DeepQueue – Store and Forward artwork

Deep Queue #11: Security breaches are not news?

DeepQueue – Store and Forward

English - May 25, 2009 15:44
Technology wmq security middleware news ibm messaging soa bestpractices Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: The Deep Queue – Episode #10: Cash in on mortgaged risk!
Next Episode: WebSphere MQ – Coming soon to an audit near you!

The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast.  The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether … Continue reading →

The subject of the UC Berkeley data breach was discussed on the May 15th Security Squad podcast.  The thing that struck me was that the breach itself was not the topic of conversation but rather the debate was about whether the breach was in fact newsworthy.  If you are not familiar with it, 160,000 Social Security numbers and medical information were stolen in the UC Berkeley data breach.  This notion that breaches of the “trusted” internal network are so common that’s possible to discuss with a straight face whether a breach of this magnitude is newsworthy is itself worthy of some discussion.


In this episode of The Deep Queue, I tackle this topic as well as the idea of software “never events”.  The term was coined in the medical professions to refer to preventable events with serious or deadly consequences.  The kind of events that should never happen such as operating on the wrong body part or wrong person.  the National Quality Foundation has developed a list of 28 such events which are used to report and track quality of care across the nation.  Bob Charette guested on the CERT Security podcast to campaign for a similar set of events in the software industry.  In this episode of The Deep Queue, I propose my own list of WebSphere MQ never events.


Links for this episode:


University of California Berkeley Data Breach

http://datatheft.berkeley.edu/news.shtml

Security Squad, SearchSecurity.com podcast for May 15, 2009

http://itknowledgeexchange.techtarget.com/security-wire-weekly/squad-data-breach-burn-out/


PrivacyRights.org Chronology of Data Breaches

http://www.privacyrights.org/ar/ChronDataBreaches.htm#CP


BankInfoSecurity.com – List of banks reported to have been affected by the Heartland breach tops 600

http://www.bankinfosecurity.com/articles.php?art_id=1200


National Quality Forum – Serious Reportable Events (a.k.a. “Never Events”)

http://www.qualityforum.org/projects/completed/sre/fact-sheet.asp


CERT Security podcast series for May 5, 2009

http://www.cert.org/podcast/


WebSphere MQ Security Heats Up – Blog post with downloadable setmqaut scripts to secure administrative access to WebSphere MQ.

http://t-rob.net/2008/07/08/websphere-mq-security-heats-up/