I don't know if I'd refer to breaches my employees didn't know about. (and other strange things...)
UK: BP Memo Warns Of "Catastrophic" Risk Of Information Leaks
PogoWasRight.org editor's note: this story contains references to severally previously unreported breached involving BP:
... The memo warns BP's employees of potentially "catastrophic" consequences if staff transfer sensitive data outside the company. Offering examples of such potentially harmful information leaks, the memo cites a U.S. Gulf of Mexico identity theft, the stealing of a U.K. laptop computer containing executive pay details, and the separate near-collapse of an Asia-Pacific deal.
In a Powerpoint presentation attached to the memo, seen by Dow Jones Newswires, the U.K. oil giant mentions a case in which "a laptop containing a number of highly sensitive documents, including salary details of some of BP's most senior executives, was stolen from an employee's car." The employee had gone dining at a restaurant close to BP's Sunbury office, which hosts its U.K. exploration and production activities.
[...]Finally, the document cites how a U.S. Gulf training contractor stole "BP employee identities to secure phones, loans and utilities."
Source - EasyBourse
One for the bookshelf (or I may actually read it)
Solove: Understanding Privacy
Privacy lawyer Dan Solove has a new book out, Understanding Privacy. Here's the publisher's blurb on it:
Privacy is one of the most important concepts of our time, yet it is also one of the most elusive. As rapidly changing technology makes information more and more available, scholars, activists, and policymakers have struggled to define privacy, with many conceding that the task is virtually impossible.
In this concise and lucid book, Daniel J. Solove offers a comprehensive overview of the difficulties involved in discussions of privacy and ultimately provides a provocative resolution. He argues that no single definition can be workable, but rather that there are multiple forms of privacy, related to one another by family resemblances. His theory bridges cultural differences and addresses historical changes in views on privacy. Drawing on a broad array of interdisciplinary sources, Solove sets forth a framework for understanding privacy that provides clear, practical guidance for engaging with relevant issues.
Understanding Privacy will be an essential introduction to long-standing debates and an invaluable resource for crafting laws and policies about surveillance, data mining, identity theft, state involvement in reproductive and marital decisions, and other pressing contemporary matters concerning privacy.
So much turmoil in only 15 years...
May 1, 2008 4:56 PM PDT
Happy 15th birthday, WWW
Posted by Adam Richardson Post a comment
Fifteen years ago yesterday, the World Wide Web became official and was put into the public domain.
An even more historical (older) computing milestone... (Notice that is remains virus free!) They plan to build a virtual Difference Engine – I hope to get a copy...
The Victorian engine that could
May 2, 2008 3:43 PM PDT Caption text by Kara Tsuboi
Calling all history buffs: Charles Babbage's Difference Engine No. 2 is making its North American debut at the Computer History Museum in Mountain View, Calif.
A forward-thinking mathematician and engineer, Babbage designed the Difference Engine in 1847. His intent was to create an automated computing machine, but he was never able to turn his vision into reality.
Fast forward 150 years, and an impassioned Babbage expert and wealthy financier have teamed up to build Babbage's dream via a new exhibit running through next April. (Click here for related video)
Two for my Computer Security students...
May 02, 2008
NIST Computer Security Division 2007 Annual Report
"The NIST Computer Security Division...release of NIST Interagency Report (IR) 7442: Computer Security Division - 2007 Annual Report. This publication highlights the diverse research agenda that enabled the Computer Security Division to successfully respond to numerous challenges and opportunities in fulfilling its mission to provide standards and technology that protects information systems against threats to the confidentiality, integrity, and availability of information and services."
The HIPAA act was 1996. Guidelines in 2008. Implementation by 2020?
May 02, 2008
An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act
"NIST announces the release of the public draft of Special Publication 800-66 Revision 1, An Introductory Resource Guide to Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule (Draft). This Special Publication (SP), which discusses security considerations and resources that may provide value when implementing the requirements of the HIPAA Security Rule, was written to help educate readers about information security terms used in the HIPAA Security Rule and to improve understanding of the meaning of the security standards set out in the Security Rule, direct readers to helpful information in other NIST publications on individual topics the HIPAA Security Rule addresses, and aid readers in understanding the security concepts discussed in the HIPAA Security Rule. This publication does not supplement, replace, or supersede the HIPAA Security Rule itself. Comments on Draft SP 800-66 Revision 1 will be accepted through June 13, 2008."