All suggestions are welcome. Apparently, we are not ready for law or regulation.
Australian government releases voluntary IoT cybersecurity code of practice
The Australian government has released a voluntary code of practice for securing the Internet of Things (IoT) in Australia.
The voluntary Code of Practice: Securing the Internet of Things for Consumers [PDF] is intended to provide industry with a best-practice guide on how to design IoT devices with cybersecurity features.
Suggestions for the Computer Security Budget request.
https://www.bespacific.com/2020-cost-of-a-data-breach-report/
2020 Cost of a Data Breach Report
Via Bluefin: “IBM and the Ponemon Institute’s long-awaited 2020 Cost of a Data Breach Report has finally arrived — and with it comes critical insight into the current landscape of cyber security. For the fifteenth consecutive year, IBM and the Ponemon Institute have partnered to analyze the latest breaches at over 500 organizations to uncover trends in cyberattacks and provide insight on data security practices…”
A short security backgrounder…
We Didn't Encrypt Your Password, We Hashed It. Here's What That Means:
… the difference between encryption and hashing is fundamental to how at-risk your password is from being recovered and abused after a data breach. I often hear people excusing the mischaracterisation of password storage on the basis of users not understanding what hashing means, but what I'm actually hearing is that breached organisations just aren't able to explain it in a way people understand. So here it is in a single sentence:
A password hash is a representation of your password that can't be reversed, but the original password may still be determined if someone hashes it again and gets the same result.
P@ssw0rd
here's what the hash of that password looks like:
161ebd7d45089b3446ee4e0d86dbcf92
This hash was created with the MD5 hashing algorithm and is 32 characters long. A shorter password hashed with MD5 is still 32 characters long. This entire blog post hashed with Md5 is still 32 characters long. This helps demonstrate the fundamental difference between hashing and encryption: a hash is a representation of data whilst encryption is protected data.
Management either failed to have a procedure or failed to ensure it was being followed.
American Payroll Association Forgets to Patch Web Portal, Hackers Skim Credit Cards and Passwords Off Site
… Embarrassingly, the APA seems to admit its technicians failed to deploy the necessary patches at the right time, leading to hackers exploiting known vulnerabilities in its systems.
Another world I can never enter because I don’t own a smartphone?
The Pandemic Is No Excuse to Surveil Students
Trying to do so is all but useless.
In Michigan, a small liberal-arts college is requiring students to install an app called Aura, which tracks their location in real time, before they come to campus. Oakland University, also in Michigan, announced a mandatory wearable that would track symptoms, but, facing a student-led petition, then said it would be optional. The University of Missouri, too, has an app that tracks when students enter and exit classrooms. This practice is spreading: In an attempt to open during the pandemic, many universities and colleges around the country are forcing students to download location-tracking apps, sometimes as a condition of enrollment. Many of these apps function via Bluetooth sensors or Wi-Fi networks. When students enter a classroom, their phone informs a sensor that’s been installed in the room, or the app checks the Wi-Fi networks nearby to determine the phone’s location.
Years ago I worked with two start-ups that conducted hardware and software inventories. This is not as simple as it sounds!
HIPAA Covered Entities and Business Associates Need an IT Asset Inventory List, OCR Recommends
Joseph J. Lazzarotti and Maya Atrakchi of JacksonLewis write:
Last week, in its Cybersecurity Summer Newsletter, the Office of Civil Rights (OCR) published best practices for creating an IT asset inventory list to assist healthcare providers and business associates in understanding where electronic protected health information (ePHI) is located within their organization, and improve HIPAA Security Rule compliance. OCR investigations often find that organizations “lack sufficient understanding” of where all of their ePHI is located, and while the creation of an IT asset inventory list is not required under the HIPAA Security Rule, it could be helpful in the development of a risk analysis, and in turn and implementing appropriate safeguards – which are HIPAA Security Rule requirements.
Read more on Workplace Privacy, Data Management & Security Report
Pouring gasoline on an already fiery debate?
https://www.infosecurity-magazine.com/news/dhs-biometric-collection-rules/?&web_view=true
Homeland Security to Propose Biometric Collection Rules
The Department of Homeland Security (DHS) is to propose a standard definition of biometrics for authorized collection, which would establish a defined regulatory purpose for biometrics and create clear rules for using the information collected.
A proposed expansion would modernize biometrics collection and authorize expanded use of biometrics beyond background checks to include identity verification, secure document production and records management.
(Related)
https://fpf.org/2020/09/03/californias-sb-980-would-codify-strong-protections-for-genetic-data/
California’s SB 980 Would Codify Strong Protections for Genetic Data
This week, SB 980 (the “Genetic Information Privacy Act”) passed the California State Assembly and State Senate, with near unanimous support (54-10 and 39-0). If signed by the Governor before the Sept. 30 deadline, the law would become the first comprehensive genetic privacy law in the United States, establishing significant new protections for consumers of genetic services.
If China produces a provably unbiased AI judge, would we be willing to outsource?
https://www.jdsupra.com/legalnews/law-and-justice-powered-by-artificial-86782/
Law and Justice Powered by Artificial Intelligence? It's Already a Reality
Change happens faster than we predict. It is also happening more frequently. Consider, China is launching an online AI arbitrator this year. The United Nations wants to improve access to justice through AI judges and has been actively working on this for four years. A handful of firms have built digital assistants to help legal team comply with case rules to reduce time and expenses that are actually not billable.
Now factor in COVID-19. While it has been a pox on our lives, it has also been a great accelerator for innovation. With physical courtrooms closed, it accelerated the adoption virtual courtrooms. Law firms that never though(sic) a remote workforce would be effective are now wondering why they need huge offices when people seem to be working more effectively from home. Both the courts and firms are also turning more to AI-powered solutions to improve operational collaboration and efficiencies as well as to establish deeper engagement with petitioners and clients.
More a summation…
https://hbr.org/2020/09/what-does-building-a-fair-ai-really-entail
What Does Building a Fair AI Really Entail?
Artificial intelligence (AI) is rapidly becoming integral to how organizations are run. This should not be a surprise; when analyzing sales calls and market trends, for example, the judgments of computational algorithms can be considered superior to those of humans. As a result, AI techniques are increasingly used to make decisions. Organizations are employing algorithms to allocate valuable resources, design work schedules, analyze employee performance, and even decide whether employees can stay on the job.
This creates a new set of problems even as it solves old ones. As algorithmic decision-making’s role in calculating the distribution of limited resources increases, and as humans become more dependent on and vulnerable to the decisions of AI, anxieties about fairness are rising. How unbiased can an automated decision-making process with humans as the recipients really be?
Twilight or dawn?
https://venturebeat.com/2020/09/03/were-entering-the-ai-twilight-zone-between-narrow-and-general-ai/
We’re entering the AI twilight zone between narrow and general AI
… there are experts who believe the industry is at a turning point, shifting from narrow AI to AGI. Certainly, too, there are those who claim we are already seeing an early example of an AGI system in the recently announced GPT-3 natural language processing (NLP) neural network. While NLP systems are normally trained on a large corpus of text (this is the supervised learning approach that requires each piece of data to be labeled), advances toward AGI will require improved unsupervised learning, where AI gets exposed to lots of unlabeled data and must figure out everything else itself. This is what GPT-3 does; it can learn from any text.
(Related)
The fourth generation of AI is here, and it’s called ‘Artificial Intuition’
Artificial Intelligence (AI) is one of the most powerful technologies ever developed, but it’s not nearly as new as you might think. In fact, it’s undergone several evolutions since its inception in the 1950s. The first generation of AI was ‘descriptive analytics,’ which answers the question, “What happened?” The second, ‘diagnostic analytics,’ addresses, “Why did it happen?” The third and current generation is ‘predictive analytics,’ which answers the question, “Based on what has already happened, what could happen in the future?”
While predictive analytics can be very helpful and save time for data scientists, it is still fully dependent on historic data. Data scientists are therefore left helpless when faced with new, unknown scenarios. In order to have true “artificial intelligence,” we need machines that can “think” on their own, especially when faced with an unfamiliar situation. We need AI that can not just analyze the data it is shown, but express a “gut feeling” when something doesn’t add up. In short, we need AI that can mimic human intuition. Thankfully, we have it.
No comments:
Post a Comment