Wednesday, December 12, 2018

Is this all that Congress has learned?
House Releases Cybersecurity Strategies Report
The U.S. House of Representatives’ Committee on Energy and Commerce has released a report identifying strategies for the prevention and mitigation of cybersecurity incidents.
Designed to summarize the work of the Subcommittee on Oversight and Investigations, the report (PDF) includes conclusions drawn from tens of briefings, hearings, letters, reports, and roundtables.




For my Computer Security students.
Organizations Still Slow to Detect Breaches: CrowdStrike
Organizations are getting better at detecting intrusions on their own, but it still takes them a long time to do it, according to a new report published on Tuesday by endpoint security firm CrowdStrike.
the average attack dwell time – or the time it takes to detect an attack – was 85 days, comparable to the 86 days reported by the company in its 2017 report.
Clearly, there is considerable room for improvement. Boards of directors, executive management, and the public at large are all rightly concerned that organizations take days, weeks or even months to detect attacks,” CrowdStrike said in its latest report.


(Related)
Cybersecurity of the Person
Kosseff, Jeff, Cybersecurity of the Person (October 31, 2018). First Amendment Law Review, 2019. Available at SSRN: https://ssrn.com/abstract=3276218
“U.S. cybersecurity law is largely an outgrowth of the early-aughts concerns over identity theft and financial fraud. Cybersecurity laws focus on protecting identifiers such as driver’s licenses and social security numbers, and financial data such as credit card numbers. Federal and state laws require companies to protect this data and notify individuals when it is breached, and impose civil and criminal liability on hackers who steal or damage this data. In this paper, I argue that our current cybersecurity laws are too narrowly focused on financial harms. While such concerns remain valid, they are only one part of the cybersecurity challenge that our nation faces. Too often overlooked by the cybersecurity profession are the harms to individuals, such as revenge pornography and online harassment. Our legal system typically addresses these harms through retrospective criminal prosecution and civil litigation, both of which face significant limits. Accounting for such harms in our conception of cybersecurity will help to better align our laws with these threats and reduce the likelihood of the harms occurring.”




If you place cookies, you need to understand this.
How Big Companies Should Behave Under Europe’s New Cookie Regulations
… Under the GDPR, implied consent is not enough and instead customers must actively affirm that they agree to the use of cookies. That means that companies can no longer claim that using its website constitutes consumer consent. Rather, websites must provide accurate information – in plain language – specifying exactly what a company’s cookie policy is. The GDPR also grants users the right to retract their consent and every 12 months corporations must obtain renewed consent from customers to keep using cookies for the same purposes.




It’s not important that they don’t know. What is important is, they don’t bother to find out!
At the Google hearing, Congress proves they still have no idea how the internet works
Google CEO Sundar Pichai’s long-awaited Congressional hearing took place on Tuesday.
Pichai testified before Congress on Google+ data breaches, the controversial Chinese-censorship friendly search product, and perceived anti-conservative bias. But, there was one more pressing concern that took center stage to those watching the hearing: Several members of Congress, at least on the House Judiciary Committee, have no idea what they’re talking about when it comes to technology.
… Rep. Lamar Smith claimed as fact that 96 percent of Google search results come from liberal sources. Besides being proven false with a simple search of your own, Google’s search algorithm bases search rankings on attributes such as backlinks and domain authority. Partisanship of the news outlet does not come into play. Smith asserted that he believe the results are being manipulated, regardless of being told otherwise.
… When Iowa Rep. Steve King demanded to know why a nasty image of the Congressman would appear on his granddaughter’s phone while she was playing a game, Pichai had to point out that Google doesn’t make the iPhone. King’s response? It could have been an Android!




For my student researchers. (Remember, the page is not the article.)
How to Find Out When a Webpage Was Published
maketecheasier: “When you’re doing research on a topic, it’s vital to ensure your sources are up to date. If you’re writing an academic paper, dates of publication are often required in the citations. The majority of the time, getting the date is easy: simply look on the site and find the “published on” date to find out how recent it was. Things get a little more complicated when there is no date listed on the webpage. When this happens, how do you know when the page was published?…”


No comments: