LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	The Sony Hack and RIM
From:	Gary Link <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Thu, 18 Dec 2014 08:42:24 -0500
Content-Type:	text/plain
Parts/Attachments:	text/plain (44 lines)

I'm writing a piece for internal consumption on the Sony data breach and
how elements of it illustrate how good RIM policies and practices can help

in the overall effort of protecting an organization's confidential data.
Elements of the hack that I've identified so far specific to this point
are:

· Over 47,000 social security numbers have were publicized. These
appeared 1.1 million times in 601 files. Todd Feinman, CEO of Identity
Finder, a data security firm, said, ?The most concerning finding in our
analysis is the sheer number of duplicate copies of the social security
numbers that existed inside the files.?

· Human resources files from Deloitte and Touche were publicized.
One Sony HR employee had formerly worked for Deloitte, and had brought
over old files on their computer. Personnel files from 2005, containing
staff wages/salaries, job titles, addresses, and race & gender information

of over 30,000 employees were exposed.

· Passwords were publicized. Thousands of passwords to internal
computers, social media accounts, and web services accounts were exposed.
These resided in 139 Word files, Excel spreadsheets, .pdf?s, and zip
files, all with names indicating that the documents contained passwords.

Can anyone identify any additional elements of the Sony breach that are
good examples of how RIM (as opposed to pure cyber security measures) can
help protect an organization's private data and files?

Thanks,
Gary

The contents of this email are the property of PNC. If it was not addressed to you, you have no legal right to read it. If you think you received it in error, please notify the sender. Do not forward or copy without permission of the sender. This message may be considered a commercial electronic message under Canadian law or this message may contain an advertisement of a product or service and thus may constitute a commercial electronic mail message under US law. You may unsubscribe at any time from receiving commercial electronic messages from PNC at http://pages.e.pnc.com/globalunsub/
PNC, 249 Fifth Avenue, Pittsburgh, PA 15222; pnc.com

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]

ATOM RSS1 RSS2

LISTSERV.IGGURU.US