The above number is from a Register article. The FTC contracted with Synovate, a VA survey company, to compile the latest ID Theft numbers. The actual report, which can be found at the FTC ID Theft site, says that 1.5% of respondents reported that their identity had been "misused to open new credit accounts, take out new loans, or engage in other types of fraud." Which suggests 3.25m Americans were affected by this type of fraud last year.
Interestingly, the methodology of the report says that information was gathered by a Telenation RDD (Random Digit Dialing) telephone survey. I wouldn't talk about ID Theft with a random caller. And I wonder about the validity of the numbers. There's a good chance that in reality the fraud numbers are higher. If you've been a recent victim of ID Theft, are you going to report that to a random caller?
Federal Computer Week reports that "The nation isn't doing a good job of assessing its vulnerabilities to terrorist attacks".
The article goes on to say, "Witness after witness stressed that no one knows how much money is needed for homeland security because nobody - federal, state, and local officials - has identified minimum standards for protection."
Which is not to say it shouldn't or couldn't be done. Just a reminder that it's a complex task and there are few simple answers.
"Deemed "critical" is a flaw in Visual Basic for Applications (VBA), a technology that is part of Microsoft Office products and used to run customized applications on top of Office. A flaw exists in the way VBA checks the properties of a document when it is opened in an Office application, potentially allowing an attacker to run code on a victim's computer".
MS03-037, the MS Bulletin on these flaws, with appropriate patch information, can be found here: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS03-037.asp.
Note that these are vulnerabilities in the Windows versions of the products, the Mac OS X Office isn't listed as vulnerable.
"Microsoft Corp, eBay, Amazon.com and Visa are among founder members of the Coalition on Online Identity Theft, which is dedicated to fighting the growing menace of ID theft. Analysts estimate ID theft cost US lenders alone at least $1 billion last year."
The ITAA (Information Technology Association of America) will be acting as Secretariat for the ID Theft coalition. The official ITAA press release can be found here: http://www.itaa.org/news/pr/PressRelease.cfm?ReleaseID=1062528130.
Network World reports: "Nearly two years after the Sept. 11 attacks, many organizations remain woefully unprepared to quickly recover their IT systems and key business processes in the event of a disaster."
For those enterprises that haven't yet gotten a reasonable and workable DR plan in place, this article has a nice 'jump point' checklist to get the wheels turning. Like a security policy, a DR plan is often one of the hardest things to get right in the total security picture.
One of the reasons? They ain't easy. The checklist here is good and mentions a test plan, but my recommendation is to execute on it regularly. Test and re-test, once a week if that's possible. Even the best laid DR plans can go awry if one of the critical components, say a back up server or tape drive, goes out. So get the plan in place, and then test it. Do dry run recovery to make sure it's working as expected.
Another point to add to your checklist- cost/benefit analysis. Security people get a bit tiresome repeating this, but it's a major success factor or stumbling block. Don't spend more to secure less. You wouldn't cover a $20,000 car with a $50,000 insurance policy, in large part because the auto insurance companies wouldn't allow it. While ascertaining the asset values of systems and employee down time, lost data, etc. is a lot squishier than getting a Blue Book reading on vehicle value, it has to be done.
There are some great resources out there to help with the risk analysis side of any security planning, including DR. A few are listed below to help get you started.
Danger money: The challenge of risk management
NIST's Risk Management Guidance for IT Systems
The USDA's Capital Planning and Investment Control Guide