation Compliance Toolkit
    toolkit-book-pci-dss

    This PCI DSS v1.2 compliance toolkit is specifically designed to help payment card-accepting organizations quickly create all the documentation required to affirmatively answer the requirements of the PCI DSS as set out in the Self Assessment Questionnaire (v1.2).


    201 CMR 17.00 – The Massachusetts Data Protection Law:

    201 CMR 17.00 & ISO 27001 Toolkit
    mass_dpa_law

    will save you months of work, help you avoid costly trial-and-error dead-ends, and ensure everything is covered to current 201 CMR 17.00 / ISO 27001 standard.

    This version of the ISMS Documentation Toolkit is ideal for those who owns or licenses personal information about a resident of the Commonwealth.

    Reblog this post [with Zemanta]

    Tags: 201 CMR 17.00, california, iso 27001, ISO/IEC 27001, Law, Massachusetts, Massachusetts Data Protection Law, Nevada, Nevada PCI DSS Law, Payment Card Industry Data Security Standard, PCI Express, privacy, sb 1386


    Jul 28 2009

    PCI DSS Law and State of Nevada

    Category: Information Security,pci dssDISC @ 12:09 am

    Information Security Wordle: PCI DSS v1.2 (try #2)
    Image by purpleslog via Flickr

    45 States followed California when they introduced “SB1386”, the Security Breach Information Act, which has specific and restrictive privacy breach reporting requirements.

    Similarly to the SB1386 Law, California, Massachusetts & Texas are already looking at making PCI DSS Law and history tells us that when California moves, everyone else follows!

    From the 1st January 2010, ALL businesses that collect or transmit payment card information, will be legally obliged, by Navada Law, to comply with PCI DSS.

    Not only does this effect Navada-based organisations, it affects EVERY organisation that collect or transmit payment card information about any person who lives in Nevada.

    Where One leads – others WILL follow!


    Reblog this post [with Zemanta]

    Tags: california, Credit card, Nevada, Payment card, pci dss, privacy, Security, Texas


    Oct 07 2008

    vsRisk and security risk assessment

    Category: ISO 27k,Security Risk AssessmentDISC @ 3:18 pm

    Information Security Risk Management for ISO27001 / ISO27002

    The State of California has adopted ISO/IEC 27002 as its standard for information security and recommends other organizations and vendors to use this standard as guidance in their efforts to comply with California law.

    To achieve an ongoing compliance, major organizations require tools to comply with standard such as ISO 27002/ISO27001. vsRisk is an easy to use Information Security Risk Assessment tool which makes risk assessment process consistent, easier and produces required documentation to achieve ISO 27001 certification . vsRisk also aligns seamlessly with standards like ISO 27002, ISO 27005 and NIST SP 800-30.

    vsRisk helps organizations to develop an Information Security Management System (ISMS) asset inventory and capture business, legal and contractual requirements against each asset. vsRisk is customizable to meet specific needs when introducing new risks, vulnerabilities and controls without any additional help from a consultant. vsRisk helps you focus on assets rather than on threats and vulnerabilities. This is an approach which works by treating business processes as an asset, which is examined for their criticality, lack of security and consequences of failed process can be examined. In this regards, vsRisk is an effective and efficient tool by identifying most important points and key issues right away, which focusing on threats doesn’t.

    Major benefits of vsRisk tool:
    1. It is the definitive ISO27001 risk assessment tool, compliant
    with all the key information security standards – which means that
    you can be certain that a vsRisk risk assessment will help you
    achieve ISO27001 certification.
    2. It is designed to be usable – your lead risk assessor and any
    asset owners involved in your risk assessment are going to find
    their task made easier
    3. Unique features include the risk assessment wizard, which
    standardizes the risk assessment process and guides asset owners
    through the risk assessment process.
    4. vsRisk creates a baseline from which future risk assessments can
    easily be made.
    5. vsRisk integrates with ISMS documentation toolkit, for even
    greater usability.

    “vsRisk™- the Definitive ISO 27001: 2005-Compliant Information Security Risk Assessment Tool, which automates and delivers an ISO/IEC 27001-compliant risk assessment and can assess confidentiality, integrity and availability for each of business, legal and contractual aspects of information assets – as required by ISO 27001. Providing a comprehensive best-practice alignment, it supports ISO 27001 and 27002 (ISO/IEC 17799) disciplines, and is ISO/IEC 27005 and NIST SP 800-30 compliant. It also offers a wizard-based approach that simplifies and accelerates the risk assessment process, plus integrates and regularly updates BS7799-3 compliant threat and vulnerability databases.”

    The key to successful Risk Management is to protect your most important/critical assets. The importance/criticality of an asset might change over time. That is another reason to automate security risk assessment process to recalibrate your risks based on current state of security.

    Risk Management to ISO27001/NIST Wizard-based risk assessment tool Simplifies compliance – To buy vsRisk tool!

    Meet Stringent California Information Security Legislation with Comprehensive Toolkit

    ISO27001 EXPERTS CAN HELP COMPANIES MEET STRINGENT CALIFORNIAN …
    EIN News (press release) – Netherlands
    vsRisk™- the Definitive ISO 27001: 2005-Compliant Information Security Risk Assessment Tool, which automates and delivers an ISO/IEC 27001-compliant risk …

    Tags: asset owner, automate security risk assessment, baseline, california, isms, iso 17799, iso 27001, iso 27001 certification, iso 27002, iso 27005, nist sp 80-30, sb 1386, vsrisk