Still seems very cheap to me – unless the
precedent has value I'm not seeing?
Joseph Ax and Nathan Layne report:
A federal judge has rejected a bid from a group of banks and credit unions suing Target Corp over its 2013 data breach to block the company’s proposed $19 million settlement with MasterCard Inc .
U.S. District Judge Paul Magnuson in St. Paul, Minnesota, wrote in a ruling Thursday that the deal does not appear “altogether fair or reasonable” but he could not legally intervene without evidence that Target or MasterCard had made misleading or coercive statements.
Read more on Reuters.
No doubt the confusion is from ignorance. No
doubt this will all be fixed when the government takes over
HealthCare. Oh wait, HHS is the government!
The new BakerHostetler
report on data security incidents says that human error was the
largest cause of data security incidents, accounting for 36%. Their
finding is consistent with the new Ponemon report that also puts
employee
error as the number one cause, at 39%
But then you read RBS’s report on 2014 breaches
where they say that 67%
of breaches were due to hacking, and maybe you scratch your head.
And you read HealthITSecurity.com, who report that hacking
is currently the leading cause of breaches in the health care sector,
according to HHS’s breach tool.
So who’s right? Those who say that insider
error is the biggest single factor, or those who say that hacking is?
The problem with HealthITSecurity.com’s
statement can be explained by the way HHS codes incidents. It may be
that the 30 of 92 incidents coded as “Hacking/IT incidents” could
be mostly IT incidents such as exposure on the Internet due to human
error. Then again, some of the “hacking/IT incident” numbers are
currently inflated by the fact that the breach tool not only includes
Anthem’s reported breach, but it also includes reports from
entities affected by the Anthem breach (and presumably already
included in Anthem’s numbers), thereby double-counting some
incidents and records. This blogger has frequently lamented the
difficulties in using and making sense of the public breach tool due
to its confusing coding and system.
As to the RBS report, well that may be a tad more
complicated to explain. RBS includes hacks that show up on paste
sites, and there are a lot of those. In contrast, small human error
breaches generally don’t make the media and are not posted to paste
sites. So there’s more information on hacks than on employee
errors. That’s just one factor to think about, and there are
others that may also help explain why their estimates of hacking
incidents may remain higher than other sources.
The differences in the findings are not
unimportant, either. If an entity is trying to decide where to
invest their security budget and resources, it may make a difference
whether the biggest threats are inside or outside, right?
In the meantime, every time a new study comes out,
I take a breath and wait for the headlines and bullet points from
those who often haven’t drilled down into the sampling and methods
used. Then I just go throw up my hands and head for the coffee pot.
This is interesting. Such a simple fix...
Remember, if Canada can do it, they can teach other English speaking
intelligence services to do it.
Neasa MacEarlean reports:
The Canadian Anti-Terrrorism Act, now passing through parliament, could mean that law firms which do not encrypt data will imperil the confidentiality of clients – as the security forces will find it easier to get warrants that breach privacy.
The Act paves the way for greater powers for the Canadian Security Intelligence Service to undertake mass transfers of data from government departments. David Fraser, technology and privacy specialist at McInnes Cooper, said: ‘There’s all kinds of mischief that can take place under the provisions.’ He continued: ‘Could a judge theoretically override solicitor-client privilege in one of these scenarios? Yes. Would it take place in secret? Absolutely.’
Read more on Global
Legal Post.
This is how politics works. This is not how
Intelligence services work. Political appointees are
Chief-Politial-Officers, not really intelligence experts. In their
world, if you “forget” you haven't really lied.
Director of National Intelligence Jim Clapper
wasn’t lying when he wrongly told Congress in 2013 that the
government does not “wittingly” collect information about
millions of Americans, according to his top lawyer.
He just forgot.
… Litt on Friday said that Clapper merely did
not have a chance to prepare an answer for Wyden and forgot about the
phone records program when asked about it on the spot.
“We were notified the day before that Sen. Wyden
was going to ask this question and the director of national
intelligence did not get a chance to review it,” Litt said.
The next logical step? Have Uber pick up you
order from restaurants that don't deliver.
Hungry? Now
Order Food And Get It Delivered Right From Google Search Results
… The way it works is that when a user
searches
for a restaurant that offers delivery, Google will now include a
"Place an Order" option, which users can click on, after
which users can select the delivery service they want to use, and
will be whisked away to that company's website so the user can
finalize the order.
Perhaps we should compose “Lawyers in the Cloud”
(to the tune of “Riders in the Sky”)
The Cloud's
Threatening Legal Storm
… The cloud is not as safe as many people
think, as a report from the Cloud
Security Alliance explains. The CSA has outlined nine
major categories of threats that face cloud technologies that
organizations "must weigh ... as part of a rigorous risk
assessment, to determine which security controls are necessary."
… At the end of 2014, CDW
issued a white paper entitled "Playbook:
Overcoming Cloud Security Concerns," which explains how to
deal with the nine CSA threats and explains the difference between
data loss and data breach:
… There are three important contract terms
that companies should incorporate for better cloud protection,
suggested a panel of attorneys including Microsoft Assistant General
Counsel Mike Yeh, at a recent Advanced Compliance Education Summit
meeting of the Association of Corporate Counsel.
No. 1: Limit Access to
Data
No. 2: Privacy
No. 3: Customer Audits
At some point, “Hey. We're a lot more dangerous
now!” will result in the old, “Then I guess we should attack you
before you do something seriously stupid.” There is a fine line
that North Korea is always willing to stick a toe across. Perhaps we
haven't stomped on those toes hard enough.
PYONGYANG, North
Korea — North Korea said Saturday that it successfully test-fired a
newly developed ballistic missile from a submarine in what would be
the latest display of the country's advancing military capabilities.
Hours after the announcement, South Korean officials said the North
fired three anti-ship cruise missiles into the sea off its east
coast.
Experts in Seoul say the North's military
demonstrations and hostile rhetoric are attempts at wresting
concessions from the United States and South Korea, whose officials
have recently talked about the possibility of holding preliminary
talks with the North to test its commitment to denuclearization.
For the second
straight day, North Korea said it would fire without warning at South
Korean naval vessels that it claims have been violating its
territorial waters off the west coast of the Korean Peninsula. South
Korea's presidential Blue House held an emergency national security
council meeting to review the threat and discuss possible
countermeasures.
"By raising tensions, North Korea is trying
to ensure that it will be able to drive whatever future talks with
the U.S. and South Korea," said Yang Moo-jin, a professor from
the Seoul-based University of North Korean Studies.
This is the job I've been preparing my Data
Management students for!
All hail
the next big job, the Chief IoT Officer
In the near future, you may hear about the
appointment of a Chief Internet of Things (IoT) Officer. Before you
roll your eyes and chortle at the thought of another
chief-of-something, consider the problem.
First, companies are beginning to make and
implement smart, connected, data-producing products. That can be
anything -- automobiles, assembly line robots, washing machines and
even coffee makers. This data can be used in predictive analytics to
avoid product failures, as well as to schedule maintenance around
when a product actually needs it. These products, mechanical and
electronic, will likely get ongoing software updates.
Second, connected products are now part of a
broader system. Or as Michael Porter, a Harvard economist, pointed
out at this week's ThingWorx conference, you aren't just selling
a tractor, you are selling a tractor that is becoming part of a smart
farm, a system. Things have to be able to work together.
… In his talk, Porter never mentioned Chief
IoT officers, but he does see organizations creating Chief Data
Officers to manage IoT-generated data. Firms will create new
organizations to deal with this data, "and we're going to see a
lot of chief data officers."
The bottom line: Whether your firm ends up with
the Chief Data Officer or a Chief IoT Officer or both, a trend toward
the creation of more chiefs may be on its way.
(Related) Michael Porter's talk.
IoT Offers
Bright Future, Says Harvard Professor
The IoT is driving “one of the most powerful
business transformations that I’ve ever studied, let alone
experienced,” said Harvard’s Michael Porter, who follows this
phenomenon, at LiveWorx today. “How we run a company is going to
change, very dramatically. How we organize ourselves as companies is
going to be changing because of the impact of smart, connected
products on the nature of work, on the nature of what companies have
to do.”
For my students. Programming anything is an easy
way to learn how to program everything.
5 Sites for
Anyone Interested in Learning to Make Games