Breaking News:   

FTC releases FAQs on Red Flags Rules. A new frequently-asked-questions document aims to clear up some of the confusion around the Red Flags Rules.

HEALTHCARE

The Healthcare industry (hospitals, nursing homes, psychiatric hospitals, clinics, assisted living and retirement communities, dental offices and medical office buildings) have a need to provide a safe, welcoming facility... Read more »

RETAIL

Information security is critical to both retail organizations from both a business operations and regulatory standpoint. Customer and supplier data must be protected to maintain the company’s reputation and to avoid legal liability. PCI regulations are a large Read more »

FINANCIAL

The Financial sector has always been under intense information security regulations. The reputation is always at stake with financial data loss. Financial institutions must maintain compliance with many laws and regulation such as GLBA, PCI, SOX, Red Flag Read more »

BUSINESS PROCESS OUTSOURCING

BPO organizations face a unique challenge in data management. Working with companies in the US, BPO’s are under the same regulations and requirements in customer data management. While outsourcing business Read more »

Video

Latest Events

Tweets by KRAA

Monday, 22 June 2009 20:23
Twitter malicious software attacks exploit Twitter's "trending topics", with a a link, which leads to a FAKE anti-virus website
Friday, 19 June 2009 13:40
Microsoft’s free anti-malware security offering will launch into beta next Tuesday June 23, paid Windows Live OneCare is dead
Thursday, 18 June 2009 16:40
Kaspersky Lab has revealed that micro-blogging and social networking site Twitter has been infected with malware
Thursday, 18 June 2009 13:30
Microsoft issues 10 security patches for June 2009, run Automatic update
Friday, 12 June 2009 09:53
Need a custom HTML Newsletter for monthly use thats easy to edit. What service is your company using?
Wednesday, 10 June 2009 08:46
KRAA's Vanguard Conference recap. http://bit.ly/9YWDw

Information Security Services

KRAA Security addresses the information security requirements of national and international clients. With a comprehensive suite of Security Consulting, Managed Security Services and Products that are practical, efficient and cost effective.  KRAA Security protects organizations from threats through a combination of preventative services in Application Security, Network Security, Operating System Security and Compliance measures. Our team of expert professionals with deep industry experience provide a defense-in-depth strategy to address all security needs. 

 

Our Managed Security Services provides consistent and reliable security management to our clients for a low initial investment, and a manageable recurring monthly maintenance fee. The cost savings will free up IT budgets for more strategic projects. Clients taking advantage of our Managed Security Services will benefit from economies of scale, reduced overhead and fixed costs, and expert knowledge on a 24/7 basis in multiple technological platforms, things you will not get from hiring one or two security employees. Our management capabilities covers areas such as Intrusion Detection/Prevention systems, Firewall management, Managed VPN Service, Content Filtering, Website monitoring, Virus scanning, Spam filtering, Vulnerability scanning, Phishing and Pharming defense and Host Intrusion detection.

Consulting professionals provide an expert resource to identify and define the security problem, design and recommend solutions across people, process and technology challenges and are the trusted advisor to clients.

 
 

 LATEST BREACH

 

Laptops containing PII for 250,000 stolen from Canada hospital
by Angela Moscaritolo, SC Magazine, June 25, 2009


Two laptops, which contained personal information for hundreds of thousands of patients, were recently stolen from University of Alberta Hospital in Canada.

How many victims? 250,000.
What type of personal information? Names and personal health numbers.
What happened? The laptops were stolen from a locked hospital laboratory room where they were chained to desks. The hard drives of the laptops contained a random sample of 250,000 lab reports, which contained the personally identifiable information (PII).
Details: The laptops are encrypted so it would be “extremely difficult” to access the sensitive information, making the risk of identity theft low – but still possible, hospital officials told the Edmonton Journal.
The hospital does not know which patient’s personal health numbers were contained on the computers because those on the list were randomly selected.
Quote: “The public should not be concerned,” Bill Trafford, chief information officer of Alberta Health Services told the Edmonton Journal. “We believe there’s very, very low risk of any information on those devices being made accessible to anybody else.”

Source: edmontonjournal.com, Edmonton Journal, “Laptops with patient information of thousands of Albertans stolen from U of A Hospital,” June 24, 2009.

 
 
 

LATEST BREACH

Flash drive stolen from Florida Department of Revenue

by Angela Moscaritolo, SC Magazine

The personal information of nearly 3,000 workers from large corporations around the state of Florida may be at risk after a sensative flash drive was stolen from a Florida Department of Revenue employee.

How many victims? 2,828.

What type of personal information? Names, addresses and Social Security numbers.

What happened? The flash drive contained a file with personal information for current or past employees of six large corporations that are being audited by the state. The flash drive was connected to a laptop that was stolen from the unlocked car of a Florida Department of Revenue employee’s home in Marietta, Ga., on April 9. The thief also took a cell phone and GPS device.

Details: The names of the companies being audited are confidential, Walter Boyd, the department’s chief confidential information officer told The Gainesville Sun.

The sensitive file was password-protected, but not encrypted – so, with the technical knowledge it would be possible for someone to access it, Boyd said. Currently, the department has guidelines that say flash drives should be encrypted, but it is not required, he said.

Quote: “We can hope for a stereotypical thief, some unsophisticated thief that just wants to sell the equipment and doesn’t know what’s on there,” Boyd said.

What was the response? Letters were sent to affected individuals. In addition, a new department policy is pending approval that would require flash drives and other mobile devices to be encrypted.

Source: Gainesville.com, The Gainesville Sun, “Stolen flash drive held personal data on 2,828 people,” June 24, 2009.
 

 

Security Newsletter

Polls

What Managed Service would you most likely use?
 
©2009 KRAA SecurityTM All Rights Reserved.  |  Privacy  Link  info@kraasecurity.com