Blog Posts Tagged with "Disclosure"
The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
May 23, 2013 Added by:Andy Willingham
Here we go again. Another security researcher who apparently thinks that he knows best because his feelings were hurt by Microsoft.
Comments (0)
It's Time for Transparency Reports to Become the New Normal
January 31, 2013 Added by:Electronic Frontier Foundation
A transparency report would allow Skype and Microsoft to set the record straight and permit users to make an informed decision about the surveillance risks they’ve taking when they use their product. With great user data comes great responsibility...
Comments (0)
Information Sharing and Asymmetric Advantage
January 27, 2013 Added by:Tripwire Inc
One place I’ve actually seen effective information and practice sharing is through Information Sharing and Analysis Centers, or ISACs. These tend to be industry- or domain-specific groups that get together and share information about common concerns, challenges, and opportunities...
Comments (0)
OPSEC: Is the Juice Worth the Squeeze?
September 06, 2012 Added by:Joel Harding
In the cyber world there is a process called IGL or Intelligence Gain-Loss. Sometimes deploying a new tool would disclose a capability that the US has to gather intelligence, but sometimes the gain outweighs the loss of a source. Ya gotta ask is the juice worth the squeeze?
Comments (0)
Infographic: The Social Media Side of Incident Response...
August 13, 2012 Added by:Neira Jones
It seems that my previous post on the social media side of incident response attracted some attention and I thank everyone for their feedback. This prompted me to explore the brave new world of infographics... So here we go, my first foray into what is for me uncharted territory...
Comments (0)
EU Weighs in on Face Recognition Applications
July 29, 2012 Added by:Electronic Frontier Foundation
Face recognition in online applications is particularly problematic as personal data is sometimes used out of context by employers and law enforcement. Therefore, European privacy officials’ opinion recommending various practices for these applications could not have come at a better time...
Comments (0)
Latest Data Breach Notification Bill Won’t Go Far
July 23, 2012 Added by:Kelly Colgan
When comparing the bill to existing state laws on the subject, the lack of focus on consumer protection and an emphasis on making it business-friendly become evident. It becomes evident not by looking at what the bill contains, but by looking at what is purposely missing...
Comments (0)
Coders Rights at Risk in the European Parliament
July 18, 2012 Added by:Electronic Frontier Foundation
By identifying and disclosing vulnerabilities, coders are able to improve security for every user who depends on information systems for their daily life and work. Yet recently, European Parliament debated legislation that threatens to create legal woes for researchers who expose security flaws...
Comments (0)
Notifying Customers About a Data Breach: Five Rules
July 17, 2012 Added by:Megan Berry
Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...
Comments (0)
Study Finds Minimal Transparency in Breach Reports
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
Comments (0)
Two Northeast States Updated Breach Notification Statutes
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
Comments (0)
Infosec: Too Many Questions
June 20, 2012 Added by:Wendy Nather
Does having one machine on a botnet at some point automatically mean that more nefarious things are going on besides just selling V1agr4 or perhaps DDoSing the Anonymous target of the week? This is the risk calculation that we need more data to perform, and it's one that the C-suite would really appreciate...
Comments (1)
The Debate When it Comes to Monetizing Security Flaws
June 20, 2012 Added by:Lee Munson
Some people think that if you try to profit on your discovery, then no matter what your intentions are, the discovery could be used for non ethical goals. They think that it does not matter if it is a good guy or a bad guy who gets the information. They think that both parties have the potential for abuse...
Comments (0)
Tip of the Iceberg: 107,655 Cybersecurity Incidents in 2011
June 19, 2012 Added by:Joel Harding
Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...
Comments (0)
Contracts and Information Security Part 2: NDAs
June 13, 2012 Added by:Bill Gerneglia
NDAs might include potential liability for unauthorized disclosure of protected personal information, privileged communications (such as lawyer-client or doctor-patient communications), national secrets, or the trade secrets of the company or business partner...
Comments (0)
Nine Tips for Social Media Crisis Response
June 07, 2012 Added by:Neira Jones
Not impressed with LinkedIn's social media crisis response? Whilst the draft NIST report SP 800-61 gives really good guidelines on fully and effectively communicating important information to the public, there is some mileage to be had by exploring the use of social media when tackling incident response...
Comments (0)
- Five Things Your InfoSec Team Should Do in the Next 30 Days
- The Disclosure Debate Continues….. (part 1,453, 769) to be Continued
- The Danger of Mixing Cyber Espionage with Cyber Warfare
- Improving Security by Failing Faster
- BYOD: Should It Be the Wave of the Future?
- Trend Micro Discovers "SafeNet" - a New Targeted Espionage Operation Online
- Managing My Company’s Security is a Nightmare
- Bridging the Cybersecurity Divide, Why Security Innovation Must Lead the Way
- The Evolution of Industrial Control System Information Sharing
- ATM Security (And Really Learning from the Past)