Saturday, May 09, 2015

Still seems very cheap to me – unless the precedent has value I'm not seeing?
Joseph Ax and Nathan Layne report:
A federal judge has rejected a bid from a group of banks and credit unions suing Target Corp over its 2013 data breach to block the company’s proposed $19 million settlement with MasterCard Inc .
U.S. District Judge Paul Magnuson in St. Paul, Minnesota, wrote in a ruling Thursday that the deal does not appear “altogether fair or reasonable” but he could not legally intervene without evidence that Target or MasterCard had made misleading or coercive statements.
Read more on Reuters.

No doubt the confusion is from ignorance. No doubt this will all be fixed when the government takes over HealthCare. Oh wait, HHS is the government!
The new BakerHostetler report on data security incidents says that human error was the largest cause of data security incidents, accounting for 36%. Their finding is consistent with the new Ponemon report that also puts employee error as the number one cause, at 39%
But then you read RBS’s report on 2014 breaches where they say that 67% of breaches were due to hacking, and maybe you scratch your head. And you read, who report that hacking is currently the leading cause of breaches in the health care sector, according to HHS’s breach tool.
So who’s right? Those who say that insider error is the biggest single factor, or those who say that hacking is?
The problem with’s statement can be explained by the way HHS codes incidents. It may be that the 30 of 92 incidents coded as “Hacking/IT incidents” could be mostly IT incidents such as exposure on the Internet due to human error. Then again, some of the “hacking/IT incident” numbers are currently inflated by the fact that the breach tool not only includes Anthem’s reported breach, but it also includes reports from entities affected by the Anthem breach (and presumably already included in Anthem’s numbers), thereby double-counting some incidents and records. This blogger has frequently lamented the difficulties in using and making sense of the public breach tool due to its confusing coding and system.
As to the RBS report, well that may be a tad more complicated to explain. RBS includes hacks that show up on paste sites, and there are a lot of those. In contrast, small human error breaches generally don’t make the media and are not posted to paste sites. So there’s more information on hacks than on employee errors. That’s just one factor to think about, and there are others that may also help explain why their estimates of hacking incidents may remain higher than other sources.
The differences in the findings are not unimportant, either. If an entity is trying to decide where to invest their security budget and resources, it may make a difference whether the biggest threats are inside or outside, right?
In the meantime, every time a new study comes out, I take a breath and wait for the headlines and bullet points from those who often haven’t drilled down into the sampling and methods used. Then I just go throw up my hands and head for the coffee pot.

This is interesting. Such a simple fix... Remember, if Canada can do it, they can teach other English speaking intelligence services to do it.
Neasa MacEarlean reports:
The Canadian Anti-Terrrorism Act, now passing through parliament, could mean that law firms which do not encrypt data will imperil the confidentiality of clients – as the security forces will find it easier to get warrants that breach privacy.
The Act paves the way for greater powers for the Canadian Security Intelligence Service to undertake mass transfers of data from government departments. David Fraser, technology and privacy specialist at McInnes Cooper, said: ‘There’s all kinds of mischief that can take place under the provisions.’ He continued: ‘Could a judge theoretically override solicitor-client privilege in one of these scenarios? Yes. Would it take place in secret? Absolutely.’
Read more on Global Legal Post.

This is how politics works. This is not how Intelligence services work. Political appointees are Chief-Politial-Officers, not really intelligence experts. In their world, if you “forget” you haven't really lied.
Attorney: Spy chief had 'forgotten' about NSA program when he misled Congress
Director of National Intelligence Jim Clapper wasn’t lying when he wrongly told Congress in 2013 that the government does not “wittingly” collect information about millions of Americans, according to his top lawyer.
He just forgot.
… Litt on Friday said that Clapper merely did not have a chance to prepare an answer for Wyden and forgot about the phone records program when asked about it on the spot.
“We were notified the day before that Sen. Wyden was going to ask this question and the director of national intelligence did not get a chance to review it,” Litt said.

The next logical step? Have Uber pick up you order from restaurants that don't deliver.
Hungry? Now Order Food And Get It Delivered Right From Google Search Results
… The way it works is that when a user searches for a restaurant that offers delivery, Google will now include a "Place an Order" option, which users can click on, after which users can select the delivery service they want to use, and will be whisked away to that company's website so the user can finalize the order.

Perhaps we should compose “Lawyers in the Cloud” (to the tune of “Riders in the Sky”)
The Cloud's Threatening Legal Storm
… The cloud is not as safe as many people think, as a report from the Cloud Security Alliance explains. The CSA has outlined nine major categories of threats that face cloud technologies that organizations "must weigh ... as part of a rigorous risk assessment, to determine which security controls are necessary."
… At the end of 2014, CDW issued a white paper entitled "Playbook: Overcoming Cloud Security Concerns," which explains how to deal with the nine CSA threats and explains the difference between data loss and data breach:
… There are three important contract terms that companies should incorporate for better cloud protection, suggested a panel of attorneys including Microsoft Assistant General Counsel Mike Yeh, at a recent Advanced Compliance Education Summit meeting of the Association of Corporate Counsel.
No. 1: Limit Access to Data
No. 2: Privacy
No. 3: Customer Audits

At some point, “Hey. We're a lot more dangerous now!” will result in the old, “Then I guess we should attack you before you do something seriously stupid.” There is a fine line that North Korea is always willing to stick a toe across. Perhaps we haven't stomped on those toes hard enough.
North Korea Says It Tests Ballistic Missile From Submarine
PYONGYANG, North Korea — North Korea said Saturday that it successfully test-fired a newly developed ballistic missile from a submarine in what would be the latest display of the country's advancing military capabilities. Hours after the announcement, South Korean officials said the North fired three anti-ship cruise missiles into the sea off its east coast.
Experts in Seoul say the North's military demonstrations and hostile rhetoric are attempts at wresting concessions from the United States and South Korea, whose officials have recently talked about the possibility of holding preliminary talks with the North to test its commitment to denuclearization.
For the second straight day, North Korea said it would fire without warning at South Korean naval vessels that it claims have been violating its territorial waters off the west coast of the Korean Peninsula. South Korea's presidential Blue House held an emergency national security council meeting to review the threat and discuss possible countermeasures.
"By raising tensions, North Korea is trying to ensure that it will be able to drive whatever future talks with the U.S. and South Korea," said Yang Moo-jin, a professor from the Seoul-based University of North Korean Studies.

This is the job I've been preparing my Data Management students for!
All hail the next big job, the Chief IoT Officer
In the near future, you may hear about the appointment of a Chief Internet of Things (IoT) Officer. Before you roll your eyes and chortle at the thought of another chief-of-something, consider the problem.
First, companies are beginning to make and implement smart, connected, data-producing products. That can be anything -- automobiles, assembly line robots, washing machines and even coffee makers. This data can be used in predictive analytics to avoid product failures, as well as to schedule maintenance around when a product actually needs it. These products, mechanical and electronic, will likely get ongoing software updates.
Second, connected products are now part of a broader system. Or as Michael Porter, a Harvard economist, pointed out at this week's ThingWorx conference, you aren't just selling a tractor, you are selling a tractor that is becoming part of a smart farm, a system. Things have to be able to work together.
… In his talk, Porter never mentioned Chief IoT officers, but he does see organizations creating Chief Data Officers to manage IoT-generated data. Firms will create new organizations to deal with this data, "and we're going to see a lot of chief data officers."
The bottom line: Whether your firm ends up with the Chief Data Officer or a Chief IoT Officer or both, a trend toward the creation of more chiefs may be on its way.

(Related) Michael Porter's talk.
IoT Offers Bright Future, Says Harvard Professor
The IoT is driving “one of the most powerful business transformations that I’ve ever studied, let alone experienced,” said Harvard’s Michael Porter, who follows this phenomenon, at LiveWorx today. “How we run a company is going to change, very dramatically. How we organize ourselves as companies is going to be changing because of the impact of smart, connected products on the nature of work, on the nature of what companies have to do.”

For my students. Programming anything is an easy way to learn how to program everything.
5 Sites for Anyone Interested in Learning to Make Games

No comments: