Archive

Archive for the ‘privacy and security’ Category

CRS — Cybersecurity: Authoritative Reports and Resources, by Topic (October 14, 2014)

October 20, 2014 Comments off

Cybersecurity: Authoritative Reports and Resources, by Topic (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

This report provides references to analytical reports on cybersecurity from CRS, other government agencies, trade associations, and interest groups. The reports and related websites are grouped under the following cybersecurity topics:
• policy overview
• National Strategy for Trusted Identities in Cyberspace (NSTIC)
• cloud computing and FedRAMP
• critical infrastructure
• cybercrime, data breaches, and data security
• national security, cyber espionage, and cyberwar (including Stuxnet)
• international efforts
• education/training/workforce
• research and development (R&D)

In addition, the report lists selected cybersecurity-related websites for congressional and government agencies, news, international organizations, and organizations or institutions.

About these ads

UN — Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism

October 17, 2014 Comments off

Report of the Special Rapporteur on the promotion and protection of human rights and fundamental freedoms while countering terrorism (PDF)
Source: United Nations Office of the High Commissioner for Human Rights

The present report in the fourth annual report submitted to the General Assembly by the current Special Rapporteur on the promotion and protection of human rights and fundamental freesoms while countering terrorism, Ben Emmerson.

The key activities undertaken by the Special Rapporteur between 17 December 2013 and 31 July 2014 are listed in section II of the report. In section III, the Special Rapporteur examines the use of mass digital surveillance for counter-terrorism purposes and considers the implications of bulk access technology for the right to privacy under article 17 of the International Covenant on Civil and Political Rights.

How Should Health Data Be Used? Privacy, Secondary Use, and Big Data Sales

October 15, 2014 Comments off

How Should Health Data Be Used? Privacy, Secondary Use, and Big Data Sales
Source: Yale Institute for Social and Policy Studies

Electronic health records, data sharing, big data, data mining, and secondary use are enabling exciting opportunities for improving health and health care while also exacerbating privacy concerns. Two court cases about selling prescription data raise questions of what constitutes “privacy” and “public interest;” they present opportunity for ethical analysis of data privacy, commodifying data for sale and ownership, combining public and private data, data for research, and transparency and consent. These interwoven issues involve discussion of big data benefits and harms, and touch on common dualities of the individual v. the aggregate or the public interest, research (or, more broadly, innovation) v. privacy, individual v. institutional power, identification v. identity and authentication, and virtual v. real individuals and contextualized information. Transparency and accountability are needed for assessing appropriate, judicious, and ethical data use and users, as some are more compatible with societal norms and values than others.

2014 Deloitte-NASCIO Cybersecurity Study

October 9, 2014 Comments off

2014 Deloitte-NASCIO Cybersecurity Study
Source: Deloitte/NASCIO

The third biennial Deloitte-National Association of State Chief Information Officers (NASCIO) Cybersecurity Study, conducted in the spring of 2014, assessed the state of cybersecurity initiatives administered by state chief information security officers (CISOs). CISOs from 49 states participated in the survey and 186 business leaders from a broad cross-section of states responded to a parallel survey. The study highlights the challenges that states and chief information officers (CIOs)/CISOs face in protecting states’ critically important systems and data. The survey results call for greater communication and collaboration with business leaders.

The following key themes emerged from the report:

  • Maturing role of the CISO: State CISO role continues to gain legitimacy in authority and reporting relationships. In 2014, 98% of respondents state they have a CISO role, and 90% of these roles report to the CIO. The responsibilities of the position are becoming more consistent across states, yet expanding. CISOs today are responsible for establishing a strategy, execution of that strategy, risk management, communicating effectively with senior executives and business leaders, complying with regulators, and leading the charge against escalating cyber threats using various security technologies.
  • Continuing budget-strategy disconnect: The improving economy and states’ growing commitment to cybersecurity have led to an increase – albeit small, in budgets. 48% of respondents noted an increase in budget; however, budget is still the #1 barrier. CISOs have also been successful at tapping supplemental resources, whether from other state agencies, federal funding, or various agency and business leaders. Nevertheless, budgets are still not sufficient to fully implement effective cybersecurity programs.
  • Cyber complexity challenge: CISOs are concerned about the intensity, volume and complexity of cyber threats that run the gamut from malicious code to zero-day attacks. Sophistication of cyber threats is the #2 top barrier. 74.5% of respondents cited malicious code as the top external threat. CISOs need to stay abreast of existing and developing threats and increasing regulations to establish and maintain the security of an information environment that now increasingly extends from internal networks to cloud and mobile devices.
  • Talent Crisis: The skill sets needed for effective cybersecurity protection and monitoring are in heavy demand across all sectors. 59% of CISO respondents choose Talent as one of the top barriers. State CISOs are struggling to recruit and retain people with the right skills, and they will need to establish career growth paths and find creative ways to build their cybersecurity teams.

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness

October 7, 2014 Comments off

Is Your Company Ready for a Big Data Breach? The Second Annual Study on Data Breach Preparedness (PDF)
Source: Ponemon Institute/Experian
From press release:

Experian Data Breach Resolution, a leader in helping businesses plan for and mitigate consumer risk following data breach incidents, released a new study with the Ponemon Institute on data breach preparedness. The second annual study, Is Your Company Ready for a Big Data Breach?, found that executives are concerned about the effectiveness of their data breach response, despite taking the basic steps to be prepared.

Key findings from the study include:
• Companies understand the importance of data breach preparedness
With data breaches making headlines the world over, awareness for data security is at an all-time high and more companies are preparing with a data breach response plan.
• Data breaches are becoming ubiquitous with almost half (43 percent) of organizations surveyed having suffered at least one security incident, up 10 percent from 2013.
• As a result, more companies have a data breach response plan in place (73 percent), up 12 percent from 2013.
• Forty-eight percent of organizations increased investments in security technologies in the past 12 months.Confidence amongst senior executives to manage a data breach remains low

Despite increased security investment and having incident response plans in place, when asked in detail about the preparedness of their organization, survey respondents were not confident in how they would handle a major issue.
• Sixty-eight percent of respondents felt unprepared to respond to a data breach.
• Most haven’t or don’t regularly update their plan (78%) to account for changes in threats or as processes at a company change.
• Thirty percent of respondents felt their data breach response plan was ineffective.
• Concerns are not just operational. Many companies were more concerned about threats being harder to manage for IT security teams.

Executives recognize what needs to happen to improve their incident response
• The vast majority of executives (70 percent) surveyed want more oversight and participation from board members, chairman and CEO for data breach preparedness.
• Seventy-seven percent suggested more fire-drills to practice data breach response would help them be more prepared.
• Respondents ranked identity theft protection products and access to a call center as the two most important services a company should provide customers following a breach.
• Sixty-nine percent indicated additional funding as a major need to improve response activity.

Department of Homeland Security Privacy Office: 2014 Annual Report to Congress

October 3, 2014 Comments off

Department of Homeland Security Privacy Office: 2014 Annual Report to Congress (PDF)
Source: U.S. Department of Homeland Security

The DHS Privacy Office’s (Privacy Office or Office) mission is to protect the privacy of all individuals by embedding and enforcing privacy protections and transparency in all DHS activities. This report, covering the period from July 1, 2013 through June 30, 2014, catalogues the Office’s continued success in safeguarding individual privacy while supporting the DHS mission.

Hat tip: GP

Civilian Drones, Privacy, and the Federal-State Balance

October 2, 2014 Comments off

Civilian Drones, Privacy, and the Federal-State Balance
Source: Brookings Institution

Some say the federal government should be principally responsible for regulating drones, nongovernmental actors, and privacy; others have suggested a blended approach, with states taking center stage and the national government cast in a supporting role. This essay takes essentially the latter position. As drones are folded further into American airspace, states should take the initiative, both by applying longstanding liability rules and by devising new ones. But we also should take advantage of the Federal Aviation Administration’s (“FAA”) small but growing competence in nongovernmental drones and privacy—and have the agency perform a kind of superintendence function.

Follow

Get every new post delivered to your Inbox.

Join 938 other followers