New SEC 10K for HARVEST NATURAL RESOURCES INC

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

05/02/2013 HARVEST NATURAL RESOURCES INC http://www.sec.gov/Archives/edgar/data/845289/000119312513196239/d444289d10k.htm (10-K for HARVEST NATURAL RESOURCES INC)

Links shown in red contain references to actual “cyber” events/incidents, and the like.

Posted in Uncategorized | Leave a comment

Of historical interest (only?)

A tweet by @jack_daniel reminded me of a graphic used (on slide 6, I now am reminded) of a presentation I delivered at the 2007 FIRST conference.  Turns out that that while I had blogged about the presentation and made it available for download, the link is dead because I decommissioned the server. I wrote at the time, the main takeaways were intended to be:

That with the availability of breach reports direct from states with central reporting, such as New York, it is possible to measure part of our ignorance when we rely solely on published breach reports — even the best available sources (such as Attrition’s DLDOS DataLossDB) undercount breaches dramatically, and are biased toward larger incidents.

That we are still at the leading edge of an explosion of information, and that we should not draw hasty conclusions until more facts are in.

That, as Emil Faber might put it, “Knowledge is Good” and is not that painful to provide.

And finally, primary materials such as breach reports are useful artifacts not only because they tell us dry facts in a standardized format (but that IS nice), but also because the notices themselves are interesting evidence of how firms talk to their customers about a difficult topic.

Here’s a PDF of the presentation (along with my speaker notes).

Posted in Presentations | Leave a comment

New SEC correspondence for Bank of New York Mellon CORP

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

08/23/2012 Bank of New York Mellon CORP http://www.sec.gov/Archives/edgar/data/1390777/000119312512366599/filename1.htm (CORRESP for Bank of New York Mellon CORP)
05/10/2012 Bank of New York Mellon CORP http://www.sec.gov/Archives/edgar/data/1390777/000119312512225900/filename1.htm (CORRESP for Bank of New York Mellon CORP)
07/26/2012 Bank of New York Mellon CORP http://www.sec.gov/Archives/edgar/data/1390777/000000000012040066/filename1.pdf (UPLOAD for Bank of New York Mellon CORP)

You can read more about correspondence like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/ and about the automated mechanism used to identify these files at https://vaguelythreatening.wordpress.com/2012/11/14/a-note-on-automated-postings-of-sec-cyber-correspondence/

Posted in Uncategorized | Leave a comment

New SEC 10K for RITE AID CORP

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

04/23/2013 RITE AID CORP http://www.sec.gov/Archives/edgar/data/84129/000104746913004721/a2214454z10-k.htm (10-K for RITE AID CORP)

Links shown in red contain references to actual “cyber” events/incidents, and the like.

Posted in Uncategorized | Leave a comment

New SEC 10Q for US AIRWAYS GROUP INC, NORTHWESTERN CORP, OVERSTOCK COM INC, SILICON LABORATORIES INC, KAISER ALUMINUM CORP, QUALCOMM INC DE, BROADCOM CORP, I APPLE INC, PRAXAIR INC

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

04/23/2013 US AIRWAYS GROUP INC, US AIRWAYS INC http://www.sec.gov/Archives/edgar/data/701345/000119312513166077/d505866d10q.htm (10-Q for US AIRWAYS GROUP INC)
04/25/2013 NORTHWESTERN CORP http://www.sec.gov/Archives/edgar/data/73088/000007308813000110/nwe-33113x10q.htm (10-Q for NORTHWESTERN CORP)
04/25/2013 OVERSTOCK COM INC http://www.sec.gov/Archives/edgar/data/1130713/000110465913032734/a13-8354_110q.htm (10-Q for OVERSTOCK COM INC)
04/24/2013 SILICON LABORATORIES INC http://www.sec.gov/Archives/edgar/data/1038074/000110465913032197/a13-7859_110q.htm (10-Q for SILICON LABORATORIES INC)
04/24/2013 KAISER ALUMINUM CORP http://www.sec.gov/Archives/edgar/data/811596/000081159613000029/kalu331201310q.htm (10-Q for KAISER ALUMINUM CORP)
04/24/2013 QUALCOMM INC DE http://www.sec.gov/Archives/edgar/data/804328/000123445213000179/qcom3311310-q.htm (10-Q for QUALCOMM INC DE)
04/24/2013 BROADCOM CORP http://www.sec.gov/Archives/edgar/data/1054374/000105437413000072/brcm-20130331x10q.htm (10-Q for BROADCOM CORP)
04/24/2013 APPLE INC http://www.sec.gov/Archives/edgar/data/320193/000119312513168288/d501596d10q.htm (10-Q for APPLE INC)
04/24/2013 PRAXAIR INC http://www.sec.gov/Archives/edgar/data/884905/000088490513000051/px-q1201310q.htm (10-Q for PRAXAIR INC)

You can read more about filings like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/

Posted in Uncategorized | Leave a comment

New SEC correspondence for Silvercrest Asset Management Group Inc

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

10/02/2012 Silvercrest Asset Management Group Inc http://www.sec.gov/Archives/edgar/data/1549966/000119312512412900/filename1.htm (CORRESP for Silvercrest Asset Management Group Inc)

You can read more about correspondence like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/ and about the automated mechanism used to identify these files at https://vaguelythreatening.wordpress.com/2012/11/14/a-note-on-automated-postings-of-sec-cyber-correspondence/

Posted in Uncategorized | Leave a comment

New SEC 10Q for EBAY INC, MICROSOFT CORP, BANK OF HAWAII CORP

The following new documents were recently made available by the SEC, and have been identified by an automated process as potentially relating to disclosures of “cyber” risk or incidents.

04/19/2013 EBAY INC http://www.sec.gov/Archives/edgar/data/1065088/000106508813000058/ebay10-qq12013.htm (10-Q for EBAY INC)
04/18/2013 MICROSOFT CORP http://www.sec.gov/Archives/edgar/data/789019/000119312513160748/d497226d10q.htm (10-Q for MICROSOFT CORP)
04/22/2013 BANK OF HAWAII CORP http://www.sec.gov/Archives/edgar/data/46195/000004619513000018/boh_20130331x10q.htm (10-Q for BANK OF HAWAII CORP)

You can read more about filings like this at https://vaguelythreatening.wordpress.com/2012/08/30/sec-comment-letters-as-infosec-situational-awareness/

Posted in Uncategorized | Leave a comment