Something that I want to know about the U.S. presidential candidates, along with all their views and plans for the economy, education, healthcare, defense and so on, is what their plans are for information security and privacy protections. The past 8 years certainly has been a mixed bag of impacts for privacy and information safeguards.
Archive for the ‘government’ Category
What Happens On The Internet Stays On The Internet…No Matter What A Judge Says!
Tuesday, August 12th, 2008For those of you that weren’t aware, this past weekend the long-running Defcon convention (historically started with only “hard core” hackers in attendance, but now huge numbers of information security pros and law enforcement attend) was held in Las Vegas.
Some MIT students, Zack Anderson, R.J. Ryan and Alessandro Chiesa, were scheduled to talk about “Anatomy of a Subway Hack,” detailing a school project they did, and received an “A” on, that showed how the Massachusetts Bay Transportation Authority (MBTA) cards could be hacked to basically change a $1.25 MBTA fare card to a $100 fare card.
Well, the MBTA got wind of this…actually the MIT students contacted them in July to tell them about this security flaw, as well as let them know they were giving a presentation about it…and filed an injunction last Friday to keep the MIT students from giving their presentation on Sunday.
But guess what? Yep…I bet you can see this coming…
New Website Seal For Companies Participating In The EU Safe Harbor Program
Sunday, August 3rd, 2008Something I’ve been spending a lot of work on this summer is creating management tools to help information security and privacy practitioners do their jobs more effectively and efficiently. In the past three months I’ve had over a dozen CISOs and CPOs call me and ask if I had specific types of tools to help them with their information security, privacy and compliance efforts and iniatives. One of the tools will help them with managing their programs and processes for, along with the many complex issues involved with, transferring personally identifiable information (PII) with any of the 27 European Union (EU) contries to the U.S. and other countries. One of the areas involved with tackling this issue is whether or not to participate in the Safe Harbor program.
So, I was very interested to read that the U.S. Commerce Department announced a new certification mark/seal for organizations to put on their websites to show that they have self-certified compliance with the Safe Harbor Framework requirements.
Free Info Sec & Privacy Training Hosted By The FTC and COPP
Thursday, July 31st, 2008If you’re in the Los Angeles area on August 13, here’s what looks to be a good, FREE, day of getting information security and privacy training hosted by the U.S. Federal Trade Commission (FTC) and the California Office of Privacy Protection (COPP).
If you are a company with no dedicated information security or privacy position, like most small and medium sized businesses (SMBs), then go to this event to hear WHY you need to make efforts to safeguard your customers’ and employees’ personally identifiable information (PII). Hey, if you’re in the area, it’ll only cost your time!
Here’s the full announcement…
Do You Do Data Mining?
Wednesday, July 30th, 2008Many folks like to argue and pick apart what is meant by “data mining.” Marketers I’ve spoken with claim they are not doing data mining with their customers’ information, but just “repurposing” it.
Whatever you call it, you need to know how your organization is using personally identifiable information (PII) in ways other than the purposes for which it was collected. Many times these other purposes are achieved through data mining.
Last week the U.S. Department of Homeland Security held a workshop, “Implementing Privacy Protections in Government Data Mining” that provided some good information about data mining privacy issues that all organizations should consider. The comments the DHS received prior to the event were very interesting.
Insider Threat Example: San Fran IT Employee Exploits Poor Security Practices
Thursday, July 17th, 2008Okay, why would a large city like San Francisco make such a silly, preventable mistake like allowing one employee to be able to establish a super user type of account and then lock everyone else out of the government network?
“Hacker Holds Key to City’s Network: An Alleged Hacker Won’t Reveal Secret Password to Unlock San Francisco’s Network”
Who Had The Brilliant Idea To Outsource U.S. Passports?
Thursday, March 27th, 2008Okay, after the recent passport files snooping debacle I found today’s news story, “Outsourcing passports ‘profound liability’” very ironic and concerning.
Not only for the reported huge waste of taxpayers’ dollars, but also for the security risks…
