Group items tagged

"In light of a spike in identity theft and the frequency with which personal information is stored on portable devices, the American Institute of Certified Public Accountants (AICPA) and the Canadian Institute of Chartered Accountants (CICA) have expanded Generally Accepted Privacy Principles (GAPP) to include protocols for securing and disposing of personal information. "Safeguarding personal information is one of the most challenging responsibilities facing an organization, whether such information pertains to employees or customers," said Everett C. Johnson, CPA, chair of AICPA/CICA Privacy Task Force and a past international president of ISACA, a global information technology association. "We've updated the criteria of our privacy principles to minimize the risks to personal information." GAPP offers guidance and best practices on securing portable devices, breach management and ensuring continued effectiveness of privacy controls. The guidance additionally covers disposal and destruction of personal information. The principles are designed for chief privacy officers, executive management, compliance officers, legal counsel, CPAs and CAs offering technology advisory services. "Portable tools such as laptops and memory sticks provide convenience to employees but appropriate measures must be put in place to secure them and the data they contain," said Donald Sheehy, CA.CISA, CIPP/C, associate partner with Deloitte (Canada) and a member of the AICPA/CICA Privacy Task Force. "We must stay abreast of technological advances to assure that proper measures are put into place to defend against any new threats." Created by the AICPA/CICA Privacy Task Force, GAPP is designed to help an organization's management team assess an existing privacy program or address privacy obligations and risks. The principles provide a framework for CPAs and CAs to offer privacy services to their clients and employers, such as advisory services, privacy risk assessments and attestation or

"Rep. Loretta Sanchez, Chair, House Armed Services Subcommittee on Terrorism, Unconventional Threats and Capabilities With many committees and subcommittees having oversight over government cybersecurity, Rep. Loretta Sanchez thinks it would be a good idea to gather them together to map out steps Congress can take to help secure government IT."

US Government agencies collaborate to help secure information assets & protect our infrastructure and citizens? What an idea!

An explosion in threats against the nation's cybernetworks has led the Pentagon to develop a cyberwar strategy and prompted states to open cybersecurity offices.

Congress already has more than 40 committees and well over 100 subcommittees. Does it really need one more? How about another task force? Or a working group? Yes, says Sen. John McCain: A new panel is needed to cope with a relatively recent and unquestionably grave threat - hacking.

A top affliction of privacy professionals is the growing complexity of privacy laws. The number of jurisdictions regulating data privacy and the number of other laws in which privacy provisions are tucked has increased with no letup since 2000. Like the Lilliputians in Gulliver's Travels, the tiniest jurisdictions are now lassoing their privacy ropes around the mightiest of corporations. Where does this leave those who are charged with keeping their organizations privacy-compliant? Desperately looking for a way to organize news about all of these developments. I recently surveyed the landscape of possible solutions to this problem. What did I find? Three different approaches: free Web sites, newsletters and news feeds; fee-based periodicals; and fee-based databases, such as Nymity's PrivaWorks, Cecile Park Publishing's DataGuidance and law firm Morrison and Foerster LLP's Summit Privacy. What were the pros and cons of each approach? Free sources Privacy leaders with no budget will want to exploit what's free, including these options: * Morrison & Foerster's Privacy Library, probably the most comprehensive and current free online listing of privacy laws in 95 countries. * Law firm Baker & McKenzie's annual Global Privacy Handbook, which is distributed to clients and friends. * Computerworld's own Security Newsletter, which offers a regular look at news about the technical threats to personal data. * The International Association of Privacy Professionals' Daily Dashboard, Canada Dashboard Digest and monthly Inside 1to1: Privacy. These are the best available free news feeds on privacy.

Legislation to reform the Federal Information Security Management Act of 2002 will be introduced in the Senate on Tuesday, a Senate staffer who helped draft the bill told a panel at the RSA Conference in San Francisco on Thursday. Erik Hopkins' presentation provided further evidence that the White House could assume greater control in coordinating federal government security. In the panel - The New FISMA: Security Finally Transcends Compliance - Hopkins offered a diagram illustrating the bill that showed a cyber office reporting directly to the president. Hopkins, who works for the Senate Committee on Homeland Security and Governmental Affairs, was the third federal official addressing conference attendees to suggest the White House will be given more authority in safeguarding federal government information systems. On Wednesday, Obama administration cybersecurity advisor Melissa Hathaway - who last week submitted to the president an assessment of federal cybersecurity policy - said the White House must lead federal government cybersecurity efforts. A day before, National Security Agency Director Keith Alexander said NSA would not lead the nation's cybersecurity efforts, suggesting a greater role for the White House. Hopkins said the benefits of FISMA reform includes improved coordination of security efforts, better economies of scale and greater situational awareness of security threats such as knowing where they originate and how the government will respond.

There was no way I was ever going to convince my parents that Jimi Hendrix's music was good. More than anything, the youth culture was defined by its music. The chasm it created was called "the generation gap" a metaphor for the ideological differences that separated us. There is a new generation gap. It's not defined through music or politics or fashion, those ideas are shared much more among the generations than before. This time it's about privacy. My generation came of age thinking about "1984", the looming threat of "Big Brother" watching over all of us all of the time. It was the government or some group which would monitor all of our actions, know all our habits: who we associate with, what we watch, what buy. 1984 came and went. Nothing like "Big Brother" happened unless you count Apple computer's historic "Big Brother" commercial which ends with the slogan: "On January 24th, Apple Computer will introduce Macintosh. And you'll see why 1984 won't be like "1984". They were right - 2009 is. Personal details used to be considered private. We were careful about who knew what about us and certainly didn't post pictures of our friends, families and fantasies for all to see. Privacy does not seem to be valued anymore. Giving up one's privacy has become a rite of passage. It's what you leave at the portal when you sign up for any of the social networking sites on the internet. The sites are free - as long as you don't calculate the value of your identity, demographics, viewing and buying habits to advertisers. This isn't new, the Nielsen Ratings service has been assembling viewer information since the 1950s for television advertisers, but its methods were primitive in comparison to the two way constant information gathering that's done on the internet. In March 2009, Google initiated the use of "behavioral targeting", which uses information collected on someone's web-browsing behavior, such as the pages they have visited or the searches they have made, to selec

Guess what? That unlocked rant you put on your MySpace profile is open to the public and can be seen by anyone with a computer. Imagine that! Cynthia Moreno learned this the hard way. A judge ruled earlier this month that it was not an invasion of her privacy when a local newspaper published a rant pulled from her MySpace blog. After a visit to her hometown of Coalinga, Calif., college student Moreno penned a 700-word blog entry titled "An Ode to Coalinga" that opened with "the older I get, the more I realize how much I despise Coalinga." Moreno subsequently deleted the blog entry, but Roger Campbell, principal of Coalinga High School, discovered it before the deletion and handed it over to his friend Pamela Pond, editor of the Coalinga Record newspaper. Pond then published the rant in its entirety as a letter to the editor, printing Cynthia's full name. The Moreno family was met with death threats and shots were fired outside their home. Cynthia's father David was forced to close his 20-year-old family business, and the family moved to another town. The family sued the newspaper and the Coalinga-Huron Unified School District for invasion of privacy and infliction of emotional distress. The case against the newspaper was dismissed on free speech grounds, but the case against Campbell and the school district was allowed to proceed. Campbell did not violate Moreno's rights when he handed over her rant to Pond because Moreno's blog entry was published on the Internet and available for anyone to see, according to the Superior Court of Fresno County.

Former Booz Allen Hamilton management consultant Melissa Hathaway's much anticipated 60-day review of U.S. cybersecurity policy is scheduled to hit President Obama's desk this Friday. All eyes of the tech security community will be watching. It will signal what approach Obama will take in the complicated task of stemming cyber threats. Obama has said he will make the Internet safer for citizens and businesses, while playing catchup to China and Russia who are far ahead in the cyberwarfare arms race. "We're trying to do cybersecurity in a democracy," says Leslie Harris, President and CEO of the Center for Democracy & Technology. "Doing cybersecurity in China, my guess, is a lot easier." CDT held a press briefing this morning at which it warned that a cybersecurity bill, introduced earlier this month by Sen. John Rockefeller, D-W.Va, and Sen. Olympia Snowe, R-Maine, is the first of several that likely will be proposed once Hathaway's review is out. Harris said CDT agrees with a provision in the Rockefeller-Snowe bill that would create a cabinet-level cybersecurity adviser reporting directly to President Obama, but questions some of the extraordinary federal enforcement powers that could be created. CDT says it doesn't want citizens' civil liberties trampled upon. CDT general counsel Greg Nojeim gave Hathaway high marks for keeping her review process relatively open, in contrast to the Bush administration's penchant for secrecy. "So far the White House review team gets high grades on transparency," Nojeim said. Hathaway has held closed briefings in the past several weeks with Congressional committees, industry groups and privacy organizations, said Nojeim. "But the real test will be whether their recommendations reflect a commitment to transparency in the execution of the program," said Nojeim.

Like this http://cheaptravelbooker.com Like this http://cheaptravelbooker.com like this http://killdo.de.gg travel,hotel,fun,hotel new,new offer,hotel best,best hotel,hotel travel,seo,backlinks,edu,gov,ads,indexing,bookmark,killgoggle,gogglesuck,goggle bookmark,kill goggle,yahoo,bing,indexing,quality links,linkwell,traffic boster,index best

There is no denying that Google is a giant success. But its size has made the "do no evil" mantra all the more difficult for it to follow - and for some of us to believe. Lately, it seems every new release and every new decision draws the ire of someone, be it politicians, privacy campaigners, or even villagers. While the Google brand is certainly in better shape than many tech firms, its constant moves to control more and more of our data and information has some up in arms. Privacy Three recent announcements have drawn the attention of privacy campaigners in the UK - Latitude, Street View, and behavioural advertising. Latitude is Google's mobile tracking system. Sign up for it, add your friends, and you can all see exactly where each other is via your mobile phone signal pinpointed on a Google map. Handy if you're bored and want to know who's out and about, but the location tracking system could be frightening for a host of other reasons, some say. Last month, Liberal Democrats Home Affairs spokesman Tom Brake filed an early day motion (EDM) asking the government to look into Latitude. Brake said: "This system poses an insidious threat to our hard-won liberties. 24-hour surveillance and a Big Brother society are new realities." But the heat was off Latitude after Street View was unveiled in the UK. The photo mapping system features street-level photos of 25 cities, offering a virtual tour of places such as London, Manchester and more. But some people aren't so happy having their homes, cars and selves photographed and mapped - even with face and number plates blurred. The backlash didn't take long to start. Within a day, Privacy International was on the case, asking the Information Commissioner to shut the site down.

In a move that could reshape the federal government's cybersecurity efforts, President Obama on Monday said a former Booz Allen consultant would conduct an immediate two-month review of all related agency activities. The announcement indicates that the White House's National Security Council may wrest significant authority away from the U.S. Department of Homeland Security, which weathered withering criticism last fall for its lackluster efforts. Obama selected Melissa Hathaway, who worked for the director of national intelligence in the Bush administration and was director of an multi-agency "Cyber Task Force," to conduct the review with an eye to ensuring that cybersecurity efforts are well-integrated and competently managed. "The president is confident that we can protect our nation's critical cyber infrastructure while at the same time adhering to the rule of law and safeguarding privacy rights and civil liberties," said John Brennan, the president's homeland security adviser. Hathaway's appointment comes as Obama plans to overhaul the National Security Council, expanding its membership and effectively centralizing more decision-making in the White House staff. That would vest more authority in a staff run by James L. Jones, a former Marine Corps commandant who warned at a speech in Munich over the weekend that terrorists could use "cyber-technologies" to cause catastrophic damage. During a panel discussion that CNET News wrote about last fall, Hathaway defended Homeland Security's efforts to develop what it called a National Cyber Security Initiative, saying there was "unprecedented bipartisan support" for it. "Over the past year cyber exploitation has grown more sophisticated, more targeted, and we expect these trends to continue," she added. "Our cybersecurity approach to date has not kept up with the threats we've seen."

Cash-squeezed privately held companies are facing another threat in this struggling economy: rising employee fraud. Employee fraud -- from check-forgery schemes to petty-cash theft -- tends to rise during tough economic times, when workers are feeling financial pressure in their personal lives, experts say. And small companies are especially vulnerable because they often lack stringent internal controls to prevent fraud. Sometimes, managers at affected companies attribute lost funds to lower sales -- never even suspecting foul play.

The U.S. government's director for cybersecurity resigned on Friday, criticizing the excessive role of the National Security Agency in countering threats to the country's computer systems. "He has tendered his resignation," Amy Kudwa, a Department of Homeland Security spokeswoman told Reuters. Former Silicon Valley entrepreneur Rod Beckstrom said in a resignation letter published by the Wall Street Journal it was a "bad strategy" to have the National Security Agency, which is part of the Department of Defense, play a major role in cybersecurity. Beckstrom headed the National Cybersecurity Center, which was created last March to coordinate all government cybersecurity efforts and answers to the Department of Homeland Security. Homeland Security said in a statement that it has a strong relationship with the NSA and continues to work closely with all of its partners to protect the country's cyber networks. Beckstrom wrote to Homeland Security Secretary Janet Napolitano on Thursday in his resignation letter that the NSA currently dominates most national cyber efforts. "While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds," he wrote in the letter posted by the Wall Street Journal on its website. National Security Agency officials could not immediately be reached for comment. Beckstrom said in his letter that the cybersecurity group did not receive adequate support to accomplish its role during the previous administration of President George W. Bush, which only provided the center with five weeks of funding in the last year. His resignation will be effective March 13, the letter said. The newspaper said the Obama administration was conducting a 60-day review of the cybersecurity program started by Bush last year to protect government networks.

The more things change, the more they stay the same. Such is the case for information security management, which has been voted - for the seventh consecutive year - the most important issue affecting IT strategy, investment and implementation over the coming 12 to 18 months, according to the American Institute of CPAs' 20th Annual Top Technology Initiatives Survey. Employing a new strategy this year, the institute's 10-member tech task force distributed surveys to approximately 50,000 of the institute's members and then advertised the survey in an electronic newsletter. "We changed the voting audience," said David Cieslak, CPA, CITP and co-chair of the task force, noting that they sought responses from all institute members, without feedback from outside technology groups, as in past years. "It's a big year - our 20th - we wanted to make sure it was reflective of our membership." This year's survey received more than 700 responses, which ranked 33 technology initiatives that they perceived as having the most impact over the next 12-to-18 months. The most pressing initiative, according to respondents - information security management - is an integrated, systematic approach that co-ordinates people, policies, standards, processes and controls used to safeguard critical systems and information from internal and external security threats. "Integrity, confidentiality and the relationship that CPAs have with their clients is something that has always been important to accountants," said Mary MacBain, CPA, CITP and a task force co-chair. "Security is going to continue to be important." Jim Bourke, a member of the task force and partner-in-charge of technology at CPA and business advisory firm Withum Smith+Brown in Red Bank, N.J., said that it's no surprise to see information security management make the top slot yet again: "Look at the top three - what's the theme? Security and the concern about the privacy issues involving data. For the past few years, many CPAs ha

Infection of the adware called "VideoPlay," which has been spreading through malicious posts and comments on Digg and YouTube, increased 400 percent from January to February, according to Panda Security. Attackers have been posting comments on news stories and videos posted to the social networking sites Digg.com and YouTube.com, claiming users will be able to see videos of celebrities - some of which claim to be pornographic - by clicking a link that is provided, Sean-Paul Correll, threat researcher and security evangelist for Panda Security, told SCMagazineUS.com in an email Tuesday. But, when a user follows the link, they will be re-directed to a page where they will be prompted to download a codec to view the video. The download is the VideoPlay adware - a worm that aims to steal email login credentials and other information stored in a user's browser and then further propagate itself through removable drives.

If behavioral targeting is the key to providing Web users with advertising that's better tailored to their particular needs and interests--instead of banner ads that they ignore--then what's the harm to consumers? That was a central question tackled by a panel of privacy and online marketing experts Thursday at the OMMA Behavioral conference in New York. Whether online user tracking--even when anonymous--represents a growing threat to privacy has become a hotly debated issue in the last year, with FTC, Congress and state governments considering increased regulation of behavioral targeting. For Jules Polonetsky, co-chair and director of the AT&T-funded think tank Future of Privacy Forum, that debate has become almost superfluous. Whatever side one takes, he emphasized that there is now a widespread perception among consumers and regulators that online tracking is creepy at the very least. The key to diffusing the controversy is for publishers and marketers to give Web users notice that their behavior is being tracked in order to provide them with more relevant content, recommendations and marketing offers.

The largest threat to online advertising is growing as the economy declines. More individuals will turn criminal, purchasing products or generating income through fraudulent means. Billions of dollars are stolen from businesses each year, and in 2009 companies will fight fraud with fewer resources.According to CyberSource, an estimated $4 billion dollars was lost to fraud in 2008 up from $3.7 billion in 2007, and 87% of merchants must fight fraud with the same or less staff in 2009. The increase in eCommerce fraud from 2007 to 2008 (and one can expect, in 2009) follows the advertisers' shift to spend more of their budget online. Much like crime statistics, one has to wonder how much fraud is not being reported because, among many reasons, commission-driven employees are not motivated or your company lacks resources.In early 2008, I was approached by our CEO to start a new division that would address our partners' fraud concerns-both real and perceived. He said, "I'm not going to lie to you. It's a SOB job." I was sold, and the Best Practices Division began.My team establishes best practices (measurable, repeatable events, processes, and procedures) and applies them internally and externally (to our partners' online marketing practices). At its core, best practices (BPs) are a set of standards that provide transparency and clear expectations of behavior and results to everyone involved in the business process. This accountability will drive the long-term performance of the online advertising industry while maintaining profitability without additional federal regulation.The BP approach can be applied to every business model and used to fight fraud-wherever you find it. Industry norm places the onus on the advertiser to successfully qualify inbound leads as well as identify fraudulent traffic. In the past, advertisers had only two options: become an online fraud expert, or hire a vendor.Only a small percentage of companies will be successful with the

Eight years ago, a woman we'll call Sarah discovered that she was not biologically related to the father she had known all her life. Sarah, her mother revealed, was "donor-conceived." Her parents, after trying without success for a pregnancy of their own in the late 1970s, turned to a fertility center, where Sarah's mother was artificially inseminated with sperm from an anonymous donor. At the time sperm banks did not offer detailed donor profiles. Upon discovering the truth, Sarah was told what her parents had been told about her biological father: He was a medical student, possibly of Scandinavian ancestry. Sarah, who describes her family as "loving and stable," was shocked. Today she is also sick. A year before finding out about her conception, she began to experience severe, unexplained bladder problems. She has been seeing doctors at Johns Hopkins; so far they haven't figured out the cause. Recently married, Sarah worries that she may pass the illness on to future children. The medical history of her biological father could provide a crucial piece of the diagnostic puzzle. But in the early days of artificial insemination, clinics often shredded or burned files to ensure donor anonymity and client privacy. Sarah's father's identity may be locked away in storage somewhere, or it may have been destroyed. Although aware of the likely futility of her search, Sarah still continues-writing the clinic, nurses, her doctor-in the hope that someone can help. Faced with stories like this, the fertility industry and a few state governments are trying to come up with a way to ensure that future donor-conceived children will have access to their fathers' medical files. A national registry, for example, could allow banks to monitor how many times a man donates semen and how many children are born from his seed, to share updates about medical issues and to facilitate long-term research on health outcomes. But any such registry poses a threat to the p

In May 2008, the Office of the National Coordinator for Health Information Technology (ONC) awarded an approximately $450,000 contract to Booz Allen Hamilton to assess and evaluate the scope of the medical identity theft problem in the U.S. Medical Identity Theft Medical identity theft is a specific type of identity theft which occurs when a person uses someone else's personal health identifiable information, such as insurance information, Social Security Number, health care file, or medical records, without the individual's knowledge or consent to obtain medical goods or services, or to submit false claims for medical services. There is limited information available about the scope, depth, and breadth of medical identity theft. Dr. Robert Kolodner, National Coordinator for Health Information Technology, has noted that medical identity theft stories are being documented at an increasing rate, bringing to light serious financial, fraud, and patient care issues. ONC recognizes that health IT is an important tool to combat the threat of medical identity theft. We are seeking input from the public and other government agencies to better understand how health IT can be utilized to prevent and detect medical identity theft as well as build consumer trust in electronic health information exchange. ONC believes it is imperative to obtain a more comprehensive understanding of this issue from a variety of perspectives, and to create an open forum for dialogue to work proactively to address medical identity theft. Medical Identity Theft final report. The report summarizing health IT and medical identity theft issues raised at the town hall was completed January 15, 2009 and sets forth potential actions the Federal government and other stakeholders can undertake in working toward prevention, detection, and remediation of medical identify theft.

Legal woes may be next for Heartland Payment Systems, a payment processor that reported a major security breach this week. Depending on the results of the ongoing investigation, Heartland is likely to face the threat of litigation from issuing banks, merchants and consumers, says Scott Vernick, an attorney with Fox Rothschild LLP in Philadelphia, who specializes in data theft cases. "The businesses that use Heartland as a credit card processor, as well as thousands of consumers, will be anxiously watching for any negative impact, including harm to their business reputations, and the real possibility of identity theft or fraud," says Vernick. The fact that Heartland's systems were certified as being fully in compliance with data handling rules, called the PCI standards, raises questions about the efficacy of such standards. Hannaford Brothers grocery chain was likewise fully PCI compliant when it had 300 stores hacked and 4.3 million record swiped..... "This latest incident shows how, despite companies being compliant with regulations such as PCI, they are still a long way from being secure," says Mike Rothman, senior vice president of strategy at elQnetworks.