Manage
so you can do what you are required to do. Harder than it sounds.
I’ve recently commented a few times on delays to
notification in the healthcare sector. Out-Law.com has a piece on
data breach response times in the U.K. that provides some useful
comparisons.
Businesses in the UK took an average of 21 days to report personal data breaches they had identified to the Information Commissioner’s Office (ICO) during the year up to 31 March 2018, according to information disclosed by the watchdog.
[…]
According to Redscan, there were 181 data breaches reported to the ICO by organisations across the general business, financial and legal sectors over the 12 month period. Across those cases, the average time taken to identify a breach was 60 days and it took businesses 21 days on average to then report those breaches to the ICO.
Of course, that was before GDPR went into effect,
and GDPR requires
notification with 72 hours. According to the Information
Commissioner’s Office:
“If, within the 72 hour time limit, a UK organisation has no clue as to the who, the what, the how of a breach, then it is clear that they do not have the required accountability in place – which is a requirement of the law. That’s why mandatory breach reporting is one of the most significant upgrades in the new law. It drives companies to invest in better data security and better data governance,” she said.
Imagine if we had that requirement here….
Read more on Out-Law.com.
(Related) A management success.
Clinic hit
by ransomware recovers in hours thanks to solid incident response
plan
Maffi Clinics, a chain of plastic surgery clinics
in the United States, is notifying patients about a ransomware
incident that briefly affected its systems. Unlike most cases
involving ransomware, though, this one didn’t leave a scar,
illustrating the power of strong security protocols.
… Within about five hours, the incident was
contained and all data was restored. In other words, the clinic
denied the attackers the ransom and escaped unscathed. The clinic
nonetheless emailed all patients whose information was subjected to
the attack out of an abundance of caution. Under the Health
Insurance Portability and Accountability Act (HIPAA), Maffi fulfilled
its legal obligation to acknowledge the breach, and notified the US
Department of Health and Human Services (HHS).
Who would you like to win this election and by how
much? The really interesting part is: What do they do now?
Researchers
Find Critical Backdoor in Swiss Online Voting System
An international group of researchers who have
been examining the source code for an internet voting system
Switzerland plans to roll out this year have found a critical flaw in
the code that would allow someone to alter votes without detection.
The cryptographic backdoor exists in a part of the
system that is supposed to verify that all of the ballots and votes
counted in an election are the same ones that voters cast. But the
flaw could allow someone to swap out all of the legitimate ballots
and replace them with fraudulent ones, all without detection.
… The researchers provided their findings last
week to Swiss Post, the country’s national postal service, which
developed the system with the Barcelona-based company Scytl. Swiss
Post said in a statement the researchers provided Motherboard and
that the Swiss Post plans to publish online on Tuesday, that the
researchers were correct in their findings and that it had asked
Scytl to fix the issue. It also downplayed the vulnerability,
however, saying that to exploit it, an attacker would need control
over Swiss Post’s secured IT infrastructure “as well as help from
several insiders with specialist knowledge of Swiss Post or the
cantons.”
But this ignores the fact that Swiss Post and
other insiders themselves could pull off the attack.
“Their response hides that they are the primary
threat actor for this scenario
Markets for my Computer Security students.
Getting
Educated on Cyber Security in an Education Environment
Cybersecurity
is one of the fastest growing industries in the world. We
already know that businesses, organizations, and government entities
must follow guidelines in order to protect sensitive information, but
the education sector is one of the most important assets to protect,
yet it is an extremely underserved market. Year after year,
universities and school systems are plastered all over the media
because of a multi-million-dollar lawsuit that they are facing due to
a breach in security. It is past time to draw attention to an
ongoing and very serious problem facing the US education system: our
schools are ill-equipped to face the mounting threats posed by
hackers.
How does this fit into the enhanced Privacy of the
GDPR?
Joe Cadillic writes:
A recent European Union (EU) announcement about national ID’s will destroy millions of people’s privacy and create a near global biometric database.
An article in State Watch News revealed that the EU has agreed to create a MANDATORY national biometric ID card.
“Measures being negotiated as part of the EU’s ‘Security Union’ are moving ahead swiftly, with the Council and Parliament reaching provisional agreements on new rules for immigration liaison officers, the EU’s Visa Code and the introduction of mandatory biometric national identity cards; and the Council agreeing its negotiating position on the new Frontex Regulation.”
Earlier this week the Nepal government announced their plans to roll-out a national biometric ID card that will affect 30 million people.
Read more on MassPrivateI.
(Related) Probably…
From Papers, Please!
In December 2018, the White House announced that President Trump had sent Congress a classified “National Strategy to Combat Terrorist Travel”.
Two months later, in February 2019, the White House released both this “National Strategy to Combat Terrorist Travel” (supposedly as signed in December 2018, and with no indication that it had ever been classified) and a companion “National Strategy for Aviation Security” (also unclassified and dated December 2018).
Together, these two documents give an overview of both the extent and the manner in which the US government intends — and believes that it has the authority — to surveil all travelvers, monitor and log all movement of persons in the US and worldwide, and exercise administrative prior restraint over all such travel based on extrajudicial “pre-crime” predictions.
Nowhere in either of these vision statements is there any mention of the First Amendment, the right of the people peaceably to assemble, the right to travel, or international human rights treaties.
Read more on Papers,
Please!
Is one answer better than several?
How voice
computing will transform the way we live, work and think
Will the Siri model for
voice computing replace search engines in the near future? Talk
to Me: How Voice Computing Will Transform the Way We Live, Work, and
Think, a new book by James
Vlahos is excerpted in Wired
– Amazon Alexa and the
search for the one perfect answer
“…the rise of voice computing platforms such
as Amazon
Alexa and Google
Assistant, the world’s biggest tech companies are suddenly,
precipitously moving in Tunstall-Pedoe’s direction. Voice-enabled
smart speakers have become some of the industry’s best-selling
products; in 2018 alone, according to a report by NPR and Edison
Research, their prevalence in American households grew
by 78 percent. According to one market survey, people
ask their smart speakers to answer questions more often than they do
anything else with them. Tunstall-Pedoe’s vision of
computers responding to our queries in a single pass—providing
one-shot answers, as they are known in the search community—has
gone mainstream. The internet and the multibillion-dollar business
ecosystems it supports are changing irrevocably. So, too, is the
creation, distribution, and control of information—the very nature
of how we know what we know…”
Not a bad little backgrounder.
A way for students to share? One server per
major? One per class? It’s FREE.
How an App
for Gamers Went Mainstream
… Discord is a real-time chat platform that
was founded
four years ago as a way to make it easier for gamers to communicate.
But over the past year, it has outgrown its origin story and become
the default place where influencers, YouTubers, Instagram meme
accounts, and anyone with an audience can connect with their
community.
After signing up for Discord, users join different
servers. Each server functions as its own community, and it’s very
easy to toggle between them. Once you’re within a server, you can
hop between a long list of hashtag-marked channels on the left-hand
side of the screen. Some channels are text-based, and some are group
voice chats. Visually, Discord looks very similar to Slack.
Discord is also highly customizable. Not only can
servers have public and private channels, but administrators can also
designate an endless series of roles to each user, all of which can
come with custom privileges, colors, and name tags. Most server
administrators designate roles to help moderate their communities.
In addition to the group chats, Discord allows for global private
messaging. You can add friends from any server to have a one-on-one
conversation, without having to click into each server itself. It’s
like having an AIM buddy list at the top of the app.
… To join a server, users need a custom invite
link, which allows admins and moderators to ensure that their chats
aren’t overrun by spammers or outsiders looking to troll.
No comments:
Post a Comment