The Federal Trade Commission (FTC) held a public hearing Nov. 6-8 at George Washington University to discuss the ways in which technological and business developments will impact consumers’ experiences in the next 10 years.
Archive for November, 2006
FTC Public Hearing Presenters Forecast Privacy Concerns For the Next 10 Years
Wednesday, November 15th, 2006The State of Information Security According to E&Y
Tuesday, November 14th, 2006This year’s Ernst & Young Global Information Security Survey 2006 is out and it is always an interesting read. Arguments aside about the statistical accuracy of such surveys, it still provides useful information and also helps to track progress in the topics covered as the years march on. The history alone involved with the survey, this is the 9th year for it, are quite revealing. My, my how concerns have changed in less than a decade!
Information Assurance: Make a Perspective Adjustment; It’s All About the Business
Monday, November 13th, 2006Last week I was at the Computer Security Institute 33rd Annual Computer Security Conference & Exhibition where Chris Grillo and I also gave our post-conference seminar, “Effectively Partnering InfoSec and Privacy For Business Success“. It was interesting to hear the folks attending both the conference and our seminar express their concerns related to information security and privacy. I am always intrigued by the various viewpoints of folks in not only different industries, but also of those who have very little experience in dealing with information security, privacy and compliance versus those with a great amount of experience. It is very noticeable how the viewpoints shift from trying to address primarily only technical issues (overwhelmingly those with little experience) to the viewpoint of incorporating the issues throughout the entire enterprise and into all processes through procedures, awareness and responsibilities (overwhelmingly those with much experience).
Computer Stolen from Insurance Provider Has Personal Information About 1,200 Villanova University students and staff members
Tuesday, November 7th, 2006And yes…still another example of a laptop with clear text personally identifiable information (PII) being stolen.
Villanova University confirmed on 11/2 that a laptop with information about 1,200 of their students and staff members, along with other individuals not part of Villanova, was stolen from their auto insurer, Hilb, Rogal & Hobbs in September. Notifications went out to the involved individuals on October 26.
Broadcasting Company Laptop With Employee Personal Information Stolen
Friday, November 3rd, 2006The Boston Herald reported a laptop “holding Social Security numbers of current and former staffers was stolen out of Greater Media’s Philadelphia offices.”
Greater Media is offering credit monitoring to the impacted individuals “if staffers sign up by the end of the year.”
Another U.S. Veterans Affairs Computer Stolen: This One With Personal Information About 1,600 Vets
Friday, November 3rd, 2006Thursday, 11/2, the VA confirmed a computer containing data about 1,600 U.S. military veterans was stolen from their Manhatten hospital.
According to the report, it was stolen from “a locked room in a locked hallway at the VA hospital. The theft occurred Sept. 6, but VA officials sent out a letter to veterans only within the past two weeks. The personal data of about 1,600 people was on the computer’s hard drive. It was the third theft of personal data from a VA facility in less than a year.”
Encryption…Just Do It!
Thursday, November 2nd, 2006I am a big advocate of encryption. It is such a great tool for protecting sensitive and personally identifiable information (PII), particularly for such data that moves…while on mobile devices, storage devices, and while being transmitted through networks. Historically it was a challenge to implement.
In the past few years implementation has been getting much easier, and continues to improve. However, it is still no surprise, but yet a disappointment, that a recent study from Credant Technologies, Inc., yes, an encryption solution vendor, found that out of 426 IT practitioners interviewed throughout the world, 88% know sensitive data and PII is on their personnel’s mobile computers, but the only 20% have deployed encryption for such devices. Note the encryption is deployed; I would bet that the actual amount of PII and sensitive data encrypted on those devices is actually much lower.
Encryption…Just Do It!
Thursday, November 2nd, 2006I am a big advocate of encryption. It is such a great tool for protecting sensitive and personally identifiable information (PII), particularly for such data that moves…while on mobile devices, storage devices, and while being transmitted through networks. Historically it was a challenge to implement.
In the past few years implementation has been getting much easier, and continues to improve. However, it is still no surprise, but yet a disappointment, that a recent study from Credant Technologies, Inc., yes, an encryption solution vendor, found that out of 426 IT practitioners interviewed throughout the world, 88% know sensitive data and PII is on their personnel’s mobile computers, but the only 20% have deployed encryption for such devices. Note the encryption is deployed; I would bet that the actual amount of PII and sensitive data encrypted on those devices is actually much lower.
100 Million Internet Web Sites
Wednesday, November 1st, 2006Today CNN announced the Internet now has 100 million (100,000,000) web sites “with domain names and content on them.” They provided several interesting accompanying statistics.