<!--

var CSOheadlineRev = "$Rev: 243 $"
var CSOheadlineId = "$Id: headline.js 243 2010-05-28 23:58:11Z mrj $"

var CSOheadlineInterval = 10000;
var CSOheadlineTimer = null;
var CSOheadlineElement = null;
var CSOheadlineText = new Array(

    "<h1>Lost Laptops</h1>Did you know that the average lost or stolen laptop cost is about $50,000 and cases of over $186,000 cost have been reported?",

    "<h1>Data Breaches</h1>According to the Verizon Business 2009 Data Breach Investigations Report, 81% of data breach victims were not compliant with Payment Card Industry (PCI) standards.",

    "<h1>Data Breaches</h1>Over 80% of the data breaches reported in 2008 could have been prevented with simple or intermediate controls.",

    "<h1>AWS Completes SAS70 Audit</h1>Amazon Web Services has successfully completed a Statement on Auditing Standards No. 70 (SAS70) Type II Audit.  See the <a href='http://aws.amazon.com/security/' target='_blank'>AWS Security Center</a> for more details.",

    "<h1>Data Breach Legislation</h1>Two US Senate bills are working their way through the Senate.  Diane Feinstein's (D-CA) <a href='http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:s139is.txt.pdf' target='_blank'>Data Breach Notification Act</a> would require companies engaging in interstate commerce or any Federal agency to disclose data breaches \"without unreasonable delay.\"  The <a href='http://frwebgate.access.gpo.gov/cgi-bin/getdoc.cgi?dbname=111_cong_bills&docid=f:s1490is.txt.pdf' target='_blank'>Personal Data Privacy and Security Act</a> adds some financial (up to $250,000) and prison (5 years) penalties for withholding disclosure.",

    "<h1>Welcome to 2010</h1>A number of year end reports have been published on Spam and data Breaches.  See <a href='http://www.verizonbusiness.com/resources/security/reports/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf' target='blank_'>2009 Data Breach Investigations Supplemental Report</a> from the Verizon Business RISK Team or the <a href='http://cisco.com/en/US/prod/vpndevc/annual_security_report.html' target='blank_'>Cisco 2009 Annual Security Report</a> for more details.",

    "<h1>Kingston, SanDisk and Verbatim USB drive vulnerability</h1><p>German security firm SySS has demonstrated an exploit of a flaw in the FIPS 140-2 Level 2 USB drives made by Kingston, SanDisk and Verbatim. The vulnerability is <strong>not</strong> in the encryption of the data on the drive, but with the password authentication mechanism implemented. All three vendors have responded with updates to their drives. Click on the link to the left to check on that manufaturers drives.</p><table><tr><td><a href='http://www.kingston.com/driveupdate/' target='blank_'>Kingston</a></td><td>DataTraveler secure USB flash drive</td></tr><tr><td><a href='http://www.sandisk.com/business-solutions/enterprise/technical-support/security-bulletin-december-2009' target='blank_'>SanDisk</a></td><td>Cruzer Enterprise USB (or FIPS) flash drive</td></tr><tr><td><a href='http://www.verbatim.com/security/security-update.cfm' target='blank_'>Verbatim</a></td><td>Corporate Secure USB (or FIPS) flash drive</td></tr></table></p><p>More information can be found at <a href='http://www.computerworld.com/s/article/9143099/Kingston_recalls_some_USB_drives_due_to_security_flaw' target='blank_'>Computerworld</a> or <a href='http://www.h-online.com/security/news/item/NIST-certified-USB-Flash-drives-with-hardware-encryption-cracked-895308.html' target='blank_' blank_'>The H Security</a> website.</p>",

    "<h1>SQL Injection still a prime target for data thiefs</h1><p>The <a href='http://www.verizonbusiness.com/resources/security/reports/rp_2009-data-breach-investigations-supplemental-report_en_xg.pdf' target='blank_'>2009 Data Breach Investigations Supplemental Report</a> from Verizon has a great graph on page 5 that may help prioritize your data breach activities.  Many of the <i>threat action types</i> they list contribute very little to the number of records breached.  The graph also shows just how important key loggers, SQL injection and back doors have become in stealing information.</p>"

  );

function CSOheadlineStart() {

    // Randomly choose a headline to display.
    var headline = CSOheadlineText[Math.floor(Math.random()*CSOheadlineText.length)];

    // If there is a timer in play, cancel it.
    if (CSOheadlineTimer) {
        clearTimeout(CSOheadlineTimer);
        CSOheadlineTimer = null;
    }

    // Set the headline in the proper element.
    CSOheadlineElement.innerHTML = headline;

    // Now set the timeout on this headline.
    CSOheadlineTimer = setTimeout("CSOheadlineStart()", CSOheadlineInterval);

}

function CSOheadlines(elementId) {

    CSOheadlineElement = document.getElementById(elementId);

    // If there is actually a headline element found, display the headlines in it.
    // If not, display nothing.
    if (CSOheadlineElement) { CSOheadlineStart(); }

}

-->
