Wednesday, August 16, 2017
This nearly 500-page draft kind of sums everything up neatly.
NIST – Security and Privacy Controls for Information Systems and Organizations
Security and Privacy Controls for Information Systems and Organizations, August 2017. Draft NIST Special Publication 800-53 Revision 5.
This publication provides a catalog of security and privacy controls for federal information systems and organizations to protect organizational operations and assets, individuals, other organizations, and the Nation from a diverse set of threats including hostile attacks, natural disasters, structural failures, human errors, and privacy risks. The controls are flexible and customizable and implemented as part of an organization-wide process to manage risk. The controls address diverse requirements derived from mission and business needs, laws, Executive Orders, directives, regulations, policies, standards, and guidelines. The publication describes how to develop specialized sets of controls, or overlays, tailored for specific types of missions and business functions, technologies, environments of operation, and sector-specific applications. Finally, the consolidated catalog of controls addresses security and privacy from a functionality perspective (i.e., the strength of functions and mechanisms) and an assurance perspective (i.e., the measure of confidence in the security or privacy capability). Addressing both functionality and assurance ensures that information technology products and the information systems that rely on those products are sufficiently trustworthy.”
Helping my students understand the need to design security and privacy into systems from the beginning. And to provide some kind of Metric as part of the design!
Uber Settles FTC Allegations that It Made Deceptive Privacy and Data Security Claims
Uber Technologies, Inc. has agreed to implement a comprehensive privacy program and obtain regular, independent audits to settle Federal Trade Commission charges that the ride-sharing company deceived consumers by failing to monitor employee access to consumer personal information and by failing to reasonably secure sensitive consumer data stored in the cloud.
“We don’t care about this case, but…”
Apple, Facebook, Google and other tech giants tell the Supreme Court to protect cellphone data in a key, upcoming case
… The case before the nation’s justices is Carpenter vs. United States, and it stems from a 2011 investigation into a series of robberies in Detroit. As part of the probe, law enforcement officials obtained information from nearby cell towers to determine the whereabouts of one of the suspects, Timothy Carpenter, without first obtaining a warrant.
As the Supreme Court considers the matter — including questions as to whether law enforcement must demonstrate probable cause before it can seek that location data — tech giants stressed in a new amicus brief that they “do not take a position on the outcome of this case.”
But the major players that signed it — including Airbnb, Cisco, Dropbox and Verizon, the only telecom giant to sign — do argue the need for greater Fourth Amendment safeguards “to ensure that the law realistically engages with Internet-based technologies and with people’s expectations of privacy in their digital data.”
I want to play the “sound of doom” when my students open their exams. Is that cruel? I certainly hope so!
… The YouTube Audio Library launched in 2013 with 1,000+ free musical tracks.
… The channel now hosts more than five times that initial number. All are high-quality 320 Kbps audio tracks and sound effects with a royalty-free license.
Another way to bug my students?
For the Movie Club.
Ticket prices too high? MoviePass gets you into theaters for $10 a month
… even if audiences are currently fed up with the movie industry, a company called MoviePass is betting it can get them back in the seats, offering a movie a day for only $10 per month.
Founded in 2011, MoviePass is a subscription service that allows users to see movies in theaters (one movie per day) without buying a ticket each time. Instead, the company pays for your ticket when you swipe your MoviePass card.
If it sounds crazy that a company could afford to let users watch movies every day for only $10 a month, it’s not. The idea was similar to insurance: Not every user will actually see $10 worth of movies a month, so they end up subsidizing the users who do.
An iPhone or an Android phone is required to use MoviePass.
Because research should be cheap? No doubt it’s the paid opinion that will sink your case.
Free Law Project – We Have Every Free PACER Opinion on CourtListener.com
“At Free Law Project, we have gathered millions of court documents over the years, but it’s with distinct pride that we announce that we have now completed our biggest crawl ever. After nearly a year of work, and with support from the U.S. Department of Labor and Georgia State University, we have collected every free written order and opinion that is available in PACER. To accomplish this we used PACER’s “Written Opinion Report,” which provides many opinions for free. This collection contains approximately 3.4 million orders and opinions from approximately 1.5 million federal district and bankruptcy court cases dating back to 1960. More than four hundred thousand of these documents were scanned and required OCR, amounting to nearly two million pages of text extraction that we completed for this project. All of the documents amassed are available for search in the RECAP Archive of PACER documents and via our APIs. New opinions will be downloaded every night to keep the collection up to date.”
So that’s where my students got the idea!