Archive for the ‘privacy and security’ Category

2015 Data Breach Investigations Report

April 16, 2015 Comments off

2015 Data Breach Investigations Report
Source: Verizon

Prepare your enterprise to conduct individualized self-assessments of risk, so you can make realistic decisions on how to avoid cyber threats. The 2015 DBIR expands its investigation into nine common threat patterns and sizes up the effects of all types of data breaches, from small data disclosures to events that hit the headlines.

free registration required2

Global Research from Accenture and Ponemon Institute Quantifies How Proactive Cyber Security Strategies Can Improve Security Effectiveness

April 10, 2015 Comments off

Global Research from Accenture and Ponemon Institute Quantifies How Proactive Cyber Security Strategies Can Improve Security Effectiveness
Source: Accenture/Ponemon Institute

New research from Accenture (NYSE: ACN) and the Ponemon Institute sheds light on the success factors of companies that have improved their cyber security strategies, resulting in quantifiable business benefits. The research shows that proactive strategies can improve and expand on value delivered to the business.

Of the nearly 240 companies surveyed as part of the global research, those with a more proactive security stance saw their security effectiveness score improve by an average of 53 percent over a two-year period, while non-proactive companies only achieved a change of 2 percent. The report, “The Cyber Security Leap: From Laggard to Leader,” looks at how companies can achieve better security performance while facing an ever-changing number of threats and is the result of a collaborative study conducted by Accenture and the Ponemon Institute.

The research focused on organizations that fit into one of two categories based on how they address security: ‘Leapfrog’ companies, which align security with business goals, focus on security innovation and proactively address potential cyber security threats; and ‘Static’ companies, which focus more on cyber security threat prevention and compliance.

For instance, 70 percent of Leapfrog companies have a company-sanctioned security strategy, compared with just 55 percent of Static companies. In addition, the report’s probability estimates indicate that the perceived likelihood of material data breaches have decreased over time by 36 percent for Leapfrog companies but only by 5 percent for Static companies.

FTC — Background check check-up

April 8, 2015 Comments off

Background check check-up
Source: Federal Trade Commission

If you’re applying for a job — or trying to keep one — a background check may be in your future. So check out the FTC’s newly revised Background Checks brochure for answers to common questions…

CRS — Cyberwarfare and Cyberterrorism: In Brief (March 27, 2015)

April 6, 2015 Comments off

Cyberwarfare and Cyberterrorism: In Brief (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

Recent incidents have highlighted the lack of consensus internationally on what defines a cyberattack, an act of war in cyberspace, or cyberterrorism. Cyberwar is typically conceptualized as state-on-state action equivalent to an armed attack or use of force in cyberspace that may trigger a military response with a proportional kinetic use of force. Cyberterrorism can be considered “the premeditated use of disruptive activities, or the threat thereof, against computers and/or networks, with the intention to cause harm or further social, ideological, religious, political or similar objectives, or to intimidate any person in furtherance of such objectives.” Cybercrime includes unauthorized network breaches and theft of intellectual property and other data; it can be financially motivated, and response is typically the jurisdiction of law enforcement agencies. Within each of these categories, different motivations as well as overlapping intent and methods of various actors can complicate response options.

CRS — Cybersecurity: Authoritative Reports and Resources, by Topic (March 30, 2015)

April 3, 2015 Comments off

Cybersecurity: Authoritative Reports and Resources, by Topic (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

This report provides references to analytical reports on cybersecurity from CRS, other government agencies, trade associations, and interest groups. The reports and related websites are grouped under the following cybersecurity topics:

• Policy overview
• National Strategy for Trusted Identities in Cyberspace (NSTIC)
• Cloud computing and the Federal Risk and Authorization Management Program (FedRAMP)
• Critical infrastructure
• Cybercrime, data breaches, and data security
• National security, cyber espionage, and cyberwar (including Stuxnet)
• International efforts
• Education/training/workforce
• Research and development (R&D)

In addition, the report lists selected cybersecurity-related websites for congressional and government agencies; news; international organizations; and other organizations, associations, and institutions.

CRS — Domestic Drones and Privacy: A Primer (March 30, 2015)

April 2, 2015 Comments off

Domestic Drones and Privacy: A Primer (PDF)
Source: Congressional Research Service (via Federation of American Scientists)

It has been three years since Congress enacted the FAA Modernization and Reform Act of 2012 (FMRA), calling for the integration of unmanned aircraft systems (UAS), or “drones,” into the national airspace by September 2015. During that time, the substantive legal privacy framework relating to UAS on the federal level has remained relatively static: Congress has enacted no law explicitly regulating the potential privacy impacts of drone flights, the courts have had no occasion to rule on the constitutionality of drone surveillance, and the Federal Aviation Administration (FAA) did not include privacy provisions in its proposed rule on small UAS. This issue, however, has not left the national radar. Congress has held hearings and introduced legislation concerning the potential privacy implications of domestic drone use; President Obama recently issued a directive to all federal agencies to assess the privacy impact of their drone operations; and almost half the states have enacted some form of drone legislation.

There are two overarching privacy issues implicated by domestic drone use. The first is defining what “privacy” means in the context of aerial surveillance.

The second predominant issue is which entity should be responsible for regulating drones and privacy.

What Went Wrong with the FISA Court

March 26, 2015 Comments off

What Went Wrong with the FISA Court
Source: Brennan Center for Justice, New York University School of Law

The Foreign Intelligence Surveillance (FISA) Court is no longer serving its constitutional function of providing a check on the executive branch’s ability to obtain Americans’ private communications. Dramatic shifts in technology and law have changed the role of the FISA Court since its creation in 1978 — from reviewing government applications to collect communications in specific cases, to issuing blanket approvals of sweeping data collection programs affecting millions of Americans.

Under today’s foreign intelligence surveillance system, the government’s ability to collect information about ordinary Americans’ lives has increased exponentially while judicial oversight has been reduced to near-nothingness. This report concludes that the role of today’s FISA Court no longer comports with constitutional requirements, including the strictures of Article III and the Fourth Amendment. The report lays out several steps Congress should take to help restore the FISA Court’s legitimacy.


Get every new post delivered to your Inbox.

Join 1,030 other followers