Sunday, March 15, 2015
For my Computer Security students.
Winston Maxwell and Patrice Navarro write:
Security concerns and the need to increase cyber security measures have recently boosted the use of Bring Your Own Device (BYOD) policies in France. Recent events have exacerbated fears of data breaches and hacking for IT managers who were not overly concerned before. As a consequence, IT security teams are seeking to apply the same security and device management systems that apply to their own company’s equipment to employees’ devices when employees use their devices for work purposes.
Obligation to notify
A BYOD policy usually forms part of a company’s IT policies. It must be formally presented to the works council to ensure employees are informed.
The CNIL’s guidelines on BYOD
In the guidelines, the CNIL takes a conservative approach to BYOD security. The CNIL prohibits, for example, a company “remotely wiping” an employee’s private data from their device. The CNIL indicates that companies must find a balance between their legitimate security concerns and the privacy of their employees. Consequently the security measures that are implemented must be proportionate to the threats and risks to the IT system and the company must ensure that employees are properly aware of the measures in place.
Read more on Hogan Lovells Chronicle of Data Protection.
Is this downhill on the slippery slope? Does Pearson only create one version of the test?
There’s a growing outrage after reports today that Pearson Publishing have been spying on students. It is also reported that Pearson is working with some US education departments to censure students who have discussed tests on social media after taking them. Pearson apparently likes to call this ‘listening and monitoring‘.
Read more on Save Our Schools NZ.
Note that the original source – Bog Braun’s blog – was reportedly knocked offline by a DDoS attack.
But when the dust settles, is it really inappropriate for a testing firm to monitor social media as one part of monitoring test security? And is it really wrong for them to alert school districts if they find evidence of improper sharing of a test item – or to ask the district to take steps to discipline any student breaking test security?
In this case, it is not clear that any student actually tweeted a question and answer on the test before the completion of the test, but if parents support school districts monitoring social media to prevent one problem (cyberbullying), would they support the school district itself also monitoring social media to protect test security? Is the problem that Pearson – protecting its own product – did the monitoring?
There’s a discussion to be had, but I’m not sure that parents will prevail on this one.
Or China Or Russia Or North Korea
Jon Stewart and Jimmy Fallon Have a Point: Ask the NSA for Hillary Clinton's Emails
Something for those final papers students!