Blog Posts Tagged with "Disclosure"

11146d62a6c31fb9fac8ac8ac991e08d

The Disclosure Debate Continues….. (part 1,453, 769) to be Continued

May 23, 2013 Added by:Andy Willingham

Here we go again. Another security researcher who apparently thinks that he knows best because his feelings were hurt by Microsoft.

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

It's Time for Transparency Reports to Become the New Normal

January 31, 2013 Added by:Electronic Frontier Foundation

A transparency report would allow Skype and Microsoft to set the record straight and permit users to make an informed decision about the surveillance risks they’ve taking when they use their product. With great user data comes great responsibility...

Comments  (0)

Bd07d58f0d31d48d3764821d109bf165

Information Sharing and Asymmetric Advantage

January 27, 2013 Added by:Tripwire Inc

One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

OPSEC: Is the Juice Worth the Squeeze?

September 06, 2012 Added by:Joel Harding

In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Infographic: The Social Media Side of Incident Response...

August 13, 2012 Added by:Neira Jones

It seems that my previous post on the social media side of incident response attracted some attention and I thank everyone for their feedback. This prompted me to explore the brave new world of infographics... So here we go, my first foray into what is for me uncharted territory...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

EU Weighs in on Face Recognition Applications

July 29, 2012 Added by:Electronic Frontier Foundation

Face recognition in online applications is particularly problematic as personal data is sometimes used out of context by employers and law enforcement. Therefore, European privacy officials’ opinion recommending various practices for these applications could not have come at a better time...

Comments  (0)

F29746c6cb299c1755e4087e6126a816

Latest Data Breach Notification Bill Won’t Go Far

July 23, 2012 Added by:Kelly Colgan

When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...

Comments  (0)

7ddc1f3000a13e4dfec28074e9e7b658

Coders Rights at Risk in the European Parliament

July 18, 2012 Added by:Electronic Frontier Foundation

By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...

Comments  (0)

02a6d0efd54c7388e26f125d8df83671

Notifying Customers About a Data Breach: Five Rules

July 17, 2012 Added by:Megan Berry

Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Study Finds Minimal Transparency in Breach Reports

July 17, 2012 Added by:Headlines

"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Two Northeast States Updated Breach Notification Statutes

June 27, 2012 Added by:David Navetta

Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

Infosec: Too Many Questions

June 20, 2012 Added by:Wendy Nather

Does having one machine on a botnet at some point automatically mean that more nefarious things are going on besides just selling V1agr4 or perhaps DDoSing the Anonymous target of the week? This is the risk calculation that we need more data to perform, and it's one that the C-suite would really appreciate...

Comments  (1)

4ff49873e3fed9a24adf0d37ae00b780

The Debate When it Comes to Monetizing Security Flaws

June 20, 2012 Added by:Lee Munson

Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...

Comments  (0)

94ae16c30d35ee7345f3235dfb11113c

Tip of the Iceberg: 107,655 Cybersecurity Incidents in 2011

June 19, 2012 Added by:Joel Harding

Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...

Comments  (0)

44fa7dab2a22dc03b6a1de4a35b7834a

Contracts and Information Security Part 2: NDAs

June 13, 2012 Added by:Bill Gerneglia

NDAs might include potential liability for unauthorized disclosure of protected personal information, privileged communications (such as lawyer-client or doctor-patient communications), national secrets, or the trade secrets of the company or business partner...

Comments  (0)

9f19bdb2d175ba86949c352b0cb85572

Nine Tips for Social Media Crisis Response

June 07, 2012 Added by:Neira Jones

Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...

Comments  (0)

Page « < 1 - 2 - 3 > »