Blog Posts Tagged with "Disclosure"
May 23, 2013 Added by:Andy Willingham
Here we go again. Another security researcher who apparently thinks that he knows best because his feelings were hurt by Microsoft.
January 31, 2013 Added by:Electronic Frontier Foundation
A transparency report would allow Skype and Microsoft to set the record straight and permit users to make an informed decision about the surveillance risks they’ve taking when they use their product. With great user data comes great responsibility...
January 27, 2013 Added by:Tripwire Inc
One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...
September 06, 2012 Added by:Joel Harding
In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?
August 13, 2012 Added by:Neira Jones
It seems that my previous post on the social media side of incident response attracted some attention and I thank everyone for their feedback. This prompted me to explore the brave new world of infographics... So here we go, my first foray into what is for me uncharted territory...
July 29, 2012 Added by:Electronic Frontier Foundation
Face recognition in online applications is particularly problematic as personal data is sometimes used out of context by employers and law enforcement. Therefore, European privacy officials’ opinion recommending various practices for these applications could not have come at a better time...
July 23, 2012 Added by:Kelly Colgan
When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...
July 18, 2012 Added by:Electronic Frontier Foundation
By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...
July 17, 2012 Added by:Megan Berry
Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
June 20, 2012 Added by:Wendy Nather
Does having one machine on a botnet at some point automatically mean that more nefarious things are going on besides just selling V1agr4 or perhaps DDoSing the Anonymous target of the week? This is the risk calculation that we need more data to perform, and it's one that the C-suite would really appreciate...
June 20, 2012 Added by:Lee Munson
Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...
June 19, 2012 Added by:Joel Harding
Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...
June 13, 2012 Added by:Bill Gerneglia
NDAs might include potential liability for unauthorized disclosure of protected personal information, privileged communications (such as lawyer-client or doctor-patient communications), national secrets, or the trade secrets of the company or business partner...
June 07, 2012 Added by:Neira Jones
Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...
PoS Malware Kits Rose in Underground in 2014... on 03-17-2015
New PCI Compliance Study... on 03-17-2015
PCI Security Standards Council Statement on ... on 03-17-2015