WEEKLY PRIVACY-SECURITY NEWS BRIEF.doc

1,928 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,928
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
4
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

WEEKLY PRIVACY-SECURITY NEWS BRIEF.doc

  1. 1. Privacy & Security News Brief March 1 – March 7, 2008 Vol. 1, No. 22 TABLE OF CONTENTS........................................................................................................................................................................................1........................................................................................................................................................................................1BIOMETRICS...............................................................................................................................................................4 Biometric ID cards mandatory for Americans in U.K. more than 90 days_______________________________4DATA BREACH............................................................................................................................................................4 Data-leak security proves to be too hard to use____________________________________________________4 When does a privacy breach cause harm?________________________________________________________4 Hospital donor files compromised______________________________________________________________4 Details on 200 children stolen_________________________________________________________________4 Nevada Firm Loses Job Seekers Data __________________________________________________________5 Missing laptop, data could affect Q-C Oscar Mayer employees_______________________________________5 HP leaks personal data on Web site_____________________________________________________________5E-COMMERCE.............................................................................................................................................................5 EU set to clear Google - DoubleClick merger: sources______________________________________________5 Storing Information for Profit _________________________________________________________________5 Online Advertisers Beware: Privacy Regulators Closing In On Online Tracking_________________________5EDITORIALS & OPINION..........................................................................................................................................6 Privacy shield crucial for online health records____________________________________________________6 The Myth of the Transparent Society___________________________________________________________6 Do Virtual Map Programs Invade Privacy?_______________________________________________________6 Strengthen medical privacy laws ______________________________________________________________6EDUCATION.................................................................................................................................................................6 25,000 student photos had no login protection____________________________________________________6EMPLOYEE...................................................................................................................................................................7 Every Click You Make, Your Boss Is Watching You_______________________________________________7 7 Security Rules Employees Love to Break______________________________________________________7FINANCIAL..................................................................................................................................................................7 Compliance Week Survey: Sarbanes-Oxley Improvements on the Decline _____________________________7 Leveraging your IT SOX Investment ___________________________________________________________7 Going to Extremes to Protect Banking Customer Data______________________________________________7 PCI and The Circle Of Blame _________________________________________________________________8GOVERNMENT – U.S. FEDERAL.............................................................................................................................8 Pentagon Bans Google Earth From Mapping Military Bases_________________________________________8 FBI improperly sought personal data, chief says___________________________________________________8 Chinas computer hacking worries Pentagon______________________________________________________8 National security trumps personal privacy, survey states____________________________________________8 Stolen VA laptop caught in safety net___________________________________________________________9
  2. 2. OMB reports 60 percent increase in information security incidents____________________________________9 FTC Chairman Set to Leave Post_______________________________________________________________9 DHS gives itself a C for cybersecurity__________________________________________________________9GOVERNMENT – U.S. STATES.................................................................................................................................9 INDIANA________________________________________________________________________________9 State unit to pursue identity thieves_____________________________________________________________9HEALTH & MEDICAL................................................................................................................................................9 Rules aim for better patient safety through confidential error reports___________________________________9 New Zealand Hospital IDs focus of privacy debate_______________________________________________10 Health Information Technology Executives: Work Together on Security______________________________10 Online health records raise privacy worries______________________________________________________10 This Blood Test Is Brought to You by…________________________________________________________10 Are Healthcare Organizations Under Cyberattack?________________________________________________10IDENTITY THEFT.....................................................................................................................................................11 Identity theft is top consumer complaint in 2007_________________________________________________11INTERNATIONAL......................................................................................................................................................11 AFRICA...................................................................................................................................................................11 SOUTH AFRICA__________________________________________________________________________11 Committee to Discuss Biometrics, Other Privacy Issues____________________________________________11 ASIA/PACIFIC.......................................................................................................................................................11 AUSTRALIA_____________________________________________________________________________11 E-security lessons for Aussie kids_____________________________________________________________11 Agency made 700 privacy breaches___________________________________________________________11 EUROPE..................................................................................................................................................................12 EUROPEAN UNION______________________________________________________________________12 Privacy watchdog condemns data gathering plans________________________________________________12 GERMANY______________________________________________________________________________12 German court protects personal data privacy_____________________________________________________12 UNITED KINGDOM______________________________________________________________________12 Tories unveil cybercrime plans_______________________________________________________________12 British govt loses more than a 1000 laptops, 007 sent to investigate__________________________________12 MIDDLE EAST.......................................................................................................................................................12 NORTH AMERICA...............................................................................................................................................12 CANADA_______________________________________________________________________________12 Privacy Commissioners Release New Video Surveillance Guidelines_________________________________12 TTC gets the OK from privacy boss for more cameras ____________________________________________13 SOUTH AMERICA................................................................................................................................................13LEGISLATION – FEDERAL.....................................................................................................................................13 Battle over wiretapping may be nearing an end___________________________________________________13 House Lawmakers Question Privacy in Cyber-Security Plan________________________________________13LEGISLATION – STATE...........................................................................................................................................14 MASSACHUSETTS_______________________________________________________________________14 Bay State Senate bill would mandate electronic health records______________________________________14 MISSOURI______________________________________________________________________________14 Missouri House approves drug monitoring bill over privacy objections________________________________14 SOUTH CAROLINA_______________________________________________________________________14 Bill may prevent identity theft________________________________________________________________14 WASHINGTON__________________________________________________________________________14 Safeguarding IDs: Key bill needs approval in Olympia, but indiiduals must be on guard__________________14 2
  3. 3. WISCONSIN_____________________________________________________________________________14 Credit Union-Backed Proposal on Personal Data Security Advances__________________________________14LITIGATION & ENFORCEMENT ACTIONS.........................................................................................................15 FTC settles breach complaint with student lender ________________________________________________15 TJX customers to claim eligibility for breach settlement___________________________________________15 Judge allows Wikileaks Web site to reopen, dropping injunction_____________________________________15 Virginia court upholds prolific spammers conviction______________________________________________15MOBILE/WI-FI...........................................................................................................................................................15ODDS & ENDS............................................................................................................................................................15 Microsoft says Credentica acquisition will help users protect privacy_________________________________15 College student accused of cheating using Facebook______________________________________________16ONLINE.......................................................................................................................................................................16 Phorm ad system will protect privacy_________________________________________________________16 U.S. seeks terrorists in web worlds____________________________________________________________16 Microsoft Expands Online Services____________________________________________________________16RFID.............................................................................................................................................................................16 New Zealand Law Commission questions RFID privacy__________________________________________16 Canadian Privacy Commissioner Seeks Feedback on Implications of Using RFID Technology in the Workplace ________________________________________________________________________________________17 RFID/Bluetooth: convenient threats___________________________________________________________17SECURITY...................................................................................................................................................................17 Nato says cyber warfare poses as great a threat as a missile attack____________________________________17 Contractor networks create security risk, Defense official says______________________________________17 Security tips for Net-connected travelers________________________________________________________17 Identity management critical for security, government IT shops say __________________________________17 NW: Gov’t IT Shops: Identity Management Critical for Security____________________________________18 Five basic mistakes of security policy__________________________________________________________18 Security Development Lifecycle trumps code complexity__________________________________________18 Pervasive Web apps flaws under siege_________________________________________________________18 Security skills of IT workforce lacking, survey finds______________________________________________18 The security benefits and risks of virtualization__________________________________________________18SEMINARS..................................................................................................................................................................20PAPERS.......................................................................................................................................................................21 Wireless Security: Past, Present and Future_____________________________________________________21 Safe and productive browsing in a dangerous web world: The challenge for business____________________21 Data Leak Risks: A Problem Mid-Size Organizations Can’t Ignore___________________________________21 Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report_________________21 3
  4. 4. ARTICLE SUMMARIES AND LINKSBIOMETRICSBiometric ID cards mandatory for Americans in U.K. more than 90 daysAmericans studying in Britain for more than three months will have to have biometric ID cards starting later thisyear. Within three years, Britains Home Office said Thursday, all Americans and other foreigners from outside theEuropean Union will have to have the cards to work and live here. U.S. tourists and businessmen and women whovisit Britain for visits under 90 days will not need them.http://www.usatoday.com/travel/news/2008-03-06-british-id-cards_N.htm(USA Today – 3/6/08)DATA BREACHData-leak security proves to be too hard to useData-loss-prevention technologies promise organizations the chance to stop sensitive information from falling intothe wrong hands. But the process of creating the rules necessary to use the systems enforcement capabilities isproving extremely complex for customers. Some companies that have had DLP technology in place for several yearsconcede that they are only beginning to scratch the surface of using the tools for data policy enforcement.http://www.infoworld.com/article/08/03/06/10NF-data-loss-prevention-problem_1.html(InforWorld – 3/6/08)When does a privacy breach cause harm?Several countries are on the verge of doing what U.S. courts have stopped short of: codifying that breaches ofpersonal information can actually harm people. Why should U.S. companies welcome this development? On the onehand, most large data breaches dont even lead to a rash of ID thefts. But is monetary loss the only criterion forpersonal harm? An international answer to this question could clarify the standard of protection that corporationshave to meet with regard to personal data in their care.http://computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=privacy&articleId=9066958&taxonomyId=84&intsrc=kc_feat(ComputerWorld – 3/6/08)Hospital donor files compromisedA computer virus may have exposed to outside eyes the names, credit card numbers, dates of birth and homeaddresses of more than 11,500 individuals who donated to Cascade Healthcare Community, the parent company ofSt. Charles in Bend and Redmond. The virus penetrated the computer system Dec. 11, and the hospital’s informationtechnology staff believed they had rebuffed it. But Feb. 5, they detected suspicious activity in the system and calledin computer forensic experts to investigate.http://www.bendbulletin.com/apps/pbcs.dll/article?AID=/20080306/NEWS0107/803060442/1006&nav_category=NEWS0107(Bend Bulletin – 3/6/08)Details on 200 children stolenA laptop with confidential information about more than 200 children - including their names, addresses, dates ofbirth and treatment - has been stolen from a Shropshire medical centre. The thief walked into Madeley HealthCentre, Telford, while a speech and language therapist was running a clinic, unplugged her laptop from an adjoiningroom and walked off with it. Health chiefs quickly deactivated the laptop to ensure it could not be used to accessgeneral NHS data.But a memory stick plugged into the machine carried details on 238 children, giving their names,addresses, dates of birth and speech and language therapy treatment.http://www.shropshirestar.com/2008/03/05/details-on-200-children-stolen/(Shropshire Star – 3/5/08) 4
  5. 5. Nevada Firm Loses Job Seekers DataA private firm working for the Nevada Department of Public Safety has lost personal information provided by 109individuals seeking jobs with the agency. The information was stored on a portable computer memory device calleda thumb drive that was owned by an employee of Crown, Stanley and Silverman. The company was hired by thedepartment to perform background checks on the applicants. The agency has ordered the company to stop thebackground checks and to return all files belonging to the state.http://www.chron.com/disp/story.mpl/ap/fn/5595764.html(Houston Chronicle – 3/5/08)Missing laptop, data could affect Q-C Oscar Mayer employeesA company-owned laptop computer was stolen from an employee of Kraft Foods traveling on company business.And now 20,000 employees nationwide have received letters telling them that their personal information was storedon the missing laptop and they could be vulnerable to some type of identity theft. That group of 20,000 includesemployees from Davenport’s Kraft Oscar Mayer plant. It is unknown how many employees of the Davenport facilitywere affected. The plant employs about 1,700 people.http://www.qctimes.com/articles/2008/03/03/news/local/doc47cc7e171b8bd249394271.txt?sPos=2(Quad-City [IA] Times – 3/3/08)HP leaks personal data on Web siteHewlett-Packard Co.s Japanese unit said it may have leaked the personal data of 139,583 people in Japan. Theinformation included names, addresses and telephone numbers, the unit of the Palo Alto, Calif.-based computer andperipheral equipment maker said on its Japanese-language Web site Friday. The information, from questionnairesand seminar application forms, was mistakenly posted on a Web page and publicly accessible from Feb. 13 to 20.http://search.japantimes.co.jp/mail/nb20080301n3.html(Japan Times – 3/1/08)E-COMMERCEEU set to clear Google - DoubleClick merger: sourcesGoogle is expected to receive unconditional approval from European Union regulators next week for its $3.1 billiontakeover of ad firm DoubleClick, people familiar with the situation said. The approval has long been expectedbecause the European Commission decided in January not to object formally to the transaction. Privacy advocateshave objected to the deal, saying it would give the two firms unprecedented access to information about consumers.The Commission has said privacy considerations are outside the scope of its authority over mergers.http://www.reuters.com/article/technologyNews/idUSL0674359620080306(Reuters – 3/6/08)Storing Information for ProfitBPO Management Services of Anaheim, Calif., wants small to midsize companies to hand over their confidentialfiles and corporate documents. So does Cloudworks, of Thousand Oaks, Calif. Docstoc.com of Beverly Hills, Calif.,is seeking to make all business and legal documents available online to small companies and counsel them on theiruse. Rather than keeping all corporate data, confidential and otherwise, in software programs within theorganization, the three firms would hold it online.http://www.nytimes.com/2008/03/05/business/smallbusiness/05edge.html?_r=1&ref=technology&oref=slogin(NY Times – 3/5/08)Online Advertisers Beware: Privacy Regulators Closing In On Online TrackingUntil recently, few have questioned the standard assertion that web usage information raises minimal privacyconcerns, as such data alone do not identify an individual person. Indeed, polls suggest that the public is generallyunaware of the scale of online tracking and the growing use of "behavioral targeting" in placing online ads. Buttracking and targeting are now driving a variety of regulatory responses in the United States and abroad, whichcould expand as the public learns it is being watched.http://www.metrocorpcounsel.com/current.php?artType=view&artMonth=March&artYear=2008&EntryNo=8083(Metropolitan Corporate Counsel – 3/08) 5
  6. 6. EDITORIALS & OPINIONPrivacy shield crucial for online health recordsHIPAA issued earlier in this decade by rule makers who, reversing the intent of Congress, eliminated the right ofpatient consent over how their data is used for treatment, payment or health care operations. What the rule makersdid is negate the Hippocratic Oath, with its emphasis on doctor-patient confidentiality, which has guided medicinefor centuries. That stroke of the rule makers pen allows data-mining firms to take your personal health informationto use for their purposes without your consent. Its all there for data-mining firms to use — your prescriptions, yourtreatment for mental health, your genetic predisposition to certain illnesses. You have no say over how and whenand by whom your data is used.http://www.ajc.com/opinion/content/opinion/stories/2008/03/07/privacyed_0307.html(Atlanta Journal-Constitution – 3/7/08)The Myth of the Transparent SocietyWhen I write and speak about privacy, I am regularly confronted with the mutual disclosure argument. Explained inbooks like David Brins The Transparent Society, the argument goes something like this: In a world of ubiquitoussurveillance, youll know all about me, but I will also know all about you. The government will be watching us, butwell also be watching the government. This might not be everybodys idea of utopia -- and it certainly doesntaddress the inherent value of privacy -- but this theory has a glossy appeal, and could easily be mistaken for a wayout of the problem of technologys continuing erosion of privacy. Except it doesnt work, because it ignores thecrucial dissimilarity of power. You cannot evaluate the value of privacy and disclosure unless you account for therelative power levels of the discloser and the disclosee.http://www.wired.com/politics/security/commentary/securitymatters/2008/03/securitymatters_0306(Wired – 3/6/08)Do Virtual Map Programs Invade Privacy?You might be amazed to learn that with just a few clicks, someone could get a street-level view of your house.Google and MSN have put out some new map programs online that give close-up photographic views of addresses.Some images can be rotated 360 degrees to give a complete picture of an area. KMBCs Marcus Moore talked withcustomers at a coffee shop on the Plaza. Some said the map photos are an invasion of privacy. Another person saidthe maps can be useful, especially for those looking to buy a house in an area.http://www.kmbc.com/news/15494508/detail.html(KMBC – 3/4/08)Strengthen medical privacy lawsRecently, the Associated Press reported that drug reps were able to look at patient records and then call insurancecompanies for approval to switch patients to a more expensive psoriasis drug. One of Congresss advisers stated thatelectronic software vendor contracts violate federal privacy rules. Up to 500,000 Americans may be at risk ofmedical identity theft, with 20,000 complaints lodged with the FTC.http://www.cmonitor.com/apps/pbcs.dll/article?AID=/20080303/OPINION/803030302/1028/OPINION02(Concord, NH, Monitor – 3/3/08)EDUCATION25,000 student photos had no login protectionMore than 25,000 pictures, apparently of Ohio University students, were inadvertently left without passwordprotection on an otherwise secure OU Web site in what state and federal officials said might be a violation of federalprivacy law. OU restricted access to the pictures, which appeared to be headshots taken for OU identification cards,hours after a Post reporter called to inquire about them.http://www.thepost.ohiou.edu/Articles/News/2008/03/04/23239/(The Post [Athens, OH], 3/4/08) 6
  7. 7. EMPLOYEEEvery Click You Make, Your Boss Is Watching YouThough only two states in the U.S. require businesses to spell out for employees exactly what their policies areregarding electronic surveillance and monitoring, 83 percent of companies told researchers that they do so anyway.However, thats still not enough for some workers to curtail their personal use of company e-mail and Internet -- 58percent of companies said theyve fired employees for such violations. Employees who regularly use companycomputers to surf the Web, sign on to business accounts for personal e-mail, make calls from company phones oruse the corporate car to run errands run the risk of losing their jobs.http://www.ecommercetimes.com/story/Every-Click-You-Make-Your-Boss-Is-Watching-You-61914.html?welcome=1204635762&welcome=1204911380(Ecommerce Times – 2/29/08)7 Security Rules Employees Love to BreakNew research from the Ponemon Institute finds that either companies are not setting, or employees are notfollowing, data security procedures in several high-risk areas. “Data Security Policies Are Not Enforced,” a surveyof 893 corporate IT workers, examined the risks associated with storing and transporting sensitive information andlooked at how well companies are implementing and enforcing policies to protect against this risk. Below are sevenareas where employees are breaking the most rules or being most careless.http://www2.csoonline.com/blog_view.html?CID=33355(CSO Online – 12/7/07)FINANCIALCompliance Week Survey: Sarbanes-Oxley Improvements on the DeclineExclusive new research from Compliance Week shows companies that made improvements to their internal controlover financial reporting in the wake of The Sarbanes-Oxley Act of 2002 (SOX) are expecting fewer improvementsover time. The results also suggest that Auditing Standard No. 5 (AS5)—a new, more relaxed auditing standardapproved last year by the Securities and Exchange Commission—may not be helping to streamline SOX complianceas much as hoped.http://www.businesswire.com/portal/site/google/?ndmViewId=news_view&newsId=20080304005465&newsLang=en (Business Wire – 3/4/08)Leveraging your IT SOX InvestmentCompanies over the past two years have spent an extraordinary amount of time and money preparing and respondingto Sarbanes Oxley (SOX). The estimates of spending on Sarbanes related projects are incredible and there hasdefinitely been a significant impact on the performance and profits. Between SOX preparation and remediation, ITorganizations have learned much about building controls frameworks. Those IT shops that were not control orientedhave most likely improved processes from a control perspective and those IT shops that already had controlsintegrated into processes hopefully have fine tuned those controls.http://www.s-ox.com/dsp_getFeaturesDetails.cfm?CID=2128(Sarbanes-Oxley Compliance Journal – 3/3/08)Going to Extremes to Protect Banking Customer DataFinancial institutions long have been in the business of safeguarding customers assets, but gone are the days whenan ironclad vault was sufficient for the task. Now, information is an asset that also must be protected, and bankscontinually are investing in a sophisticated arsenal of weapons to thwart information "thieves." Bankers say theimportance of information security has risen significantly in recent years for several reasons. Among them, onlinebanking has grown in popularity, most records now are transmitted and stored electronically, and the federal andstate governments have tightened information-security regulations.http://www.crmbuyer.com/story/61922.html?welcome=1204546389(CRM News – 3/1/08) 7
  8. 8. PCI and The Circle Of BlameThe PCI Data Security Standard was launched in 2006 by private-sector organizations to improve the security ofcredit card data. But PCI has instead become a massive butt-covering exercise that extends from retailers to auditorsto major credit card brands. Whether data is any safer remains to be seen. Despite mandating a variety of securitymechanisms and regular audits, our investigation shows that the Payment Card Industry Data Security Standard,known as PCI DSS or just PCI, can be manipulated so merchants seem compliant without actually making their datastores more secure. Card brands, which are supposed to be driving compliance, have little incentive to rock this boat.http://www.informationweek.com/story/showArticle.jhtml?articleID=206800867(Information Week – 2/28/08)GOVERNMENT – U.S. FEDERALPentagon Bans Google Earth From Mapping Military BasesGoogle Inc has complied with a request by the Pentagon to remove some online images from its street-level mapservice because they pose a security threat to U.S. military bases, military and company officials said. The DefenseDepartment, which is still studying how many images are available, has also banned Google teams from takingvideo images on bases.http://www.msnbc.msn.com/id/23505366/(MSNBC – 3/6/08)FBI improperly sought personal data, chief saysAn internal Justice Department report has found more improper use of national security letters by FBI agentsseeking personal data on Americans during terror and spy investigations. Director Robert Mueller told the SenateJudiciary Committee that the privacy breach by FBI agents and lawyers occurred a year before the bureau enactedsweeping new reforms to prevent future lapses.http://www.msnbc.msn.com/id/23483287/(MSNBC – 3/5/08)Also see: • FBI chief: Report will confirm privacy violations http://www.usatoday.com/news/states/2008-03-05-fbi-privacy_N.htm (USA Today – 3/5/08) • More FBI Privacy Violations Confirmed http://ap.google.com/article/ALeqM5gxSQM-Pj5GvDDx_r9HNZvtF6JAGgD8V7HN7O0 (Associated Press – 3/6/08)Chinas computer hacking worries PentagonChina in the last year has developed ways to infiltrate and manipulate computer networks around the world in whatU.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagonreport issued Monday. Computer network intrusions at the Pentagon and other U.S. agencies, think tanks andgovernment contractors last year "appeared to originate" in China, according to the report.http://www.latimes.com/news/nationworld/world/la-fg-uschina4mar04,1,3559963.story?track=rss&ctrack=1&cset=true(LA Times – 3/4/08)National security trumps personal privacy, survey statesThe rise of identity management across government has shifted the debate toward giving national security concernsmore attention than personal privacy. A new survey found 53 percent of 474 federal, state, local and municipalgovernment employees said that national security should be a priority even if it means that Americans’ personalprivacy could be negatively impacted. Meanwhile, 33.8 percent said personal privacy is a higher priority thannational security.http://www.fcw.com/online/news/151822-1.html(Federal Computer World – 3/4/08) 8
  9. 9. Stolen VA laptop caught in safety netThe Veterans Affairs Department lost another laptop PC, but the department was better prepared this time. When anemployee at VA’s Austin Corporate Data Center in Texas had his laptop stolen from his apartment last month, thedepartment’s revamped security policies and new security technologies were put to the test. Unlike what happenedwhen a VA laptop was stolen in 2006, data on the newly missing laptop was protected by encryption, and VAofficials knew exactly what equipment was missing.http://www.fcw.com/online/news/151810-1.html(Federal Computer World – 3/3/08)OMB reports 60 percent increase in information security incidentsThe number of information security incidents reported by federal agencies jumped from 5,146 in fiscal 2006 to12,986 last year, with a 70 percent increase in unauthorized access to federal networks alone, according to a reportfrom the Office of Management released Saturday.http://www.govexec.com/dailyfed/0308/030208a1.htm(Government Executive – 3/2/08)FTC Chairman Set to Leave PostThe chairman of the Federal Trade Commission, Deborah Platt Majoras, plans to step down next month. Majoras,44, will join Procter & Gamble in June as vice president and general counsel, with primary responsibility for itsglobal antitrust and litigation practice areas. The White House has not named a replacement.http://www.washingtonpost.com/wp-dyn/content/article/2008/02/28/AR2008022803878.html(Washington Post – 2/29/08)DHS gives itself a C for cybersecurityThe top ranking official in the Homeland Security Departments national protection division called the agencysefforts in cybersecurity satisfactory, assigning a grade of C during congressional testimony Thursday. But membersof Congress called the grade inadequate, emphasizing the need for better collaboration with agency technologyleaders, real-time response to system attacks, and metrics that measure the ability to protect networks from specificthreats rather than system compliance.http://www.govexec.com/story_page.cfm?articleid=39393&dcn=todaysnews(Government Executive – 2/28/08)GOVERNMENT – U.S. STATESINDIANAState unit to pursue identity thievesA new initiative will help identity theft victims get their lives back on track and help law enforcement go afteridentity thieves, Indiana Attorney General Steve Carter. Carter announced the creation of the Identity Theft Unit,part of his office’s Consumer Protection Division, during a stop in Fort Wayne on a statewide promotional tour.http://www.journalgazette.net/apps/pbcs.dll/article?AID=2008803020418(Journal Gazette – 3/2/08)HEALTH & MEDICALRules aim for better patient safety through confidential error reportsFederal regulators have proposed sweeping patient safety rules to give physicians and others a confidential,voluntary way to report medical errors and near mistakes. Several health care organizations applauded the release ofthe long-awaited regulations but want a closer look before making a final judgment.http://www.ama-assn.org/amednews/2008/03/10/gvl10310.htm(American Medical News – 3/10/08) 9
  10. 10. New Zealand Hospital IDs focus of privacy debateWith the renewed focus on privacy in both New Zealand and Australia, Melbourne-based health software companyTrakHealth has had to defend the approach it took to a public health patient-tracking system it recently developedfor Brazil. The system will provide every Brazilian with an identifying number and plastic card similar to the healthand social services card scheme mooted by the recently ousted John Howard government in Australia. This has beencanned by the new Rudd Labor government, because of fears it could surreptitiously be developed into a broadnational ID system.http://computerworld.co.nz/news.nsf/news/DB48FD36D6627354CC2573FE0018532D(ComputerWorld – 3/7/08)Health Information Technology Executives: Work Together on SecurityA new survey shows that 96 percent of health information technology (HIT) executives think it is important to havea uniform way for verifying the security of sensitive healthcare information, and 85 percent think it is time for theindustry to come together and develop a comprehensive framework that can provide that uniformity. The survey, thefirst of an annual series commissioned by the Health Information Trust Alliance (HITRUST) and conducted by KRCResearch, also shows that more than half of those surveyed are frustrated that there are no standardized practices forcomplying with HIPAA.http://www.govtech.com/gt/articles/268842(Government Technology – 3/5/08)Online health records raise privacy worriesSearching the Internet for movies playing locally is just plain handy, but the idea of Googling your own medicalrecords is raising privacy concerns. Google, the California search-engine company, and the Cleveland Clinic — anOhio medical institution with a reputation for quality care — recently announced they will collaborate on a pilotprogram to store patient records online. The test program will allow 1,500 to 10,000 patient volunteers at theCleveland Clinic to store certain records — information on prescriptions, allergies and laboratory test results — in asecure Google account. Patients will have passwords and only they will be able to access the medical records.http://seattletimes.nwsource.com/html/businesstechnology/2004255947_btmedrecords03.html(Seattle Times – 3/3/08)This Blood Test Is Brought to You by…As we consider the entry by Google and Microsoft into the medical records business, a vision of where this may allbe going is presented by a San Francisco startup called Practice Fusion. The company’s concept: Give doctors a freeservice that will automate their offices — both administrative functions, like appointments, and patient medicalrecords. The catch: The software displays advertising aimed at the doctors and their staff. Here is where it really getsdicey: The ads shown are related to the content of the medical records. So when the doctor reviews your cholesteroltest results, he may see an ad for Lipitor.http://bits.blogs.nytimes.com/2008/03/03/this-blood-test-is-brought-to-you-by/index.html?ref=technology(NY Times – 3/3/08)Are Healthcare Organizations Under Cyberattack?Healthcare organizations feel under increasing attack from the Internet, while security incidents involving insidersand disappearing laptops with sensitive data are piling up. On top of that, theres now the prospect of a surprise auditfrom the federal government agency in charge of overseeing the HIPAA security and privacy rules. Healthcareorganizations are stepping up efforts to protect electronic patient information as they witness increased attacksagainst hospital networks, mindful how a data breach could hurt patients and their own reputations.http://www.pcworld.com/article/id,142926/article.html(PC World – 2/27/08) 10
  11. 11. IDENTITY THEFTIdentity theft is top consumer complaint in 2007Identity theft was the No. 1 consumer complaint nationwide and in New York State last year for the seventh year ina row, according to a report to be released Tuesday by the Federal Trade Commission. New Yorkers filed 19,319identity-theft complaints last year, accounting for 32 percent of consumer complaints. The bulk of the casesinvolved phone, utilities and credit-card fraud.http://www.newsday.com/business/ny-bzone5600939mar04,0,500041.story(NewsDay – 3/4/08)INTERNATIONALAFRICASOUTH AFRICACommittee to Discuss Biometrics, Other Privacy IssuesThe Gauteng Shared Services Centre (GSSC) is to host an e-government conference from 7 to 8 April. Theconference is aimed at finding ways to use ICT infrastructure and services to deliver on the provincesdevelopmental agenda, such as reducing unemployment and poverty. Presentations and panel discussions will,among other things, explore case studies on tracking and managing government budgets, e-invoicing and e-procurement, as well as access management. Other topics for discussion include identity management, the use ofbiometrics and smart cards, and privacy and data management.http://www.itweb.co.za/sections/computing/2008/0803051032.asp?O=FPTOP&S=IT%20in%20Government&A=ITG(ITWeb – 3/5/08)ASIA/PACIFICAUSTRALIAE-security lessons for Aussie kidsStudents will be taught to identify and protect themselves against online threats under a new federal Governmentprogram to embed a "culture of security" in the next generation of internet users. Students will also be taught torecognise the legal and other consequences of sharing software, music and movies. Under the program, e-securityeducation modules aimed at students in years 3 and 9 that will address key aspects of safe online behaviour, as wellas the use of appropriate computer defence systems. Students will also be taught to recognise the legal and otherconsequences of sharing software, music, movies and other copyright information.http://www.australianit.news.com.au/story/0,24897,23323338-15319,00.html(Australian IT News – 3/5/08)Agency made 700 privacy breachesThe Child Support Agency faces an urgent review over nearly 700 privacy blunders in the past year, includingpeople being given the confidential contact details of their former spouses. Human Services Minister Joe Ludwigsaid yesterday that he questioned the agencys competence over the breaches, and ordered an overhaul of itsadministration.http://www.theaustralian.news.com.au/story/0,25197,23308230-2702,00.html(The Australian – 3/3/08) 11
  12. 12. EUROPEEUROPEAN UNIONPrivacy watchdog condemns data gathering plansEuropes top privacy watchdog has condemned planned European border controls as weak and based oninconclusive evidence, claiming they will put Europeans privacy at risk with no guarantee of increased security.European Data Protection Supervisor Peter Husinx has said that proposals announced last month by the EuropeanCommission to tighten border controls through the use of biometric identification have failed to consider privacyimplications closely enough.http://www.out-law.com/page-8904(Out-Law – 3/3/08)GERMANYGerman court protects personal data privacyThere is a right to personal computer privacy in Germany, after all, the country’s high court said Wednesday. Datastored or exchanged on PCs are protected by the German constitution, the Federal Constitutional Court, AP reports.If authorities feel the need to spy on citizen’s computers, they would have to - gasp! - get a warrant from a judge.http://government.zdnet.com/?p=3678(ZDNet.com – 2/27/08)UNITED KINGDOMTories unveil cybercrime plansThe Conservatives have today unveiled plans to create a new post of a cybersecurity minister in order to combatwhat they call the "growing threat" of online crime. News of the scheme – which would see a single Home Officeminister take charge of fighting internet crime and protecting government computer systems from attack – comes asshadow home secretary David Davis unveils a raft of policy ideas aimed at fighting internet criminals and terrorists.http://www.guardian.co.uk/technology/2008/mar/06/politics.hitechcrime(Guardian – 3/6/08)British govt loses more than a 1000 laptops, 007 sent to investigateLondon (England) – In a report to the House of Commons, British ministries and departments said they’ve lost morethan a thousand laptops over the last decade. 200 of those were lost in the last year alone. The biggest offender wasthe Ministry of Defense which lost almost 50% of the total or 503 laptops. In addition to laptops, the MoD lost 23PCs since 1998. Other agencies like the Department of Health, Ministry of Justice and HM Revenue and Commonslost sizable numbers of computers. The numbers in the report could have been much higher as the totals didn’tinclude the Home or Foreign Offices.http://www.tgdaily.com/content/view/36324/118/(TG Daily – 3/4/08)MIDDLE EASTNORTH AMERICACANADAPrivacy Commissioners Release New Video Surveillance GuidelinesPrivate-sector organizations considering video surveillance systems must take specific steps to minimize the impacton people’s privacy, say video surveillance guidelines released today. The new guidelines set out how companiesshould evaluate the use of video surveillance and ensure any surveillance they undertake is conducted in a way thatrespects privacy rights and complies with the law. These guidelines have been endorsed by Jennifer Stoddart, thePrivacy Commissioner of Canada, Frank Work, the Information and Privacy Commissioner of Alberta, and DavidLoukidelis, the Information and Privacy Commissioner for British Columbia.http://news.gc.ca/web/view/en/index.jsp?articleid=383709&categoryid=1&category=News+Releases(Canada News Centre – 3/6/08) 12
  13. 13. TTC gets the OK from privacy boss for more camerasSmile, youre on the TTC. Ontario Privacy Commissioner Ann Cavoukian sees no legal barriers to a massive TTCexpansion of video cameras on all its subways, buses and street cars. Cavoukian said the use of cameras is incompliance with provincial privacy laws provided the TTC includes safeguards to prevent incidents of "videosurveillance voyeurism" such as those reported in Britain, where security officers were found to be trackingattractive women and zooming in on body parts.http://lfpress.ca/newsstand/CityandRegion/2008/03/04/4899736-sun.html(The London [Canada] Free Press – 3/4/08)SOUTH AMERICALEGISLATION – FEDERALBattle over wiretapping may be nearing an endThe chairman of the House Intelligence Committee hinted Sunday that a bitter battle over an expired eavesdroppinglaw may be moving toward a conclusion that gives phone companies the retroactive legal protections long sought byPresident Bush. The chairman, Rep. Silvestre Reyes, D-Texas did not specify what provisions a House bill mightcontain. But his use of the words "blanket immunity" suggested that he might be moving toward a Senate bill,backed by Bush, that would protect phone companies that assisted in a federal program of wiretapping withoutwarrants after the Sept. 11, 2001, terrorist attacks.http://www.siliconvalley.com/news/ci_8434861(Silicon Valley – 3/3/08)Also see: • Wiretap Compromise in Works http://www.washingtonpost.com/wp-dyn/content/article/2008/03/03/AR2008030302814_pf.html (Washington Post - 3/4/08) • Wiretapping focus shifts to e-mail communications http://www.cnet.com/8301-13739_1-9886766-46.html?part=rss&subj=news&tag=2547-1_3-0-5 (CNet – 3/5/08)House Lawmakers Question Privacy in Cyber-Security PlanHouse lawmakers yesterday raised concerns about the privacy implications of a Bush administration effort to securefederal computer networks from hackers and foreign adversaries, as new details emerged about the largely classifiedprogram. The unclassified portions of the project, known as the "cyber initiative," focus on drastically reducing thenumber of connections between federal agency networks and the Internet, and more closely monitoring thosenetworks for malicious activity. Slightly more than half of all agencies have deployed the Department of HomelandSecuritys program.http://www.washingtonpost.com/wp-dyn/content/article/2008/02/28/AR2008022803505.html(Washington Post – 2/29/08)Also see: • Chertoff asks for patience on cybersecurity http://www.washingtontechnology.com/online/1_1/32359-1.html?topic=homeland&CMP=OTC-RSS (Washington Technology – 3/4/08) 13
  14. 14. LEGISLATION – STATEMASSACHUSETTSBay State Senate bill would mandate electronic health recordsThe Massachusetts Senate has proposed health-care legislation that would mandate statewide adoption of electronicmedical records (EMR) by 2015, Senate President Therese Murray announced. The legislation, which includes otherhealth-care reforms, calls for $25 million per year in public money to support adoption of EMRs. The public moneywould total $175 million by 2015 if funding for the records system begins this year.http://masshightech.bizjournals.com/masshightech/stories/2008/03/03/daily13.html(MassHighTech – 3/4/08)MISSOURIMissouri House approves drug monitoring bill over privacy objectionsPrivacy concerns nearly upended a bill creating a system for monitoring prescription drugs sales in the MissouriHouse The bill requires that drug prescription information — including a patient’s name, address and date of birth—would be recorded in a central database that could be accessed by law enforcement agencies and several stateregulatory boards.http://primebuzz.kcstar.com/?q=node/10366(Kansas City Star – 3/6/08)SOUTH CAROLINABill may prevent identity theftSouth Carolinians could put a free block on their credit reports to help protect themselves from identity theft under aproposal close to clearing the Legislature. The legislation allows residents, at no cost, to freeze their credit andtemporarily unfreeze it when they want to open new accounts.http://www.thestate.com/business/story/335633.html(The State – 3/4/08)WASHINGTONSafeguarding IDs: Key bill needs approval in Olympia, but indiiduals must be on guardProtecting citizens from identity theft is on top of state Attorney General Rob McKenna’s to-do list. One of the wayshe’s pursuing the tricky task is via legislation. A bill moving through the legislative wickets — pushed on byMcKenna and prime sponsor Rep. Kirk Pearson, R-Monroe — deserves action and unanimous support. House Bill2636 already received that in the House. Now it awaits action by the Senate Judiciary Committee. The bill wouldauthorize identity theft victims to file an incident report with law enforcers and requires law enforcers to create apolice report on the matter. HB 2636 isn’t controversial. It’s more of a housekeeping item — but an important one.http://www.columbian.com/opinion/news/2008/03/03032008_Safeguarding-IDs-Key-bill-needs-approval-in-Olympia-but-indiiduals-must-be-on-guard.cfm?emilStry=1(The Columbian – 3/3/08)WISCONSINCredit Union-Backed Proposal on Personal Data Security AdvancesWisconsin credit unions are applauding state lawmakers for advancing through the State Legislature two companionbills, AB 745 and SB 439, which aim to keep safer the personal data stored on credit and debit cards. Thislegislation, introduced by State Rep. Brett Davis (R-Oregon) and State Sen. Bob Wirch (D-Pleasant Prairie),captured 43 co-sponsors with strong bi-partisan support during its initial circulation period at the capitol. AB 745passed last week through the Assembly Committee on Financial Institutions by a vote of 9-1 and is expected to passthrough committee in the State Senate on Wednesday.http://www.sunherald.com/447/story/394442.html(Sun Herald – 2/26/08) 14
  15. 15. LITIGATION & ENFORCEMENT ACTIONSFTC settles breach complaint with student lenderThe FTC has settled a complaint against student lender Goal Financial after allegations that the company failed tosafeguard personal data. Goal Financial allowed two employees to access the personal information of about 7,000customers and take the information to a competing firm between 2005 and 2006, and the company allowed anemployee to sell a hard drive containing the unencrypted personal information of 34,000 customers sometime in2006,.http://www.infoworld.com/article/08/03/04/FTC-settles-breach-complaint-with-student-lender_1.html(InfoWorld – 3/4/08)TJX customers to claim eligibility for breach settlementTJX has begun distributing claims forms to customers whose information may have been compromised in the retailchains massive data breach. The notices, which went out Friday, explain how eligible individuals can apply forbenefits under an agreement reached in September that settled a number of class-action lawsuits brought on bycustomers of the Framingham, Mass.-based discount retailer.http://www.scmagazineus.com/TJX-customers-to-claim-eligibility-for-breach-settlement/article/107601/(SC Magazine – 3/3/08)Judge allows Wikileaks Web site to reopen, dropping injunctionA federal judge who shuttered the renegade Web site Wikileaks.org reversed the decision Friday and allowed thesite to reopen in the United States. In mid-February, U.S. District Court Judge Jeffrey White issued an injunctionagainst Wikileaks after the Zurich-based Bank Julius Baer accused the site of posting sensitive account informationstolen by a disgruntled former employee. White set off storms of protest among free-speech advocates and newsmedia organizations when he ordered the disabling of the entire site rather than issuing a narrowly tailored order toremove the banks documents.http://www.siliconvalley.com/news/ci_8419200?nclick_check=1(Silicon Valley – 3/1/08)Virginia court upholds prolific spammers convictionA divided Virginia Supreme Court affirmed the nations first felony conviction for illegal spamming on Friday,ruling that Virginias anti-spamming law does not violate free-speech rights. Jeremy Jaynes of Raleigh, N.C.,considered among the worlds top 10 spammers in 2003, was convicted of massive distribution of junk e-mail andsentenced to nine years in prison. Almost all 50 states have anti-spamming laws. In the 4-3 ruling, the court rejectedJaynes claim that the state law violates both the First Amendment and the interstate commerce clause of the U.S.Constitution.http://www.siliconvalley.com/news/ci_8410070(Silicon Valley – 2/29/08)MOBILE/WI-FIODDS & ENDSMicrosoft says Credentica acquisition will help users protect privacyMicrosofts acquisition of privacy vendor Credentica signals another step in the company’s effort to ensure that usersdon’t lose control of their personal data. Credentica develops technology called U-Prove that uses cryptography andmultiparty privacy features to facilitate “minimal disclosure” so a user can reveal only the bits of information aboutthemselves they want to while protecting their privacy.http://www.networkworld.com/news/2008/030708-microsoft-credentica.html(NetworkWorld – 3/7/08) 15
  16. 16. College student accused of cheating using FacebookA first-year Ryerson University student is being accused of cheating after helping to run an online study group onFacebook. A college student faces expulsion after classmates swapped homework tips on his Facebook study group. Chris Avenir is accused of academic misconduct because of the site, where 146 classmates swapped tips onhomework questions.http://www.cnn.com/2008/TECH/03/06/facebook.cheating.ap/index.html(CNN – 3/6/08)ONLINEPhorm ad system will protect privacyTwo respected privacy campaigners have praised the user protection measures of a controversial online advertisingsystem about to be deployed in the UK. The tools, developed by US firm Phorm, track users online surfing habits.BT, Virgin and Talk Talk have signed up to trial the technology. Campaigner Simon Davies said: "We wereimpressed with the effort that had been put into minimising the collection of personal information."http://news.bbc.co.uk/2/hi/technology/7280791.stm(BBC – 3/6/08)U.S. seeks terrorists in web worldsThe US government has begun a project to develop ways to spot terrorists who are using virtual worlds. CodenamedReynard it aims to recognise "normal" behaviour in online worlds and home in on anomalous activity. It is likely todevelop tools and techniques for intelligence officers who are hunting terrorists and terror groups on the net or invirtual worlds. The project was welcomed by experts tracking terror groups using the net to organise or carry outattacks.http://news.bbc.co.uk/1/hi/technology/7274377.stm(BBC News – 3/3/08)Also see: • The New Art of War http://www.washingtonpost.com/wp-dyn/content/article/2008/03/02/AR2008030202216.html (Washington Post – 3/3/08)Microsoft Expands Online ServicesMicrosoft Corp. today plans to begin new tests of business programs offered as online services, in the latest attemptby the software giant to adapt to the changes being wrought by the Internet on the traditional software business. TheMicrosoft services come as Google Inc. and other companies are investing in similar services that in coming yearscould compete with Microsofts products. The new offerings, called Microsoft Online Services, are an early salvo inthat emerging battle.http://online.wsj.com/article/SB120451096788306801.html(Wall Street Journal – 3/08)RFIDNew Zealand Law Commission questions RFID privacyThe Law Commission is concerned about the use RFID customer information could be put to, as it is unclearwhether the data in radio-frequency identification tags on bought goods constitutes “personal information” asdefined under the Privacy Act. At the moment, the act only covers the use of information attached to a personalidentifier, but information contained in these tags could be collated with, say, information a retailer already hasabout a person who belongs to its loyalty card scheme. The Law Commission is concerned about this possibility andhow such information might be used.http://computerworld.co.nz/news.nsf/news/F1A8143A8D401F28CC2573FE0018083D(ComputerWorld – 3/6/08) 16
  17. 17. Canadian Privacy Commissioner Seeks Feedback on Implications of Using RFIDTechnology in the WorkplaceThe Privacy Commissioner of Canada, Jennifer Stoddart, issued a call today for feedback to enrich the debate on theuse of radio frequency identification (RFID) systems in the workplace. The Privacy Commissioner has prepared aconsultation paper setting out recommended privacy practices for organizations that seek to harness the benefits ofRFID technologies.http://news.gc.ca/web/view/en/index.jsp?articleid=383279&categoryid=16(Canada News Centre – 3/4/08)RFID/Bluetooth: convenient threatsWill hackers target the doors of corporate lobbies, or one-swipe payment cards used at gas stations andsupermarkets? How about pets? Those questions — all tackled in research or proof-of-concept (PoC) exercises —are likely on the minds of security pros planning to deploy radio frequency identification (RFID) or Bluetoothtechnology across their enterprise. Even the RFID tags used to identify pets were used as an example, by researchersat Vrije Universiteit Amsterdam, to demonstrate how a hacker could “infect” these devices with a virus.http://www.scmagazineus.com/RFIDBluetooth-convenient-threats/article/105002/(SC Magazine – 3/1/08)SECURITYNato says cyber warfare poses as great a threat as a missile attackNato is treating the threat of cyber warfare as seriously as the risk of a missile strike, according to a senior official.A London conference was told that online espionage and internet-based terrorism now represent some of the gravestthreats to global security. Suleyman Anil, who is in charge of protecting Nato against computer attacks, said: "Cyberdefence is now mentioned at the highest level along with missile defence and energy security. "We have seen moreof these attacks and we dont think this problem will disappear soon. Unless globally supported measures are taken,it can become a global problem."http://www.guardian.co.uk/technology/2008/mar/06/hitechcrime.uksecurity(Guardian – 3/6/08)Contractor networks create security risk, Defense official saysInformation technology contractors pose a major security risk by not locking down their networks properly,according to the Defense Departments top IT official. The threat, along with risks associated with offshoring andacquisitions of American IT firms by foreign companies, are driving defense and intelligence agency initiatives todevelop stricter information security standards.http://www.govexec.com/story_page.cfm?articleid=39444(Government Executive – 3/4/08)Security tips for Net-connected travelersIts never been easier to stay connected while youre traveling—just make sure youre not leaving yourself wide opento snoopers in the process. This article gives tips for staying secure in Internet cafes, wi-fi hotspots, and when usingyour cell phone.http://tech.yahoo.com/blogs/patterson/13685/(Yahoo – 3/4/08)Identity management critical for security, government IT shops sayA majority of government IT organizations say identity management is very important to securing their networksand will become even more so over the next five years, but that funding to keep pace is a major impediment togrowth. The respondents also said they think identity management is relevant to national security, critical publicinfrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer.http://www.networkworld.com/news/2008/030308-identity-management-critical-for-security.html(Network World – 3/3/08) 17
  18. 18. NW: Gov’t IT Shops: Identity Management Critical for SecurityA majority of government IT organizations say identity management is very important to securing their networksand will become even more so over the next five years, but that funding to keep pace is a major impediment togrowth. The respondents also said they think identity management is relevant to national security, critical publicinfrastructure, and personal security; and given the gravity of those issues, that personal privacy could suffer.http://www2.csoonline.com/blog_view.html?CID=33595(CSO Online – 3/3/08)Five basic mistakes of security policySecurity policies serve to protect (data, customers, employees, technological systems), define (the companys stanceon security), and minimize risk (internal and external exposure and publicity fallout in the event of a breach).Security policy creation and dissemination are not just a good idea; both are mandated by a slew of corporateregulations, including PCI, HIPAA, and FISMA. This story presents five mistakes that companies commonly makewhen writing and implementing security policies. As simplistic as some of these errors sound, they happen oftenenough and cause heavy damage to companies bottom lines.http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9065202&source=rss_topic17(Computer World – 2/29/08)Security Development Lifecycle trumps code complexityAs software becomes more complex, in terms of more lines of code or functionality, the harder it becomes to staysecure. More lines of code mean the potential for more security bugs. Increasing feature sets means moreopportunities for programs to be used and manipulated in unexpected, malicious ways. In general, I wholly believein this axiom, but it doesnt always have to be true. In fact, there is empirical evidence that better coding practicescan more than offset the complexity argument.http://weblog.infoworld.com/securityadviser/archives/2008/02/security_develo.html?source=rss(InfoWorld – 2/29/08)Pervasive Web apps flaws under siegeThe volume of threats leveled at Web-based applications continues to surge and the sheer number of flaws existentin many such programs is making it easy for attackers to be successful in their efforts to steal data and generatingincome, according to the latest research report issued by Cenzic.Researchers with the applications security testingspecialist estimate that 71 percent of all the vulnerabilities reported worldwide during Q4 2007 were related to Webapps -- affecting everything from servers to browsers -- representing a three percent increase over the previousquarter.http://weblog.infoworld.com/zeroday/archives/2008/02/applications_se.html(InfoWorld – 2/28/08)Security skills of IT workforce lacking, survey findsA majority of organizations are in need of IT workers with security, firewall and data privacy skills, but more than40% surveyed by the Computing Technology Industry Association said their IT employees are not proficient in suchskills. Nearly three-fourths of 3,500 technology professionals polled identified security, firewall and data privacy asthe IT skills most important to their organization today. Tied for second in terms of importance behind security skillswere general networking and operating system skills, cited by 66% of respondents each.http://www.networkworld.com/news/2008/022708-security-skills-it-workforce.html(Network World – 2/27/08)The security benefits and risks of virtualizationIT professionals have heard plenty about the security benefits of desktop- and server-based virtualization, from moreefficient patching procedures to the centralized storage of data that would otherwise be stored on endpoint devices.But IT administrators who have tested it in their environments have also discovered potential security drawbacks,particularly when it comes to compatibility with other security systems.http://searchsecurity.techtarget.com/news/article/0,289142,sid14_gci1302706,00.html(Search Security – 2/27/08) 18
  19. 19. 19
  20. 20. SEMINARSFirst Annual Freedom of Information Day CelebrationMarch 17, 2008.American University Washington College of Law, Washington DChttp://www.wcl.american.edu/secle/founders/2008/031708.cfmOpenthegovernment.org: Government Secrecy: Censoring Your Right to KnowMarch 19, 2008National Press Club, DChttp://www.openthegovernment.org/article/subarchive/109IAPP Privacy SummitMarch 26-28, 2008Washington, D.C.http://www.privacysummit.org/Windows Into the Soul: Surveillance and Society in an Age of High Technology - 2008 Hixon-Riggs Forum onScience, Technology and Society.March 27-29, 2008Claremont, Californiahttp://www.hmc.edu/newsandevents/hixon08.htmlPrivacy, Security and Technology - Affirming Our Rights.March 31, 2008Ottawa, Canadahttp://www.rileyis.com/seminars/CFP 2008: Technology Policy 08New Haven, ConnecticutMay 19-23, 2008http://www.cfp2008.orgFuture of the Internet Economy - OECD Ministerial MeetingJune 17-18, 2008Seoul, Koreahttp://www.oecd.org/document/19/0,2340,en_2649_37441_38051667_1_1_1_37441,00.htmlConference on Ethics, Technology and Identity.The Hague.June 18-20, 2008.http://www.ethicsandtechnology.eu/ETIFederal Information Systems Security Educators Association.FISSEA’s 21st Annual Conference: "Security Through Innovation & Collaboration"Gaithersburg, MDMarch 11 -- 13, 2008http://csrc.nist.gov/organizations/fissea/2008-conference/ _____________________________________________________________________ 20
  21. 21. PAPERSWireless Security: Past, Present and Futurehttp://www.codenomicon.com/resources/whitepapers/Codenomicon_Wireless_WP_v1_0.pdfSafe and productive browsing in a dangerous web world: The challenge for businesshttp://www.sophos.com/sophos/docs/eng/marketing_material/sophos-safe-web-browsing-wpna.pdfData Leak Risks: A Problem Mid-Size Organizations Can’t Ignorehttp://www.computerworld.com/pdfs/code_green_data_leak_pdf.pdfPrivacy and Video Surveillance in Mass Transit Systems: A Special Investigation Reporthttp://www.ipc.on.ca/images/Findings/mc07-68-ttc.pdfPrinciples for Behavioral Targeting Privacy Toolshttp://www.cdt.org/privacy/pet/privacy_controls_IPWG.pdf 21

×