Archive for the ‘Identity Theft’ Category

h1

A Handful of 2012 Privacy & Security Predictions

January 3, 2012

A handful of thoughts on what 2012 may hold by Attorney Richard L. Santalesa:

  • The EU’s on deck Data Protection Regulation promises – or threatens depending on your viewpoint – to significantly revamp the EU’s data protection regimes, adding additional potential uncertainty to the EU arena.  The leaked DPR indicated a new broad extraterritorial reach, stronger protections for children under 18, embracing privacy by design and the right to be forgotten, a requirement to designate a privacy officer, and increased enforcement powers and penalties.  We’ll see what happens when the rubber meets the road.
  • Will the final version of the HIPAA breach notification rule make a long-awaited appearance in 2012, along with guidelines per Stage 2 of the electronic record incentive program within the HITECH Act ?  The smart money says yes, especially since Congress recently admonished DHS to hurry up already given that the “interim” rule has been around since 2009.
  • The FTC plans to issue in early 2012 its finalized Privacy Report, formally titled “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers,” which I believe will have a significant impact on the 2012 privacy/infosec landscape.  The draft version, issued a year ago in December 2010, immediately sparked wide-ranging conversations on Do-Not-Track, Privacy by Design, Fair Information Practice Principles, Geolocation and other privacy-related issues, many of which quickly found their way into 2011’s proposed bills.  I expect the finalized report to be heavily influential on 2012’s infosec and privacy debates.
  • Information security and data protection issues surrounding contracting for cloud services will begin the road to maturity in 2012 as the federal government continues its push of fed agency IT needs into the cloud.  The result will help provide guidance on cloud contracting issues addressing audit assurances, cloud security and accreditation, e-discovery issues, security controls and allocation of liability and responsibility for data security, to name but a few.
  • Finally, 2012 will unfortunately see no end in sight to advanced attacks resulting in data breaches, with attacks on mobile devices to ramp up significantly.  In response the move to Big Data and data hoarding may reverse as companies in specific sectoral areas begin paring back on how much data they retain.

For additional 2012 infosec and privacy predictions, pop over to Christine Marciano of Cyber Data Risk Managers’ collection, which includes the author’s  views of 2012, at  http://www.dataprivacyinsurance.com/wp-content/uploads/2012/01/2012-DATA-PRIVACY-AND-INFORMATION-SECURITY-PREDICTIONS.pdf

Advertisements
h1

Share your thoughts

December 23, 2011
h1

The Criminal Cloud Criminals are using cloud computing to share information and to superpower their hacking techniques.

October 20, 2011

The cloud opens a world of possibilities for criminal computing. Unlike the zombie computers and malware that have been the mainstay of computer crime for the past decade, cloud computing makes available a well-managed, reliable, scalable global infrastructure that is, unfortunately, almost as well suited to illicit computing needs as it is to legitimate business.

The mass of information stored in the cloud—including, most likely, your credit card and Social Security numbers—makes it an attractive target for data thieves. Not only is more data centralized, but for the security experts and law enforcement agencies trying to make the cloud safe, the very nature of the cloud makes it difficult to catch wrongdoers. Imagine a virtual Grand Central Station, where it’s easy to mix in with the crowd or catch a ride to a far-away jurisdiction beyond the law’s reach.

Most of all, the cloud puts immense computing power at the disposal of nearly anyone, criminals included. Cloud criminals have access to easy-to-use encryption technology and anonymous communication channels that make it less likely their activities will be intelligible to or intercepted by authorities. On those occasions that criminals are pursued, the ability to rapidly order up and shut down computing resources in the cloud greatly decreases the chances that there will be any clues left for forensic analysis.

Source The Criminal Cloud

h1

Charlene Li: Expert on Social Media and Internet Marketing

October 17, 2011

 

h1

MAKE IT HAPPEN! – Leadership style

October 12, 2011
h1

Most overlooked data loss is from 3rd-party data recovery vendors

September 27, 2011
h1

What Are the Consequences of Data Loss?

September 26, 2011

 The consequences of data loss are dire; here is a sampling of just a few statistics related to the impact of data loss on business:

• 93% of companies that lost their data center for 10 days or more due to a disaster, filed for bankruptcy within one year of the disaster.• 50% of businesses that found themselves without data management for this same time period filed for bankruptcy immediately. (National Archives & Records Administration in Washington)

• 94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen and 51% close within two years. (University of Texas)

 • 30% of all businesses that have a major fire go out of business within a year and 70% fail within five years. (Home Office Computing Magazine)

 • 77% of those companies who do test their tape backups found back-up failures. (Boston Computing Network, Data Loss Statistics)

 • 7 out of 10 small firms that experience a major data loss go out of business within a year. (DTI/Price waterhouse Coopers)

• 96% of all business workstations are not being backed up. (Contingency Planning and Strategic Research Corporation)

• 50% of all tape backups fail to restore. (Gartner) • 25% of all PC users suffer from data loss each year (Gartner)