Accurate, Focused Research on Law, Technology and Knowledge Discovery With Daily Postings Since 2002
“New Ponemon Institute Report Finds Most Employees Have Too Much Access, Multiplying Damage When Accounts Are Compromised: August 2016” Closing Security Gaps to Protect Corporate Data: A Study of US and European Organizations – “…IT respondents say insider negligence is more than twice as likely to cause the compromise of insider accounts as any other …
White House – OMB: [July 26, 2016] “the Office of Management and Budget (OMB) …releas[ed] an update to the Federal Government’s governing document for the management of Federal information resources: Circular A-130, Managing Information as a Strategic Resource. The way we manage information technology (IT), security, data governance, and privacy has rapidly evolved since A-130 …
PCWorld: “The hacker who claims to have breached the Democratic National Committee’s computers is now taking credit for hacking confidential files from a related campaign group. Guccifer 2.0 alleged on Friday that he also attacked the servers of the Democractic Congressional Campaign Committee (DCCC). He posted some of the purported files on his blog, and …
“NIST has recently expanded the flexibility and enhanced the security of Personal Identity Verification (PIV) credentials by updating the following guidelines: • Special Publication (SP) 800-156, Representation of PIV Chain-of-Trust for Import and Export, provides details regarding the use of chain -of -trust for import and export among PIV Card issuers. • SP 800-166, Derived …
Commonalities in Vehicle Vulnerabilities, Corey Thuen, Senior Security Consultant, IOActive: “With the Connected Car becoming commonplace in the market, vehicle cybersecurity grows more important by the year. At the forefront of this growing area of security research, IOActive has amassed real-world vulnerability data illustrating the general issues and potential solutions to the cybersecurity issues facing …
Inspection of Federal Computer Security at the U.S. Department of the Interior, August 9, 2016: “In accordance with Section 406 of the Cybersecurity Act of 2015, we inspected DOI’s policies, procedures, and practices for securing its computer networks and systems for all covered systems related to logical access control policies and practices, use of multifactor …
EFF Surveillance Self Defense – “When an attacker sends an email or link that looks innocent, but is actually malicious, it’s called phishing. Phishing attacks are a common way that users get infected with malware—programs that hide on your computer and can be used to remotely control it, steal information, or spy on you. In …
Dan Goodin, arstechnica, August 3, 2016: “The HTTPS cryptographic scheme protecting millions of websites is vulnerable to a newly revived attack that exposes encrypted e-mail addresses, social security numbers, and other sensitive data even when attackers don’t have the ability to monitor a targeted end user’s Internet connection. The exploit is notable because it doesn’t …
FACE Recognition Technology: FBI Should Better Ensure Privacy and Accuracy [Reissued on August 3, 2016] GAO-16-267: Published: May 16, 2016. Publicly Released: Jun 15, 2016. “The Department of Justice’s (DOJ) Federal Bureau of Investigation (FBI) operates the Next Generation Identification-Interstate Photo System (NGI-IPS)— a face recognition service that allows law enforcement agencies to search a …
“Today we added YouTube to Google’s HTTPS transparency report. We’re proud to announce that in the last two years, we steadily rolled out encryption using HTTPS to 97 percent of YouTube’s traffic.
Warner, Richard and Sloan, Robert H., Defending Our Data: The Need for Information We Do Not Have (July 29, 2016). Available for download at SSRN: http://ssrn.com/abstract=2816010 “Data breaches occur at the rate of over two a day. The aggregate social cost is high. Security experts have long explained how to defend better. So why does …
PRESIDENTIAL POLICY DIRECTIVE/PPD-41 SUBJECT: United States Cyber Incident Coordination, July 26, 2016 “The advent of networked technology has spurred innovation, cultivated knowledge, encouraged free expression, and increased the Nation’s economic prosperity. However, the same infrastructure that enables these benefits is vulnerable to malicious activity, malfunction, human error, and acts of nature, placing the Nation and …
