Right to audit your cloud provider
Data Privacy Concerns
Digital Forensics
Penetration Testing
http://www.networkworld.com/community/node/61877
Author: admini
Symantec to Move Security to Phone, Smart Devices
Dave Cole, senior director of consumer products at Symantec, noted that the familiar Norton security products on the PC are directly related to Symantec’s enterprise-level products – the new initiative has no such connection. “We saw all the new stuff popping up, funky new devices just using the Internet as a utility, digital picture frames, Blu-ray devices that you hope will get updates online, and so on,” said Cole. “We have to make a big statement, enter the market quickly, and adjust quickly.”
The company will refresh this product and “make it more fabulous,” releasing a beta in June.
Also that month, Symantec will release a beta version of Norton for Android with features like scanning for bogus apps, remote wipe and lock, and caller blocking.
Site blocking at the DNS level means Norton can block malicious sites for any device – it also potentially extends the parental control offered in OnlineFamily.Norton to connected devices like game consoles.
The third element of the Norton Everywhere initiative is smart device security.
Mocana’s existing platform works with 35 operating systems and 70 different CPUs.
http://www.pcmag.com/article2/0,2817,2364208,00.asp
Secure POS Vendor Alliance Releases End-to-End Encryption Security Requirements
Prepared by the association’s End-to-End Encryption Technical Working Group, the newly released SPVA guideline allows companies to engage different solutions and select products that can be trusted and are secure. The SPVA defines end-to-end as: the transmission of cardholder data in an encrypted form, from its point of presentment, such that it prevents the data from being known in plain text until the point of decryption.
Against this backdrop, our goal is to use existing published standards and provide an auditable set of requirements that creates a secure payment environment.” Its aim is to develop an end-to-end security framework and to enhance security elements of payment solutions which protect cardholder information and defend merchants and acquirers against security breaches, while helping reducing fraud and lowering risk for all electronic payment stakeholders.
http://www.reuters.com/article/idUS125798+27-May-2010+MW20100527
Cloud, Mobile Computing and Social Media Hailed as New Drivers of Business Transformation at CIO Exe
That was one of the critical messages delivered to more than 120 Chicago-area CIOs and IT executives at the CIO Executive Leadership Roundtable held May 21 at the Metropolitan Club at Willis Tower in Chicago.
“This round-table was a clear call to action,” said Hunter Muller, President and CEO, HMG Strategy. “We’re truly at the cusp of a new era in which the newest technology drives innovation and innovation drives business value.”
http://www.bradenton.com/2010/05/27/2319240/cloud-mobile-computing-and-social.html
Email encryption must be prioritised
The decision to abandon email encryption projects in most cases was probably taken many years ago when those overheads became apparent. Since then, not only have the regulatory and legislative landscapes changed considerably (DPA, FSA, SOX et al), but so has the technology.
http://www.cio.co.uk/opinion/ferguson/2010/05/27/email-encryption-must-be-prioritised/
C-29: The Anti-Privacy Privacy Bill
In fact, with no penalties for failure to notify security breaches, the provisions may do more harm than good since Canadians will expect to receive notifications in the event of a breach, but companies may err on the side of not notifying (given the very high threshold discussed below) safe in the knowledge that there are no financial penalties for failing to do so.
The bill changes the definition of business contact information (which is not treated as personal information) by expressly including business email addresses. This overturns a successful complaint I filed years ago against the (now defunct) Ottawa Renegades over their use of my email address. The change further confirms that PIPEDA cannot be used in spam cases, but C-28 should provide far more effective tools.
The bill establishes a new prospective business transaction exception that permits use and disclosure of personal information in various business transactions. The provision creates some limits on the use of the information, but is designed to address concerns from the business community that PIPEDA could create barriers to mergers and acquisitions as well as other transactions.
The bill creates a new work product exception for the collection, use, and disclosure for information produced by an individual in the course of the employment.
The bill purports to clarify “lawful authority” (ie. disclosure to lawful authority without a court order) but as David Fraser notes it really doesn’t clarify much of anything.
Rather, it encourages disclosures without court oversight by confirming that businesses are not required to verify the validity of the lawful authority. The organization makes its own determination of whether there is a real risk having regard to the sensitivity of the information and the probability that the personal information has been, is being, or will be misused.
By comparison, the California law requires disclosure of any breach of unencrypted personal information that is reasonably believed to have been acquired by an unauthorized person.
In other words, the only threshold is whether an unauthorized person acquired the information, not whether there is real risk of significant harm (other states merely require harm, not significant harm).
Security breach disclosure was widely recognized as a major hole in the Canadian law framework, yet this proposal is a major disappointment that falls far short of striking the right balance between protecting Canadians, encouraging appropriate safeguards of personal information, and guarding against overwhelming Canadians with too many notices.
http://www.michaelgeist.ca/content/view/5059/125/