Group items tagged

A disconnect exists between federal government CIOs, CISOs and IT hiring managers and the human resources professionals charged with finding qualified candidates with cybersecurity skills, according to a just-published report. The report, Cyber In-Security: Strengthening the Federal Cybersecurity Workforce from the Partnership for Public Service, concludes that IT managers are less satisfied than their HR counterparts with the quality of cybersecurity recruits and the time it takes to hire IT security personnel. "The human capital management process is broken; operations and HR people should be joined at the hip and collaborate across the government," the report quotes Norman Lorentz, former chief technology officer at the White House Office of Management and Budget. Indeed, one third of chief information officers, chief information security officers and IT hiring managers surveyed for the report expressed unhappiness with candidate quality vs. 10 percent for HR managers. Sixty-one percent of HR managers vs. 40 percent of IT managers expressed satisfaction with candidate quality (see chart).

An insurance company seeking to challenge the authority of Canada's privacy legislation and the privacy commissioner in an auto injury case will have to go to the Federal Court to make its case, the New Brunswick Court of Appeal has ruled. In State Farm Mutual Automobile Insurance Company v. Privacy Commissioner of Canada and Attorney General Canada, State Farm argued that Canada's privacy regime does not apply to surveillance tapes the insurer commissioned following a motor vehicle accident in 2005. In March 2005, Jennifer Vetter, insured by State Farm, was involved in a motor vehicle collision with Gerald Gaudet. State Farm subsequently hired a lawyer in anticipation of litigation by Gaudet against Vetter. The insurer also hired private investigators that conducted video surveillance on Gaudet. Gaudet filed a request under Canada's privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA), that State Farm turn over to him the personal information it had compiled, including copies of the surveillance reports and tapes. State Farm went to the New Brunswick Court of Queen's Bench asking for "declaratory" relief on several issues. Among other things, the insurer asked for a court order declaring that PIPEDA did not apply to information obtained in a bodily injury damages claim. It also asked the court for an order confirming that the privacy commissioner had no right or authority to compel State Farm to turn over the documents. The privacy commissioner asked for a stay of proceedings in the New Brunswick court, arguing that the authority of the privacy commissioner was a matter for the Federal Court (which has jurisdiction over federal legislation such as the PIPEDA). The New Brunswick Appeal Court noted both the provincial and federal courts have jurisdiction to hear cases about the constitutionality of federal legislation. But only the Federal Court could determine the outcome of a direct challenge to the authority of the p

The United States' 35-year-old federal privacy law and related policies should be updated to reflect the realities of modern technologies and information systems, and account for more advanced threats to privacy and security, according to a report sent today to OMB Director Orszag. In its 40-page paper, the National Institute of Standards and Technology's Information Security and Privacy Advisory Board calls for Congress to amend the 1974 Privacy Act and provisions of the 2002 E-Government Act to improve federal privacy notices; clearly cover commercial data sources; and update the definition of "system of records" to encompass relational and distributed systems based on government use of records, not just its possession of them. The panel included technology experts from industry and academia. The panel wants heightened government leadership on privacy and suggests the hiring of a full-time chief privacy officer at OMB and regular Privacy Act guidance updates from the office. Chief privacy officers should be hired at major agencies and a chief privacy officers' council should be created, much like the Chief Information Officers' Council that is chaired by OMB's e-government and IT administrator.

"Temporary workers brought in to help during the busy holiday shopping season can sometimes pose a data security risk for companies. Retailers that hire temporary help need to keep a watchful eye on them to reduce the risk of data compromises, said Bob Russo, general manager of the PCI Security Standards Council. The council oversees the implementation of mandatory security standards for protecting credit and debit card data across the payment industry. With many retailers hiring temporary workers to handle extra business, vigilance is key, Russo said. "Management needs to hover at this time of the year, especially with temps," he said. Temporary workers who handle credit card data or are involved in any form of payment processing need to follow appropriate security procedures. Proper access controls also need to be in place to prevent temporary workers from gaining access to other systems, he said."

The Federal Trade Commission, continuing its focus on behavioral advertising practices and online consumer privacy, has hired Harvard researcher Christopher Soghoian as a technical consultant. Soghoian, currently with Harvard's Berkman Center for Internet & Society and a noted researcher and blogger on online privacy, will work with the FTC's Bureau of Consumer Protection, Division of Privacy and Identity Protection. He has been particularly critical about the length of time major Internet service providers and companies keep and use customer data Last month, several marketing and advertising industry associations, including the Direct Marketing Association and the American Association of Advertising Agencies, issued self-regulatory principles to govern the online practices of their members, in an attempt to stave off federal regulation of behaviorally targeted advertising.

"It was fascinating to read your thoughts about our recent conversation in CSO (see The Many Challenges of Finding Work as a CISO/CSO"). And when I say "fascinating," I mean in the sense of watching Nascar: a lot of predictable left turns and some really embarrassing, squirm-inducing shots of the fans. I do like you, I think you're a nice guy, and so I wanted to give you some feedback about the interview process and what you're going to need to change to be successful. I don't think you're going to enjoy reading this. But maybe some of those hours that you're spending maintaining that "vast database" of yours could be better spent understanding why we hired someone who understands they're an engineer."

One of the most enlightening articles I have seen on the value of security to corporate America.

"Can personal medical data that has been stripped of its identifiers to protect privacy later be used to identify a specific person? That is the question that the Health and Human Services Department is hoping a research contractor can answer. HHS intends to hire a contractor to demonstrate either the "ability or inability" to re-identify data from a data set that has been de-identified under the Health Information Portability and Accountability Act (HIPAA) Privacy Rule, according to a Jan. 4 notice on the Federal Business Opportunities Web site. De-identification and re-identification of patient data have become hot issues in the discussion about how to protect patient privacy while advancing adoption of electronic health records. The Obama administration is distributing at least $17 billion in incentive payments to doctors and hospitals who buy and use digital systems for medical data."

"SACRAMENTO, Calif.-The state Assembly passed a bill Monday that would allow video recorders to be installed on vehicles' dashboards, raising concern about drivers' privacy. Currently, state law prohibits dashboard devices that may obstruct a driver's view. The bill is supported by companies that hire teams of drivers. They want to ensure their employees are driving safely and use the cameras to help determine fault in an accident. The bill's author, Assemblyman Nathan Fletcher, R-San Diego, says companies that use the recorders in other states have reduced their accident claims by 80 percent."

Will your car have to testify against you in court?

"Google Inc. co-founder Sergey Brin Wednesday said the Internet giant "screwed up" by collecting personal data through wireless networks and promised new oversight as European officials pledged to open investigations of the data collection. Authorities in Germany, Spain and Italy said Wednesday they were investigating Google and its Street View service, which uses camera-equipped vehicles to take street images and mark the location of Wi-Fi networks. Mr. Brin, speaking the same day at Google's developer conference in San Francisco, said the company would put "more internal controls in place" to prevent such data captures in the future, including the hiring of outside help. "Trust is very important to us," Mr. Brin said. "We're going to do everything we can to preserve that trust.""

G apologizes. Again, better to ask forgiveness... If users remain silent & gvt doesn't prosecute, why comply?

The global recession manifests itself in big and small ways, most gloomy, some quirky and often reflecting the inventive human spirit. Here is a look at some signs of the times. * With record defaults on consumer loans, collection agencies in the United States are going to extra lengths to recover the money. Illinois resident and Mercedes driver James Ricobene says an agency hired by JP Morgan Chase left a post on his daughter's MySpace page threatening action that could lead to prison, unless she contacted the agency within five days about its efforts to repossess her father's car. Ricobene has sued the collection agency and JP Morgan for libel, fraud and invasion of privacy.

Chris Nolter Department store proprietor John Wanamaker is famously said to have quipped, "Half the money I spend on advertising is wasted; the trouble is, I don't know which half." The founder of Wanamaker's department store is known as the "father of modern advertising." His innovations, in late 19th-century and early 20th-century Philadelphia and New York, included publishing reliable prices in advertisements, copyrighting pitches, offering money-back guarantees and hiring a full-time writer to produce ad copy. A century later, advertising professionals have gotten more sophisticated and adapted to radio, television, outdoor and digital media. Wanamaker's observation about the value and effectiveness remains profound for merchants and manufacturers, as well as for media outlets that have seen broadcasting or print-advertising dollars reduced to digital pennies. The Internet has made the amount of space that can be filled with advertising virtually infinite, while the recession has all but emptied the advertising coffers of automakers, financial services firms and real estate companies. While digital media has disrupted the traditional ad business, it also presents the tantalizing promise to answer Wanamaker's question. Prior generations of digital advertising gave us spam and banner ads that tempted us with animated mortgage holders wildly dancing on the roof of their home or prizes for whacking a mole. The new proposition is that digital ads will allow advertisers to target audiences and track their returns on investment, and provide users with advertising and content that is more relevant. More than 400 advertising networks have come into existence to sell ad space on the expanding inventory of Web sites and pages. These networks connect advertisers with online publishers, often shopping ad space that a Web site's own sales staff cannot fill. Many of the networks cater to niches, such as food, wine, cars or sports. Increasingly, they are selling access to a

Like this http://www.hdfilmsaati.net Film,dvd,download,free download,product... ppc,adword,adsense,amazon,clickbank,osell,bookmark,dofollow,edu,gov,ads,linkwell,traffic,scor,serp,goggle,bing,yahoo.ads,ads network,ads goggle,bing,quality links,link best,ptr,cpa,bpa. www.killdo.de.gg

A couple in Pittsburgh whose lawsuit claimed that Street View on Google Maps is a reckless invasion of their privacy lost their case. Aaron and Christine Boring sued the Internet search giant last April, alleging that Google "significantly disregarded (their) privacy interests" when Street View cameras captured images of their house beyond signs marked "private road." The couple claimed in their five-count lawsuit that finding their home clearly visible on Google's Street View caused them "mental suffering" and diluted their home value. They sought more than $25,000 in damages and asked that the images of their home be taken off the site and destroyed. However, the U.S. District Court for Western Pennsylvania wasn't impressed by the suit and dismissed it (PDF) Tuesday, saying the Borings "failed to state a claim under any count." Ironically, the Borings subjected themselves to even more public exposure by filing the lawsuit, which included their home address. In addition, the Allegheny County's Office of Property Assessments included a photo of the home on its Web site. The Borings are not alone in their ire toward the Google Maps feature. As reported earlier, residents in California's Humboldt County complained that the drivers who are hired to collect the images are disregarding private property signs and driving up private roads. In January, a private Minnesota community near St. Paul, unhappy that images of its streets and homes appeared on the site, demanded Google remove the images, which the company did. However, Google claims to be legally allowed to photograph on private roads, arguing that privacy no longer exists in this age of satellite and aerial imagery. "Today's satellite-image technology means that...complete privacy does not exist," Google said in its response to the Borings' complaint Not long after the feature launched in May 2007, privacy advocates criticized Google for displaying photographs that included people's faces and car license

Online fraud is a $4 billion dollar a year industry. It grows as the unemployment rate increases and the jobless attempt to earn a living through whatever means necessary. Meanwhile, the Internet's footprint on the global economy and culture becomes larger every day. The expansion of fraud and the identification of this risk will create more jobs in the fields of compliance, risk management, and best practices. Who will fill these positions? For many companies looking to take action, the initial move will be to consolidate roles. Individuals in areas such as sales and marketing will absorb fraud identification, reporting, and prevention responsibilities. This will prove to be ineffective for the following reasons: 1. The sales and marketing staffs are not trained to identify fraud and they cannot keep up with the ever-changing tactics. 2. Associates are conflicted when faced with a fraud incident. They are not motivated to report fraud and their compensation structure dissuades them from reporting incidents. 3. Business goals are not aligned appropriately, which naturally moved fraud last on the priority list for the associates assigned the additional responsibilities. 4. While the internal attempt is made, no time is spent on partner due diligence and monitoring. Organizations will benefit in the long term by hiring dedicated staff. This tactic is one component of my company's Best Practice approach to doing business. My dedicated team helped realign business goals and create a culture that now embraces a higher set of standards and expectations. Staffing and training were the largest challenges I have faced in the last year. The positions were new, the skill set was specific, and as a result we received a dichotomous set of resumes. Applicants with online marketing experience had little to no experience with fraud, or they came from companies where more unscrupulous methods were used, and I was not confident those habits would be easily kicked. The app

The largest threat to online advertising is growing as the economy declines. More individuals will turn criminal, purchasing products or generating income through fraudulent means. Billions of dollars are stolen from businesses each year, and in 2009 companies will fight fraud with fewer resources.According to CyberSource, an estimated $4 billion dollars was lost to fraud in 2008 up from $3.7 billion in 2007, and 87% of merchants must fight fraud with the same or less staff in 2009. The increase in eCommerce fraud from 2007 to 2008 (and one can expect, in 2009) follows the advertisers' shift to spend more of their budget online. Much like crime statistics, one has to wonder how much fraud is not being reported because, among many reasons, commission-driven employees are not motivated or your company lacks resources.In early 2008, I was approached by our CEO to start a new division that would address our partners' fraud concerns-both real and perceived. He said, "I'm not going to lie to you. It's a SOB job." I was sold, and the Best Practices Division began.My team establishes best practices (measurable, repeatable events, processes, and procedures) and applies them internally and externally (to our partners' online marketing practices). At its core, best practices (BPs) are a set of standards that provide transparency and clear expectations of behavior and results to everyone involved in the business process. This accountability will drive the long-term performance of the online advertising industry while maintaining profitability without additional federal regulation.The BP approach can be applied to every business model and used to fight fraud-wherever you find it. Industry norm places the onus on the advertiser to successfully qualify inbound leads as well as identify fraudulent traffic. In the past, advertisers had only two options: become an online fraud expert, or hire a vendor.Only a small percentage of companies will be successful with the

Payment processor Heartland Payment Systems has been sued over a data breach it disclosed publicly on Inauguration Day last week. The lawsuit, filed on Tuesday in U.S. District Court in Trenton, N.J., alleges that Heartland failed to adequately safeguard the compromised consumer data, did not notify consumers about the breach in a timely manner as required by law, and has not offered to compensate consumers for costs they may incur in protecting themselves from identity fraud. In a statement that coincided with President Barack Obama's inauguration events, Heartland said the breach occurred last year but that it found evidence of the intrusion only in the previous week and immediately notified law enforcement and credit card companies. Heartland was alerted in late October to suspicious activity surrounding processed card transactions by Visa and MasterCard and hired forensic auditors who uncovered malicious software that compromised data in the company's network, said Robert H.B. Baldwin Jr., chief financial officer of Heartland, last week. The lawsuit seeks damages and relief for the "inexplicable delay, questionable timing, and inaccuracies concerning the disclosures" with regard to the data breach, which is believed to be the largest in U.S. history. Heartland executives have declined to specify how many consumers or accounts were affected. The company handles 100 million transactions per month for more than 250,000 merchants. The lawsuit, first reported by SearchSecurity news site, also accuses Heartland of negligence in taking more than two months to determine the existence and scope of the breach and criticizes the company for failing to identify which merchants were affected by the breach. The suit was filed on behalf of Woodbury, Minn., resident Alicia Cooper, who was notified last week by her credit union that a card associated with her account was included in the breach. It seeks class action status. A Heartland spokesman said the company could no

While the recession injured many industries in 2008, health care was one of the few bright spots in the employment picture, growing by 372,000 jobs last year, according to the U.S. Bureau of Labor Statistics' January 2009 Employment Situation Summary. The large aging population has health care employers in need of qualified workers: stat. Therefore, despite the current economic conditions, health care employers will continue to increase staff in 2009, according to CareerBuilder.com's annual health care hiring forecast, conducted online within the U.S. by Harris Interactive. Close to one-in-five (17 percent) of large health care employers (50 or more employees) plan to increase the number of full-time, permanent employees in 2009, while 67 percent foresee either making no change in the number of employees or are unsure. Sixteen percent plan to decrease the number of employees. "The health care industry continues to boast high demand for qualified workers. Employers are reacting to this need by continuing strong recruiting efforts this year," says Jason Ferrara, vice president of corporate marketing for CareerBuilder.com. "Half of health care employers, the highest among industries we surveyed, have open positions for which they can't find qualified candidates. In response, health care employers will have to adjust their recruitment and retention strategies to find and keep top talent."

Hundreds of medical records kept by a longtime Acton family doctor who abruptly closed his practice last year are about to be destroyed, leaving patients without crucial information and exposing a gap in state law about who owns abandoned medical records. On April 8, a Lynn storage company is scheduled to discard the records and auction the equipment left by Dr. Ronald T. Moody, who was evicted from his office last September as state regulators pursued him, saying he was practicing without a license. Many of Moody's former patients have no idea that their records are slated for destruction: None has been notified, nor does the law require such notice. "We throw people's lives away on a daily basis, and, believe me, we go out of our way to try and find someone" to salvage belongings, said Jim Appleyard, owner of the storage company that was hired by Moody's former landlord to clean out the office and store the items for six months, as required by law. But the idea of dumping hundreds of patients' files without them knowing about it bothered Appleyard. Unable to find Moody, he contacted the state Board of Registration in Medicine and pleaded to take the dozens of boxes of records. The board regulates doctors and administers rules governing medical records of physicians in private and group practices.

When the CISO asks to speak to you with that look on his face, you know the news isn't good. We were contacted by one of our third-party vendors, whom we had hired to do analysis on our website traffic. It appears that we have been passing sensitive information to them over the Internet. This sensitive information included data, such as customer names, addresses and credit card information. Because we are a public company, there are many regulatory guidelines that we have to follow like Sarbanes-Oxley (SOX) and the Payment Card Industry's (PCI) data security standard. Fortunately for us, our vendor has retained a copy of everything that we have sent to them. Unfortunately for us, it was six months of information totaling over a terabyte. Since our website is international, the legal department needed to obtain outside council to assist us in this matter. It will be a few days until I receive the data from the vendor.

The discovery of documents with students' personally identifying information stored in an unlocked room has launched protests against the university's chief information security officer. Students at Binghamton University in New York are circulating a petition to remove the university's chief information security officer following the discovery of boxes full of documents listing personal information of students and parents in an unlocked storage room. The existence of the unsecured documents was discovered March 6 by a reporter working for student radio station WHRW and disclosed on March 9. For that investigative work, the student reporter could face criminal charges. Binghamton University has had other recent problems with information security. In the past year, according to an article written by Robert Glass, the WHRW news director, university employees accidentally e-mailed the Social Security numbers of 338 students to another group of 200 students, sent the personal information of exchange students -- passport scans and birth certificates -- to student groups, and disposed of information about more than 70 former graduate students in trash bins atop a pile of shredded documents. Those breaches led the university to create an information security council, with a full-time information security officer, to prevent further incidents, according to Glass. Glass did not immediately respond to a request for comment. A University spokeswoman characterized the hiring of Terry Dylewski as the university's chief information security officer as a reflection of the school's ongoing concern about information security rather than a response to past breaches. Asked about the status of the students' petition to remove Dylewski, as reported by Broome County Fox affiliate WICZ TV, she said that question should be directed to the students. The spokeswoman said the university is treating the incident as a possible crime and that a criminal investigation is ongoing. She sai

Be careful what information you give to recruiters!

Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach. The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor. The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information. The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained. Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves. "We wanted to err on the side of caution," Michener said. Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said. Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.