Group items tagged

ACTA (Anti-Counterfeiting Trade Agreement) has concerned many consumer rights organizations for some time now. Given that it could easily affect criminal laws in many countries around the world, it's not hard to see why there is demand for public disclosure and allow public debate in the matters. Still, to this day, ACTA is being negotiated behind closed doors by many countries around the world and now consumer groups want to, at least, have the negotiations disclosed to them. When it comes to the privacy and surveillance debates, which are in various stages in different countries right now, many say that for national security concerns, further surveillance measures should be taken in the law books. Many policy makers want to know every detail of day-to-day communications of millions of people including who you talk to, when, how, where, and, with a warrant, what the contents of those messages are. Unsurprisingly, consumer rights groups have a problem with that. Meanwhile, when it comes to the highly secretive negotiations happening with ACTA, many consumer rights organizations want a clear indication on how the new international standard is forming and the contents of the legislation and to have such things disclosed to the public. Ironically, policy makers seem to have a problem with that.

I. INTRODUCTION The globalization revolution is undeniably well underway. Some of the primary leaders of the revolution are the off-shoring outsourcers of the world in search of readily available talent at prices below what is available in the traditional geographical outsourcing centers. Certainly, U.S. companies seeking information technology resources--as well as those looking for human resources to support the ever-growing customer care requirements of their business--are at the forefront of the movement. Some of those companies are seeking their own solutions, but many have turned to business process outsourcing companies for assistance. Business process outsourcing is, generally speaking, the contracting of a specific business task to a third party service provider. Processes that are best suited to be outsourced are those that a company requires but does not depend upon to maintain its position in the marketplace. There are two primary categories of business process outsourcing. One category is commonly referred to as "back office outsourcing" which includes internal business functions such as billing or purchasing. The other category is commonly referred to as "front office outsourcing" which includes customer-related services such as marketing, customer contact management, and technical support. The globalization of business in general has resulted in the need for companies to be able to provide support to their customers in many different languages. At the same time, developments in technology have provided the ability for business process outsourcers to provide a cost effective global delivery platform. The convergence of the need for a portfolio of services to be sourced globally with the ability of business process outsourcers to do so on a cost effective basis has driven the outsourcers to geographic locations previously ignored by most business sectors. By many estimates, there are currently off-shore outsourcing vendors in more than 175 different

"UC San Francisco said late Tuesday it has alerted 600 patients and others that an external hacker may have obtained "temporary access to emails containing their personal information" as a result of a late September phishing scam. The breach occurred about three months ago, and was investigated in mid-October, but wasn't disclosed to the public until Dec. 15. Corinna Kaarlela, UCSF's news director, told the San Francisco Business Times late Tuesday that individuals whose data may have been compromised were notified between Oct. 21, when an in-depth investigation began, and Dec. 11, when it was completed. UCSF said Tuesday that an unnamed faculty physician in the School of Medicine was victimized in late September by the alleged scam. The physician provided a user name and password in response to an email message fabricated by a hacker, that appeared as if it came from those responsible for upgrading security on UCSF internal computer servers. UCSF's Enterprise Information Security unit subsequently identified the breach and disabled the compromised password. UCSF says it conducted an investigation and in mid-October determined that emails in the physician's account ─ including some containing demographic and clinical information and, in a few cases, Social Security numbers ─ may have been exposed."

"Two L.A. traffic engineers who pleaded guilty to hacking into the city's signal system and slowing traffic at key intersections as part of a labor protest have been sentenced to two years' probation. Authorities said that Gabriel Murillo, 40, and Kartik Patel, 37, hacked into the system in 2006 despite the city's efforts to block access during a labor action. Fearful that the strikers could wreak havoc, the city temporarily blocked all engineers from access to the computer that controls traffic signals. But authorities said Patel and Murillo found a way in and picked their targets with care -- intersections they knew would cause significant backups because they were close to freeways and major destinations. The engineers programmed the signals so that red lights for several days starting Aug. 21, 2006 would be extremely long on the most congested approaches to the intersections, causing gridlock. Cars backed up at Los Angeles International Airport, at a key intersection in Studio City, at access onto the clogged Glendale Freeway and throughout the streets of Little Tokyo and the L.A. Civic Center area, sources told The Times at the time. No accidents occurred as a result. As part of their plea deal, the engineers agreed to pay $6,250 in restitution and completed 240 hours of community service."

Marcia Angell MD is a well-known, respected physician, long-time editor of NEJM. So it was a bit of a shock today when Amy Romano, blogger for Lamaze International, sent me this quote: "It is simply no longer possible to believe much of the clinical research that is published, or to rely on the judgment of trusted physicians or authoritative medical guidelines. I take no pleasure in this conclusion, which I reached slowly and reluctantly over my two decades as an editor of The New England Journal of Medicine".

Interesting quote by former editor of the New England Journal of Medicine

"Google Inc. co-founder Sergey Brin Wednesday said the Internet giant "screwed up" by collecting personal data through wireless networks and promised new oversight as European officials pledged to open investigations of the data collection. Authorities in Germany, Spain and Italy said Wednesday they were investigating Google and its Street View service, which uses camera-equipped vehicles to take street images and mark the location of Wi-Fi networks. Mr. Brin, speaking the same day at Google's developer conference in San Francisco, said the company would put "more internal controls in place" to prevent such data captures in the future, including the hiring of outside help. "Trust is very important to us," Mr. Brin said. "We're going to do everything we can to preserve that trust.""

G apologizes. Again, better to ask forgiveness... If users remain silent & gvt doesn't prosecute, why comply?

"The number of fraudulent IRS websites taken down in 2008 soared to 3,030, up more than 240 percent from 2007, according to a GAO analysis of Internal Revenue Service data, suggesting a sharp increase by criminals to draw unassuming taxpayers to faux tax agency websites to steal identities and money. In a Government Accountability Office audit, made public Thursday, the GAO credited the IRS for implementing programs to prevent, detect and resolve identity theft, but said the tax agency needs to do a better job in assessing the effectiveness of its initiatives. And, as it relates to potential online abuse, the IRS should be more consistent in enforcing security controls. "

"The credentials of thousands of Microsoft Windows Live ID accounts were posted online late last week, company officials said Monday. The company confirmed Monday in a blog post that several thousand Windows Live customers had their usernames and passwords exposed on a third-party site over the weekend. "Upon learning of the issue, we immediately requested that the credentials be removed and launched an investigation to determine the impact to customers," the post said. "As part of that investigation, we determined that this was not a breach of internal Microsoft data and initiated our standard process of working to help customers regain control of their accounts." Windows Live IDs let users gain entry into Hotmail, Messenger, Xbox LIVE, according to Microsoft. The usernames and passwords that were leaked may also be used for other Microsoft services, including the company's web-based Office program and the Skydrive online storage service. News of the breach spread early Monday, but it was unclear how the credentials were originally obtained."

Is the price to safeguard America's information systems and networks on a collision course with efforts to rescue the economy? One would hope not, but the $789 billion stimulus package that contains nearly $10 billions for IT-related projects offered very little for cybersecurity. Still, the president sees protecting government and private-sector information systems as crucial to the economic vitality of the country. So, when Acting Senior Director for Cyberspace Melissa Hathaway hands the President her recommendations on securing the nation's information infrastructure later this month, a sharper picture should emerge on how much money the government will need to spend to do just that. What Price Security? The government isn't a spendthrift in protecting its IT networks; it earmarked $6.8 billion a year on cybersecurity this fiscal year, up from $4.2 billion five years ago, according to the White House Office of Management and Budget. But is that enough? Appropriating money to find new and innovative ways to protect our critical information infrastructure doesn't seem to be a government priority, at least not yet. Of the $147 billion the government planned to spend on all types of research and development this fiscal year, only $300 million or 0.2 percent was slated for cybersecurity, according to the Securing Cyberspace in the 44th Presidency report issued by the Center for Strategic and International Studies. By comparison, the budget contained five times as much money $1.5 billion for nanotechnology R&D.

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

When the OCEG released Red Book version 1.0 back in 2005--it seems like a long time ago--the whole idea of GRC applications was still new. There was definitely a need for a COSO-like guide to internal GRC implementations. The focus back then was compliance and that is where the Red Book offered the most value. Four years later, the landscape has morphed a bit, and no one should be surprised that version 2.0 is concerned with the R and G as much as the C. The heart of the new version--a public exposure draft has been released--is something called the GRC Capability Model, which the OCEG markets as a "comprehensive guide for anyone implementing and managing a GRC system or some aspect of that system (e.g., compliance, training, hotline, investigations)." Eventually, OCEG members will be able to access the resource online to "create custom reports drawing from the Model and additional OCEG resources."

The PCI DSS standard was released back in December 2004 and was quickly hailed as one of the most important private-industry data security standards ever developed. Over the past few years, however, amid a steady stream of news about breaches and thefts, the PCI DSS standards has been roundly criticized. At a congressional hearing this month, one congresswoman said, "I do want to dispel the myth once and for all that PCI compliance is enough to keep a company secure." Many would agree. A case in point noted by Network World: The breach at Hannaford Brothers, where hackers installed malware on the grocery store chain's internal servers to seize card numbers as they were swiped by customers. Hannaford was certified a PCI DSS-compliant company as the scam was in progress. Heartland Payment Systems, before its scam broke in the news, was also certified compliant by Visa. Visa defends the standard as a way to minimize theft if properly implemented, and you certainly can't blame PCI DSS entirely for recent thefts. For all we know, there would have been many more if not for the standard. Still, the general view is that the PCI DSS standard has become overly complex and has done little thus far to stop fraud, as fraud artists get sophisticated technologically.

There is an old axiom in marketing circles that it costs more money to acquire new customers than to retain and service your old ones. In this precarious financial environment, the focus for many companies is now on keeping the existing customers satisfied, rather than worrying only about adding new ones to the fold. Since the business environment has slowed for now, showing your clients additional "value added" services rather than simply a lower price, for example, will be critical. Companies should be taking an introspective look for differentiating factors in the areas of security and privacy "value," and how they can leverage what they uncover - a competitive advantage. How can an organization best position their privacy and security programs to be used as a competitive advantage? First, of course, you need to ensure that your privacy and security program is robust, well-tested, formally documented and meets or exceeds whatever legislation that your company is subject to or regulated against. It is also important to give your customers a point of reference about the validity of your programs so they easily translate the value into a currency they recognize. Further, you should take advantage of any other internal and external audits, assessments and oversights that you can reasonably share with external parties by crafting the results of these documents as a consumable for external parties. It has been my experience that clients, especially their security teams, really appreciate this effort. Another innovative way to deliver a competitive advantage today is in the realm of vendor management. This discipline is quickly becoming an increasingly high-profile topic of discussion and interest between clients, customers and their service providers. The onus is on you anyway to demonstrate oversight of your third-party service provider(s). This is where you should also have the "value add" conversation and validate why your clients placed their trus

www.killdo.de.gg Most quality online stores. Know whether you are a trusted online retailer in the world. Whatever we can buy very good quality. and do not hesitate. Everything is very high quality. Including clothes, accessories, bags, cups. Highly recommended. This is one of the trusted online store in the world. View now www.retrostyler.com

Don't underestimate the maddening complexity and considerable costs of digitizing health care records and processes. That was the overarching message from a dozen or so health care players, some of them doctors, following my recent column urging the industry to bring its IT practices into the 21st century. A few readers took issue with my labeling health care practitioners as "laggards." In fact, argues Dr. Daniel Essin, former director of medical informatics at Los Angeles County + USC Medical Center, "physicians are, and have always been, early adopters of technology." Essin, who's now chairman of an electronic medical records vendor, ChartWare, says many physicians have made multiple attempts to implement EMRs but failed. He cites six main reasons: * They can't articulate a set of requirements against which products can be judged. * EMR systems aren't flexible enough, requiring workarounds even before their implementation is complete. * There's a mismatch between the tasks products are expected to perform and the products' actual functionality. * Some systems are conceived as a "simple" add-on to the billing system. * System workflows consume way too much physician time and attention. * There isn't adequate integration between internal and external systems. Related to most of those obstacles is cost. One EMR kit at the entry level, offered by Wal-Mart's Sam's Club unit in partnership with Dell and eClinicalWorks, is priced at around $25,000 for the first physician and $10,000 for each additional one. After installation and training, annual maintenance and support costs are estimated at $4,000 to $6,500. That's still not chump change, especially for the smallest practices.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

The French parliament on Thursday voted down an Internet piracy law, which had largely been expected to pass. The "Creation and Internet" law, which won the preliminary approval of the parliament last week, would compel Internet service providers to take graduated actions against customers accused of illegally downloading copyrighted material. After warning a customer against such actions for a third time, an ISP could suspend the person's Internet access for up to a year. Because the bill was expected to pass, few members of parliament were present for the final vote on the bill, according to the Associated Press. Opponents of the legislation, led by the Socialist party, rejected the measure by a vote of 21 to 15. The legislation had the support of the ruling UMP party, to which President Nicolas Sarkozy belongs, as well as the support of the Recording Industry Association of America. Backers of the bill intend to re-introduce an amended version within the coming weeks, according to reports. The entertainment industry has suggested to the United States' Congress that it should consider adopting European methods of combating copyright infringement. The United States, members of the European Union, and other countries may also consider making ISPs liable for infringement through international treaties.

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

Times West Virginian FAIRMONT - Two FBI police officers have been charged and one was arraigned Friday morning in Marion County magistrate court after videotaping high school girls who were trying on prom dresses at the Middletown Mall. According to an FBI press release, the two Clarksburg-based employees were charged with criminal invasion of privacy and conspiracy to commit video voyeurism by the Marion County prosecuting attorney's office. Gary Sutton Jr., 40, was charged with criminal invasion of privacy and being a party to a crime. And according to WDTV, a warrant has been issued for Charles Brian Hommema of Buckhannon. The charges stem from an event called the Cinderella Project that took place at the Middletown Mall in Fairmont that gave high school girls the opportunity to buy low-cost prom dresses. The event was sponsored by Hospice Care Corp. for the sixth year in a row and included $25,000 worth of dresses from Oliverio's Bridal Boutique in Clarksburg. The criminal complaint stated that the two men were on duty in the FBI's satellite control room, which coincidentally is located at Middletown Mall. The two allegedly stopped a security camera over a makeshift dressing room that had been set up to allow the girls to try on dresses during the event. The dressing rooms did not have ceilings, and the camera zoomed in and trained its focus on one particular dressing room for more than an hour. Several girls used that dressing room to try on prom dresses. The complaint stated that Sutton and Hommema were the only people in the control room and the only ones able to control the movements of the camera. The alleged activities were detected internally by the FBI and reported to the Department of Justice's Office of the Inspector General, prompting an investigation, according to the FBI release. "The FBI is committed to the timely and full resolution of this matter, but must remain sensitive to the privacy concerns of any potential victims

making best indexing in goggle and bing. RADJASEOTEA is a master of backlinks. You want indexing in goggle and bing. LOOK THIS www.fiverr.com/radjaseotea/making-best-super-backlink-143445

Cash-squeezed privately held companies are facing another threat in this struggling economy: rising employee fraud. Employee fraud -- from check-forgery schemes to petty-cash theft -- tends to rise during tough economic times, when workers are feeling financial pressure in their personal lives, experts say. And small companies are especially vulnerable because they often lack stringent internal controls to prevent fraud. Sometimes, managers at affected companies attribute lost funds to lower sales -- never even suspecting foul play.

The row over the changes Facebook made to its terms has thrown the light on the rights people surrender when they sign up to use a website. It is likely though that until the row over Facebook's Terms and Conditions went public, few people knew what rights sites claim over the content that their members upload and share. "Less than 25% of users are making a specific point of going to the privacy settings and making changes," said Simon Davies, head of digital rights group Privacy International. Most, he said, are so keen to get using a site after registering that they do not take time to learn what will happen to any data that they are surrendering. Only later do they go back and adjust what happens to their data. "A lot of sites do have strong privacy controls," said Mr Davies. Tweaking these settings can help cut down on how much of a person's data is distributed. "It can make a difference," said Mr Davies, "particularly if the default is set in terms of maximum information flow." Blogger Amanda French looked through the pages where sites such as Facebook, MySpace, Flickr, YouTube and others spelled out their policies with regard to the data that members upload. Although the wording was different, she found that sites such as MySpace, Yahoo, Google and Twitter explicitly backed away from claiming ownership over uploaded content. A brief survey of Europe's Top 5 social sites found a similar situation. The text of the terms available on the UK sites of Facebook, Bebo, MySpace, Friends Reunited and Windows Live all back away from claiming ownership. By contrast, she wrote, the changes Facebook made to its terms were "extraordinarily grabby and arrogant".

The more things change, the more they stay the same. Such is the case for information security management, which has been voted - for the seventh consecutive year - the most important issue affecting IT strategy, investment and implementation over the coming 12 to 18 months, according to the American Institute of CPAs' 20th Annual Top Technology Initiatives Survey. Employing a new strategy this year, the institute's 10-member tech task force distributed surveys to approximately 50,000 of the institute's members and then advertised the survey in an electronic newsletter. "We changed the voting audience," said David Cieslak, CPA, CITP and co-chair of the task force, noting that they sought responses from all institute members, without feedback from outside technology groups, as in past years. "It's a big year - our 20th - we wanted to make sure it was reflective of our membership." This year's survey received more than 700 responses, which ranked 33 technology initiatives that they perceived as having the most impact over the next 12-to-18 months. The most pressing initiative, according to respondents - information security management - is an integrated, systematic approach that co-ordinates people, policies, standards, processes and controls used to safeguard critical systems and information from internal and external security threats. "Integrity, confidentiality and the relationship that CPAs have with their clients is something that has always been important to accountants," said Mary MacBain, CPA, CITP and a task force co-chair. "Security is going to continue to be important." Jim Bourke, a member of the task force and partner-in-charge of technology at CPA and business advisory firm Withum Smith+Brown in Red Bank, N.J., said that it's no surprise to see information security management make the top slot yet again: "Look at the top three - what's the theme? Security and the concern about the privacy issues involving data. For the past few years, many CPAs ha

The enormous international focus on privacy is growing more urgent in the face of business and government pressure to get the economy moving again and restore trust in our most basic institutions. To help rebuild trust and bolster bottom lines in a down market, it pays to prioritize privacy. The time is right to make smart investments in an organization's privacy professionals-the experts in the eye of the storm that must work collectively to find the right solutions to privacy challenges. The IAPP, which now boasts 6,000 members across 47 countries, is convening its annual Privacy Summit in Washington DC from March 11-13, 2009-the largest and most global privacy event in the world. Attendees will have the unique opportunity to interact with privacy regulators from Canada, France, Spain, Israel, the UK, Italy, the U.S. and the experts who help shape their policies across 60 different educational and networking sessions. Keynote speakers include Frank Abagnale (of Catch Me if You Can fame), one of the world's most respected authorities on forgery, embezzlement and secure documents as well as internationally renowned security technologist Bruce Schneier. The Future of Privacy Forum will be strongly represented at this year's Summit. Jules Polonetsky and Chris Wolf will be co-presenting a session entitled Cheers & Jeers: Who is Doing Privacy Right and Who Deserves Detention. Jules and Chris will also cover Behavioral Advertising Secrets: What Your Marketing and IT Team Didn't Think You Needed to Know. Both topics should be big draws for the expected 1500 attendees at the Summit! It's this sort of event that advances our profession and helps privacy professionals work together to reclaim trust. Registration is open and we look forward to seeing you in DC.