Friday, March 27, 2020


Interesting reading as background for my Security students. I would imagine North Korea is much harder to categorize.
https://www.zdnet.com/article/booz-allen-analyzed-200-russian-hacking-operations-to-better-understand-their-tactics/
Booz Allen analyzed 200+ Russian hacking operations to better understand their tactics
Russia uses its GRU military hackers following predictable patterns based on a public military doctrine.
Booz Allen Hamilton, the largest private contractor for the US intelligence community, has published a comprehensive report this week detailing 15 years (2004 to 2019) of cyber operations carried out by Russia's military hackers.
The report is a rarity in the cyber-security community because it focuses on the bigger picture of how Russia's military uses its hacking units to support its foreign policy all over the globe.
In a chunky 80-page report, Booz Allen analysts classified and arranged all the 200+ past GRU cyber-attacks into one of these 23 categories, showing how each cyber-attack was Russia's natural defensive mechanism of responding to the changing political environment around it.
The end conclusion of this report is that GRU offensive cyber operations can be predicted.






Perspective.
https://atlasvpn.com/blog/your-ssn-costs-less-than-a-starbucks-coffee-on-the-dark-web/
Your SSN costs less than a Starbucks coffee on the dark web
Flashpoint intelligence findings show that the services sold on the dark web can be divided into four main categories: stolen PII (personally identifiable information), stolen financial information, forged documents, and hacker services.
PII packages cost as little as $4. These packages usually include the victim’s full name, Social Security number, driver’s license number, passport number, and email address.






Now might be a good time to start planing.
https://www.cpomagazine.com/data-protection/study-shows-that-one-third-of-financial-services-companies-lack-clear-plans-to-address-privacy-risks/
Study Shows That One-Third of Financial Services Companies Lack Clear Plans to Address Privacy Risks
The report released from a survey carried out by Accenture shows a third of financial services companies lack clear plans or resources to address customer data privacy risks within the next 12 months.
The study “Privacy in Financial Services: Stature and Sustainability in the Information Age” involved 100 privacy risk executives in the banking, insurance, and capital markets in North America and Europe. The study focused on how financial services firms should store, protect, and use personal data in the face of the European Union’s General Data Protection Regulations (GDPR) and the California Consumer Privacy Act (CCPA).






How much is too much? More importantly, how much is too little?
https://www.cpomagazine.com/data-privacy/patient-privacy-vs-public-health-concerns-a-covid-19-case-study/
Patient Privacy vs Public Health Concerns: A COVID-19 Case Study
In response to the growing outbreak, the South Korean Ministry of Health and Welfare began making personal information about coronavirus patients public as early as Feb 18 in a move which sparked concerned around patient privacy.
While they refrained from publishing the names of the patients and other personally implicatable information (such as addresses and contact details) directly, South Korean public health officials did however provide explicit location details about the patients’ movements.
According to a report by the BBC, published on 5 March, one such mobile notification read:
A 43-year-old man, resident of Nowon district, tested positive for coronavirus. He was at his work in Mapo district attending a sexual harassment class. He contracted the virus from the instructor of the class.”






Worth considering… (Architecture)
https://www.cpomagazine.com/data-privacy/data-privacy-and-scalable-solutions-for-consent/
Data Privacy and Scalable Solutions for Consent
Companies must strive for transparency with their customers and establish trust through a consent system framework.
Best practices for creating a positive consent experience
Businesses can use compliance as an opportunity to make data privacy and consent a positive experience for consumers. A few things to consider:
    1. Talk to your legal department about how your business should request consent.
    2. Know your data workflow: Do you know what kind of data you are collecting? Is it all necessary? Who are your partners? Be selective in what data you capture.
    3. Research consent management tools. Tools such as Intelligent Consent Manager TM help capture and manage consent even downstream regardless of platform (web or connected device), maintaining a user’s consent preferences as they move around, rather than pestering them with interruptive notices. With the regulatory climate subject to change, it’s the job of measurement providers such as Kochava to stay abreast of regulatory changes.
    4. Work with only trusted partners; and ensure they are compliant and have no questionable practices.
    5. Establish trust through your consent process. Make your policies clear and use compliance as an opportunity to educate your consumers and build trust.






Difficult to control (and detect?)
https://www.bespacific.com/the-law-and-economics-of-online-republication/
The Law and Economics of Online Republication
Perry, Ronen, The Law and Economics of Online Republication (March 10, 2020). Iowa Law Review, Forthcoming. Available at SSRN: https://ssrn.com/abstract=3552301
Jerry publishes unlawful content about Newman on Facebook, Elaine shares Jerry’s post, the share automatically turns into a tweet because her Facebook and Twitter accounts are linked, and George immediately retweets it. Should Elaine and George be liable for these republications? The question is neither theoretical nor idiosyncratic. On occasion, it reaches the headlines, as when Jennifer Lawrence’s representatives announced she would sue every person involved in the dissemination, through various online platforms, of her illegally obtained nude pictures. Yet this is only the tip of the iceberg. Numerous potentially offensive items are reposted daily, their exposure expands in widening circles, and they sometimes “go viral.”
This Article is the first to provide a law and economics analysis of the question of liability for online republication. Its main thesis is that liability for republication generates a specter of multiple defendants which might dilute the originator’s liability and undermine its deterrent effect. The Article concludes that, subject to several exceptions and methodological caveats, only the originator should be liable. This seems to be the American rule, as enunciated in Batzel v. Smith and Barrett v. Rosenthal. It stands in stark contrast to the prevalent rules in other Western jurisdictions and has been challenged by scholars on various grounds since its very inception..”






Perspective. War and pandemics are economic events.
https://fivethirtyeight.com/features/what-should-the-government-spend-to-save-a-life/
What Should The Government Spend To Save A Life?
Economists might not be able to say how much an individual person’s existence is worth, but they have figured out a way to calculate how much how much the average person is willing to pay to reduce the risk of death — which allows them to put a price tag on the collective value of saving one life. That figure, which currently hovers somewhere around $9 or $10 million, is known as the “value of statistical life,” and it’s the basis for all kinds of high-stakes decisions that involve tradeoffs between public safety and economic cost — from food and automobile regulations to our responses to climate change.
As cold-blooded as it might seem, several economists told me that, at least in theory, a pandemic is exactly the kind of situation this metric is designed to help with. “Essentially, we’re trying to figure out what our society is willing to pay to reduce the risk of mortality,” said W. Kip Viscusi, an economist at Vanderbilt University and one of the leading experts on these calculations. “In that sense, a pandemic isn’t so different from a terrorist attack or a pollutant that’s threatening to kill large numbers of people — it’s just happening very quickly and on a very large scale.”






Worth reviewing, even if you don’t need it right now.
https://www.makeuseof.com/tag/remote-work-resources-to-work-from-home-productively/
5 Remote Work Resources to Work From Home Productively
The Coronavirus threat has led to a surge in the number of people working from their homes. It’s not a normal environment for many, but hey, remote working isn’t a new concept. People have been doing it for a long time, and you can draw upon their experience and advice.
In fact, even if you have been a non-office worker for some time, you can still gain a lot from the new tools and tips cropping up in the wake of this outbreak.




No comments: