Archive for the ‘privacy and security’ Category

Criminal attacks are now leading cause of healthcare breaches

May 20, 2015 Comments off

Criminal attacks are now leading cause of healthcare breaches
Source: Ponemon Institute

The Fifth Annual Benchmark Study on Privacy and Security of Healthcare Data by the Ponemon Institute, sponsored by ID Experts, reveals a shift in the root cause of data breaches from accidental to intentional. Criminal attacks are up 125% compared to five years ago replacing lost laptops as the leading threat. The study also found most organizations are unprepared to address new threats and lack adequate resources to protect patient data

free registration required2

HHS Office for Civil Rights — HIPAA Privacy in Emergency Situations

May 19, 2015 Comments off

HIPAA Privacy in Emergency Situations (PDF)
Source: U.S. Department of Health and Human Services, Office for Civil Rights

In light of the Ebola outbreak and other events, the U.S. Department of Health and Human Services (HHS), Office for Civil Rights (OCR), is providing this bulletin to ensure that HIPAA covered entities and their business associates are aware of the ways in which patient information may be shared under the HIPAA Privacy Rule in an emergency situation, and to serve as a reminder that the protections of the Privacy Rule are not set aside during an emergency.

The HIPAA Privacy Rule protects the privacy of patients’ health information (protected health information) but is balanced to ensure that appropriate uses and disclosures of the information still may be made when necessary to treat a patient, to protect the nation’s public health, and for other critical purposes.

Power relationships in the united states federal government and its effect on cybersecurity policy

May 12, 2015 Comments off

Power relationships in the United States federal government and its effect on cybersecurity policy (PDF)
Source: Journal of Information System Security (via ResearchGate)

The United States federal government faces a major challenge as it attempts to secure the nation’s resources and critical infrastructure: the politics and power relationships that form the essence of its very body. Implementing security in any organization will affect the power relationships within that organization (Lapke & Dhillon, 2008) and the federal government is one of the largest and most complex. Considering the long standing de jure and de fa cto power relationships inherent in the federal government, the implementation of broad reaching cyber security policy has been a long fought battle. Subramanian (2010) detailed the government’s approach to cyber security in the 10 year period between 2000 and 2010. This paper is an extension of Subramanian’s work and focuses the analysis through the lens of Clegg’s (2002) Circuits of Power. It explores the power relationships that impacted the decisions made by the executive, legislative, and judic ial branches of government. It also describes how these power relationships changed as a result of the emerging reality of cyber security.

Spring 2015 Brookings Panel on Economic Activity

May 3, 2015 Comments off

Spring 2015 Brookings Panel on Economic Activity
Source: Brookings Institution

New research findings at the Spring 2015 BPEA conference by leading academic and government economists include: a cause of growing inequality; the possible outcomes of an early Federal Reserve boost in the interest rates; public sentiment concerning redistributive fiscal plans; the economic welfare impacts of the fracking boom; an assessment of Chinese government-sponsored firms; and the possible consequences of anonymizing big data.

RAPTOR: Routing Attacks on Privacy in Tor

April 28, 2015 Comments off

RAPTOR: Routing Attacks on Privacy in Tor

The Tor network is a widely used system for anonymous communication. However, Tor is known to be vulnerable to attackers who can observe traffic at both ends of the communication path. In this paper, we show that prior attacks are just the tip of the iceberg. We present a suite of new attacks, called Raptor, that can be launched by Autonomous Systems (ASes) to compromise user anonymity. First, AS-level adversaries can exploit the asymmetric nature of Internet routing to increase the chance of observing at least one direction of user traffic at both ends of the communication. Second, AS-level adversaries can exploit natural churn in Internet routing to lie on the BGP paths for more users over time. Third, strategic adversaries can manipulate Internet routing via BGP hijacks (to discover the users using specific Tor guard nodes) and interceptions (to perform traffic analysis). We demonstrate the feasibility of Raptor attacks by analyzing historical BGP data and Traceroute data as well as performing real-world attacks on the live Tor network, while ensuring that we do not harm real users. In addition, we outline the design of two monitoring frameworks to counter these attacks: BGP monitoring to detect control-plane attacks, and Traceroute monitoring to detect data-plane anomalies. Overall, our work motivates the design of anonymity systems that are aware of the dynamics of Internet routing.

Carter Unveils New DoD Cyber Strategy in Silicon Valley

April 24, 2015 Comments off

Carter Unveils New DoD Cyber Strategy in Silicon Valley
Source: U.S. Department of Defense

Defense Secretary Ash Carter today unveiled the Defense Department’s second cyber strategy to guide the development of DoD’s cyber forces and to strengthen its cyber defenses and its posture on cyber deterrence.

Carter discussed the new strategy — an update to the original strategy released in 2011 — before an audience at Stanford University on the first day of a two-day trip to Silicon Valley in California.

Deterrence is a key part of the new cyber strategy, which describes the department’s contributions to a broader national set of capabilities to deter adversaries from conducting cyberattacks, according to a fact sheet about the strategy.

The department assumes that the totality of U.S. actions — including declaratory policy, substantial indications and warning capabilities, defensive posture, response procedures and resilient U.S. networks and systems –- will deter cyberattacks on U.S. interests, the fact sheet added.

2015 Data Breach Investigations Report

April 16, 2015 Comments off

2015 Data Breach Investigations Report
Source: Verizon

Prepare your enterprise to conduct individualized self-assessments of risk, so you can make realistic decisions on how to avoid cyber threats. The 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.

free registration required2


Get every new post delivered to your Inbox.

Join 1,053 other followers