You are here
Home > Posts tagged "Policy" (Page 2)

Senate takes another stab at privacy law with proposed COPRA bill

It would be great to have equivalent privacy regimes on both sides of the Atlantic. Maybe this time...: Perhaps the third time's the charm: a group of Senate Democrats, following in the recent footsteps of their colleagues in both chambers, has introduced a bill that would impose sweeping reforms to the current disaster patchwork of US privacy law. The bill (PDF), dubbed the Consumer Online Privacy Rights Act (COPRA), seeks to provide US consumers with a blanket set o...

7 ways to improve security awareness & training

Despite all the articles on AI/ML, Quantum-thingy, Nation-state attacks etc., getting the basics right is still the best way of reducing the risks associated with cybersecurity. Take an asset inventory (devices, software, information), make sure everything (and I mean everything) is as up to date as it can be, and keep educating your user base. This article is an observation on applying general learning techniques to cybersecurity...: 1. Ignite managers’ passion to coach t

Twitter transgression proves why its flawed 2FA system is such a privacy trap

Fallback Image

I have friends (you know who you are) who refuse to sign up to any service that asks for their mobile number. This doesn't help matters...: If ever there was a surefire way to sour users against a two-factor authentication system that was already highly flawed, Twitter has found it. On Tuesday, the social media site said that it used phone numbers and email addresses provided for 2FA protection to tailor ads to users. Twitter requires users to provide a valid phone nu...

Facebook tried to fight $5B FTC fine, is ready to fight antitrust probes

Looking at this from a business perspective Facebook would be failing its shareholders if they did not contest a $5 billion fine...: Facebook's $5 billion settlement with the Federal Trade Commission this summer smashed records: the FTC had never before fined any company such a hefty amount. But even though critics immediately lambasted the deal as a comparative slap on the wrist for Facebook, which earned about $56 billion in revenue in 2018, newly released documents sh...

Woman accused of Capital One hack had stolen data from 30 companies, authorities say

How will this affect vetting procedures? You'd want to know who had access to your data, and any previous shenanigans they'd been up to, but it's extremely difficult to check, especially if they are a third party...: In a petition filed on August 13 in federal court in Seattle, the Justice Department asserted that Paige Thompson—the former Amazon employee accused of stealing data from Capital One credit card applications—had done far more, including "major cyber intrusio...

AI researchers have a plan to pay patients for data

Perhaps we should all see our data as a tradable asset rather than giving it away to FB, Google et al...: Robert Chang, a Stanford ophthalmologist, normally stays busy prescribing drops and performing eye surgery. But a few years ago, he decided to jump on a hot new trend in his field: artificial intelligence. Doctors like Chang often rely on eye imaging to track the development of conditions like glaucoma. With enough scans, he reasoned, he might find patterns that coul...

NBlog Sept 7 – what have policies ever done for us?

Yes, policy & procedure can be extremely boring but, just like children, organisations need clear direction...: Why do we have policies, procedures and all that jazz? What are they and what are they for?  What do they actually achieve?  What would happen if we didn't bother at all?  What else could we do instead - are there better ways? Those rhetorical questions were prompted by a disarmingly simple and naive-sounding question on the ISO27k Forum this morning, viz

layers within layers

Interested in the governance of information security? The guys over at NoticeBored have spent a lot of time digging into the detail so you don't have to. Not exactly the DaVinci Code, but...: As I mentioned on the blog yesterday, we are working our way systematically through the suite of ~70 information security policies, making sure they are all up to scratch. For context, the suite consists of 60-odd topic-based policies, plus an overarching high-level Corporate Infor...