Data Security: OECD Publishes New Privacy Guidelines for Accessing Data From Publicly Funded Research Projects

May 6th, 2007

On May 3 the Organization for Economic and Cooperation and Development (OECD) released a new 24-page guideline,”Principles and Guidelines for Access to Research Data from Public Funding” for organizations in governments throughout the world regarding access to data from publicly funded research projects.

Read the rest of this entry »

Iowa Student Gets Internship from Google for Reporting Security Flaw: More Proof Vendors Need Stronger Security Checking For Their Products

May 5th, 2007

Last night while my sons and I were watching the news it was reported that in Davenport, Iowa a St. Ambrose University student, David Bloom, found a security flaw in early December when he was using the Google Docs and Spreadsheets program.

Read the rest of this entry »

Employee Privacy & New Credit Check Law In Washington State Impacts Employers: Joins Similar Laws In 4 Other States

May 4th, 2007

Doing background checks on potential employees, and regularly for certain positions with significant access to personally identifiable information (PII) or managemen capabilities, has been a growing trend in recent years. Such checks are viewed as ways to help prevent putting untrustworthy and significant at-risk individuals into positions where they could perform malicious and/or criminal activities.

Read the rest of this entry »

Reducing Attack Exposure for Internet-Facing Applications

May 3rd, 2007

Yesterday the Channel 12 news in Jackson, Mississippi reported a Kennesaw, Georgia business had its Internet-facing computer system hacked. That business’s application is “now generating thousands of counterfeit messages to businesses and consumers, purporting to be a complaint filed with the BBB.”

Read the rest of this entry »

New Study: More Confirmation That Spam Costs Businesses Significant $$

May 2nd, 2007

On April 2 Nucleus Research, Inc. released a study, “Spam: The Repeat Offender” which reports that, according to a survey of 849 email users, 90% of all email going into company networks is spam, and 66% of spam gets through corporate filters.

Read the rest of this entry »

SOX Amendment Defeated: Information security and SMBs

May 1st, 2007

A week ago today (April 24, 2007) the senate defeated an amendment in a 35 – 62 vote for allowing more lax internal control reuiqements for small and medium sized businesses (SMBs) under the Sarbanes-Oxley Act (SOX).

Read the rest of this entry »

Addressing Privacy: There Will Never Be a Technology-Only Solution Because of the Human Factors Involved

April 29th, 2007

Last week I had the pleasure of being interviewed by Jay Cline for a Computerworld article he was doing about small companies, such as mine, that provide privacy services to organizations.

Read the rest of this entry »

Privacy: Surveillance and Poor Security Practices

April 28th, 2007

Today I read with interest an article in the U.K.’s Guardian Unlimited, “Surveillance ‘intrudes on our lives‘.”
I am doing some research into various surveillance methods, such as with CCTV, key loggers, and other methods of surreptitiously recording the activities of individuals, typically without their consent, and often without their knowledge.

Read the rest of this entry »

Keyloggers + Social Engineering = Identity Theft: Fraudsters Exploit Human Frailties with Seductive Messages

April 27th, 2007

Fraudsters and cybercriminals continue to find creative ways to exploit technology and human weakness to facilitate their crimes. Another new exploit they are using is hijacking popular Google search terms, typically targeting bank sites, and then inserting HTML into the legitimate response pages to get end-users to provide personally identifiable information (PII), typically website user IDs and passwords, often in conjunction with keyloggers they download to the victims’ computers.

Read the rest of this entry »

HIPAA: More Changes and Initiatives by HHS

April 26th, 2007

I’ve been reading so much about HIPAA lately; no enforcement actions yet, but a lot of changes, proposals and initiatives.
Two more I read about recently:

Read the rest of this entry »