Dreaming of a secure California

If your Web site deals with California residents and handles their private details such as social security numbers, driver’s license numbers, credit and debit card numbers, then you should be aware of a new privacy law, SB 1386 (see links below), which went into effect July 1.

This law requires public disclosure of most computer security breaches if confidential info about California residents is involved.

This is not a trivial issue and the bill states: “(a) Any customer injured by a violation of this title may institute a civil action to recover damages. / (b) Any business that violates, proposes to violate, or has violated this title may be enjoined. / (c) The rights and remedies available under this section are cumulative to each other and to any other rights and remedies available under law.”

To put that another way, serious liability is connected to not obeying this particular law.

An interesting service to help minimize your liability is being offered by Threat Focus, a Calif., security-auditing firm.

The company claims that its ThreatCheck service scans your servers for more than 1,500 vulnerabilities and provides suggested fixes and patches for those that are identified. It also claims to add as many as 10 new tests per day and can test more than 1,200 products from more than 40 vendors. 

ThreatCheck uses a Web interface based on the open-source Nessus vulnerability testing engine to select which systems to audit and how often. Most importantly, ThreatCheck requires no additional hardware or software.

ThreatCheck comes in three flavors: The Essential service is aimed at small business and costs $49 per month; the Security Admin service for $99 per month is targeted at larger organization; and the Security Manager service, for enterprise scale operations, is priced at $149 per month.