[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ]<\/p>\n
* IT Pros Are Choosing Between Productivity and Security
\n* Data security concerns fuel IT investment decisions
\n* DocPoint Solutions Adds New Capabilities to GSA Schedule 70
\n* Harry Styles photo hack: 7 UK laws which protect you if your private pictures get into wrong hands
\n* RSA highlights need for Red Team Automation simulated cyber attacks
\n* English language used the most for cyber attacks: Report
\n* Lack of Security Automation Exposes Enterprises to Cyber Attacks and Outages
\n* What Does a Typical Fortune 100 CISO Look Like?
\n* DHS preps final RFP for NextGen security operations
\n* Companies still lack adequate data privacy tools
\n* Digital security puts CISO reporting structure in corporate glare
\n* GRC: CISOs must crawl, walk and run, says MetricStream’s Gunjan Sinha
\n* HSCIC\u2019s CareCERT head wants NHS and social care to be prepared for cyber attacks
\n* Google boosts HTTPS, Certificate Transparency to encrypt Web
\n* New Risks Impacting E & O Claims
\n* MITRE offers temporary solution to the CVE assignment problem
\n* One Step Closer to Mandatory Breach Reporting Across Canada: Consultations Open
\n* Experts: Data, devices, employees pose biggest challenges to hospital cybersecurity
\n* CFPB\u2019s First-Ever Data Security Enforcement Action
\n* Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke
\n* curl, 17 years old today<\/p>\n
IT Pros Are Choosing Between Productivity and Security
\nAccording to Barkly\u2019s 2016 Cybersecurity Confidence Report, 41% of respondents said they are dissatisfied with their current solution because it slows down their system.
\nFor those shops, it could mean that colleagues are taking insecure shortcuts to improve efficiency, such as using unauthorized third-party apps or connecting unsanctioned devices to the network.
\nFor others that say their security hasn\u2019t slowed them down, it could indicate a weakened security profile overall.
\nBarkly\u2019s research draws a clear line between front-line IT pros\u2019 and the C-suites\u2019 opinions around security.
\nRespondents indicated that they believe IT teams prioritize security higher than the C-level, with nearly two-in-five respondents stating that IT teams believe it to be an essential priority, compared to only 27% of C-level executives.
\nWhich could lead to productivity being prioritized over security.
\nThe survey also revealed that the biggest issues IT teams have with current solutions are that they require too many updates (36%), are too expensive (33%) and provide no protection against zero-day attacks (33%).
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0c039344f8&e=20056c7556<\/p>\n
Data security concerns fuel IT investment decisions
\nAccording to the results of a recent survey sponsored by IT services provider Datalink and conducted by IDG Research Services, 70 percent of companies now rank data security as their top priority when it comes to investing their IT dollars.
\nIn addition, the survey, which polled more than 100 IT executives and senior level managers from large U.S.-based organizations, also found that 75 percent of companies consider IT security more important today than just two years ago.
\nNearly three-quarters of respondents said they have security projects in the works while just over 20 percent indicated that such projects were in the build or planning stage of development.
\nAlthough the threats posed by cyber intrusions are certainly not a new phenomenon to corporate America, Rader said the likely reason that more organizations consider IT security a bigger critical threat today than they did just two years ago is that many of them probably felt they had cybersecurity under control.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=27c8e16b9a&e=20056c7556<\/p>\n
DocPoint Solutions Adds New Capabilities to GSA Schedule 70
\nDocPoint Solutions, Inc., a provider of implementation, customization, training, and support of SharePoint solutions and its suite of products, has added Concept Searching\u2019s products and services to its General Services Administration (GSA) Schedule 70 contract vehicle.
\nConcept Searching is a provider of semantic metadata generation, auto-classification and taxonomy management software running natively in SharePoint and SharePoint Online.
\nBy blending these technologies with DocPoint\u2019s end-to-end enterprise content management (ECM) offerings, the companies say, government organizations will be able to maximize their SharePoint investment and obtain an integrated solution for sharing, securing, and searching for mission-critical information.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=a68a77d2c4&e=20056c7556<\/p>\n
Harry Styles photo hack: 7 UK laws which protect you if your private pictures get into wrong hands
\nThe Computer Misuse Act 1990
\n1968 Theft Law
\n1997 Protection from Harassment Act
\nThe Public Order Act 1986
\nThe Malicious Communications Act 1988
\nEuropean Convention on Human Rights 1998
\nObscenity laws
\nMen are slightly more likely to be threatened with online exposure than women – according to a 2013 McAfee study. 12% of men had been threatened with it , but only 8% of women.
\nHowever, a survey of the UK’s revenge porn sites suggest that only 20% of the hosted pictures show men.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=dce95afb7d&e=20056c7556<\/p>\n
RSA highlights need for Red Team Automation simulated cyber attacks
\nAt this month\u2019s San Francisco based RSA conference, the largest global conference for cybersecurity, there were several topics which were prominent.
\nRed Team Automation is now being seen as a core part of any organisation\u2019s cyber security strategy.
\nA \u2018Red Team\u2019 traditionally works in a covert manner testing an organisation\u2019s weakest points using the same techniques used by organised cyber criminals.
\nThe automation of this process deploys specialist software designed for continuous testing.
\nWhat is essential is that companies take steps to safeguard those points in their inner and outer perimeters where the cyber criminals are most likely to strike.
\nThis means combining Red Team Automation with software designed to monitor criminal activity on their Dark Web while also keeping a constant check on known weak points such as social networking sites where the company or its staff have a presence.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=788a081a58&e=20056c7556<\/p>\n
English language used the most for cyber attacks: Report
\nNew Delhi: English language was the highest spam sending language in 2015 with 84.1 per cent spammers using it for cyber-attack followed by Chinese (2.6 per cent) and German (1.7 per cent) on second and third spots, a report by Trend Micro Incorporated said.
\nTrend Micro Incorporated released its annual security roundup report that dissected the most significant security incidents from 2015.
\n“The first quarter of 2016 clearly showed we need to also watch out for older threats and how no industry or system should feel exempt.
\nAfter all who would have thought that language is also something to worry about from cyber threats perspective!” the report said.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=0027cdb7fe&e=20056c7556<\/p>\n
Lack of Security Automation Exposes Enterprises to Cyber Attacks and Outages
\nAlgoSec, the market leader for Security Policy Management, today announced the results of its \u201cState of Automation in Security\u201d survey.
\nThe survey revealed that 83% of organisations want the use of automation to manage security processes to greatly increase over the next 3 years.
\nOther key findings from the survey include:
\nLack of automation causes outages and breaches. 20% of organisations experienced a security breach, 48% had an application outage and 42% had a network outage as a result of a misconfiguration caused by a manual security-related process.
\nNot enough automation.
\nOnly 15% of respondents reported that their security processes were highly automated.
\nOver 52% had some automation in place but felt that it was not enough, and 33% said they had little to no automation.
\nMotivations for automation abound, but so are concerns.
\nThe growing number of cyber threats, time spent performing security changes manually, and cloud and SDN projects were the top motivations for automation.
\nHowever, concerns about accuracy, and the resources required to implement automation solutions, as well as difficulty driving organisational changes are inhibiting their proliferation.
\nAutomation serves the business.
\nOver 80% of respondents believe that automation will increase the overall security posture of their organisations. 75% of respondents think it will improve application availability, as well as enable them to process security policy changes faster and reduce errors. 75% also feel that automation will reduce audit preparation time and improve compliance. 50% believe that automation will help deal with the IT skills shortage and reliance on experienced security engineers.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=5106be071b&e=20056c7556<\/p>\n
What Does a Typical Fortune 100 CISO Look Like?
\nNot surprisingly, Digital Guardian found that most CISOs were overwhelmingly male at 89 percent.
\nIn terms of education, 85 percent had at least a Bachelor’s degree, while 40 percent also had a Master’s degree.
\nJust and a few had a PhD or JD, they said.
\nThe top three fields of study for these CISOs were business, information technology\/information security, and computer science.
\nOf the Fortune 100 CISOs they looked at, 80 percent have held their current position for less than five years.
\nWhen it comes to certification, half have a CISSP certification and 22 of them have a CISM certification.
\nFortune 100 security leaders hold an average of 2.86 certifications.
\nDigital Guardian created the infographic below which outlines “the anatomy of a CISO” to sum up their findings in a fun way.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=f6726dcc38&e=20056c7556<\/p>\n
DHS preps final RFP for NextGen security operations
\nThe Next Generation Security Operations Center (NextGen SOC) contract will give the DHS CISO access to cybersecurity support services, with a focus on securing the networks at the Office of the CIO, National Protection and Programs Directorate and Science and Technology Directorate, among others.
\n\u201cThe task orders issued hereunder will be designed to acquire a broad range of services and solutions\u2014under various contract types\u2014to fulfill the department\u2019s mission\u201d as it pertains to cybersecurity, according to the synopsis.
\nThat mission includes a mandate to \u201cprevent, detect, contain and eradicate cyber threats through monitoring, intrusion detection and protective security services to DHS information systems.\u201d
\nThe final contract will have a ceiling of $395 million over seven years, with a base of one year and six additional one-year options.
\nIndividual task orders will range from a minimum of $1,000 to a maximum of $10 million.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=53fdbf345a&e=20056c7556<\/p>\n
Companies still lack adequate data privacy tools
\n93 percent of IT professionals agree that customer data privacy concerns are a critical issue at the C-level.
\nYet, only 9 percent percent believe current privacy and consent methods are adequate.
\nWhen asked about the requirements of new data privacy and consent methods, 96 percent agreed that there is an increasing need for dynamic and flexible privacy tools that are adaptable to future borderless regulatory requirements and consumer expectations.
\nA new ForgeRock study revealed regional differences in opinions towards data privacy between U.S.-based and EMEA-based IT professionals.
\nWhile 84 percent of U.S.
\nIT professionals believe that the U.S. will eventually adopt similar personal data protection regulations to Europe, responding European IT professionals were more skeptical with only 66 percent agreeing that the US would implement data privacy regulations similar to those in European.
\n96 percent of IT professionals believe emerging European regulations for data protection are creating a need for better tools and standards for ensuring personal data protection, privacy and consent
\n84 percent of U.S. respondents (and 87 percent of APJ-based respondents) believe the U.S. will eventually adopt similar personal data protection regulations as Europe
\nOnly 66 percent of EMEA-based respondents believed that the U.S. will eventually adopt similar personal data protection regulations as Europe.
\n\u201cAs our survey illustrates, coping with regulation \u2013 privacy or otherwise \u2013 is no longer just a cost center for organizations.
\nAs connected devices and technologies take on a greater role in public and private life, there are massive business benefits to building in new identity and data privacy solutions that can scale over time,\u201d said ForgeRock\u2019s CEO, Mike Ellis. \u201cOrganizations clinging to legacy identity management technologies \u2013 which are currently inadequate \u2013 will be at a major disadvantage.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6286033009&e=20056c7556<\/p>\n
Digital security puts CISO reporting structure in corporate glare
\nWhat there’s less agreement on, once a security executive is fixed in the corporate firmament, is the optimal CISO reporting structure.
\nShould he or she take orders from an IT chieftain like the CIO.
\nMaybe someone in operations or the legal department.
\nOr should it be straight from the top, the CEO?
\n“This is very much a religious war.
\nIt’s been happening ever since the term CISO came about,” said Alexander, a former CISO and independent consultant.
\nAccording to a recent report by Cloud Security Alliance and Skyhigh Networks, 61% of organizations have a CISO.
\nOf that number, 42% report to the CIO, 32% report to the CEO and 26% report to other executives, including the general counsel and the CFO.
\nMore than just the person in charge of managing information security, a CISO needs to be the face of a company’s information security strategy.
\nHe or she needs to work with top executives to make them aware that cybersecurity threats are business threats — and then make sure that message makes its way down through the ranks, to midlevel managers and the business units under them.
\nNemertes’ Johnson recently interviewed companies about their security practices and found that the organizations with the most mature cybersecurity strategies had a CISO reporting directly to a business executive.
\nThe study, which surveyed 17 organizations, found that the fewer “hops” from the CISO to the business side mapped directly to how prepared an organization was for current and future security challenges.
\nJohnson presented the research in a March 8 webinar.
\nIf a CISO is two or more hops away — “you’re reporting in to somebody who’s reporting in to somebody who’s reporting in to the business” — it’s on the lower end of the maturity scale.
\nAn organization with this twice-removed CISO reporting structure has the basic technology and staff necessary to combat cyberattacks, but it can’t prevent problems from happening in the first place.
\nThe CISO should also have regular communications with the board of directors, Johnson said, giving updates every fiscal quarter to, say, an operating committee that does risk and compliance audits.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8110d697b2&e=20056c7556<\/p>\n
GRC: CISOs must crawl, walk and run, says MetricStream’s Gunjan Sinha
\nMost CISOs are occupied more around \u2018block and tackle\u2019 solutions, vulnerability assessment and basic fixes to avoid blatant security breaches.
\nThe companies up the maturity curve with basics in place are the ones embracing GRC.
\nCompanies more advanced in infrastructure are using GRC to get a 360 degree perspective to know emergence of risks and then proactively and prospectively address and fix them.
\nIn more developed economies and developed companies, GRC is now a must-have globally.
\nIndia is an emerging market as many businesses are still climbing up the maturity curve.
\nAnd as they are at right stage and correct time to embrace GRC technology, we are making sure to be at the forefront as a technology enabler.
\nThe adoption of GRC in India is very encouraging for us.
\nGRC is all-encompassing and it feels complex, it feels big.
\nAnd it is big.
\nA decade ago, we realized one could not approach this problem as a monolithic beast as it would be as futile as trying to boil the ocean.
\nChannel partners need to have certain expertise and domain specialization.
\nIf they have expertise in law and regulation in the country and you understand the domain and have built a practice around it, it is a natural partnership for us.
\nWe don\u2019t look at the size as the determinant.
\nMy recommendation for companies is to map out a journey through a modular and phased approach.
\nI am a big proponent of crawl, walk and run.
\nCISOs have to understand their company\u2019s GRC maturity level today.
\nJust like CMM quality model, think about GRC maturity model today and three or five years from now.
\nDon\u2019t try to boil the ocean with many different things simultaneously, as it will lead to disappointment or cost issues or system failures.
\nGRC today stands at an interesting crossroad.
\nEvery company in 1990s wanted to deploy ERP with SAP.
\nIn early 2000, sales rode the wave of CRM.There is an absolute demand surging around the world for GRC.
\nEvery company I talk to, in US, Spain, Australia and India, is seriously exploring GRC.
\nThis will create massive demand. 2016 will be exciting and we will continue to accelerate our momentum.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=e4f3ccf75b&e=20056c7556<\/p>\n
HSCIC\u2019s CareCERT head wants NHS and social care to be prepared for cyber attacks
\nThe Health and Social Care Information Centre (HSCIC) wants the health and care sector to be ahead of the game in cyber security.
\nIt aims to help front-line staff tackle potential breaches, and make its CareCERT programme the \u201ctrusted brand\u201d for cyber security in the NHS and social care.
\nThe centre first launched its care computing emergency response team (CareCERT) last autumn, with the full go-live in January 2016.
\nThe programme aims to enhance cyber resilience across health and social care by providing incident broadcasts, training and resources to health and care providers.
\nCareCERT was set up under the Cabinet Office\u2019s national cyber security programme, and although still fairly new, it is already making an impact.
\nIts main function is to consume threat intelligence information and guidance from a range of sources, triage the information, work out if there is a threat and the likelihood of impact on the organisation facing the threat, says Taylor.
\nHSCIC will not manage incidents that happen ad hoc within the system, because cyber security needs to have local ownership and accountability.
\nIf you take the accountability away from people, they may not take the right steps, says Taylor, but adds that CareCERT is there to support them.
\nShould there be an incident affecting multiple organisations, CareCERT has an escalation path, together with its partners and the Department of Health.
\nThe HSCIC is working with Health Education England to develop content for the portal, which will go live next month.
\nHSCIC has also run a course aiming to create cyber security champions to take responsibility locally.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=713a250df9&e=20056c7556<\/p>\n
Google boosts HTTPS, Certificate Transparency to encrypt Web
\nGoogle continued its push this week to securely encrypt all Web traffic, going all-out for HTTPS and transparency, as it announced the expansion of its Transparency Report project, along with the release of new tools and resources.
\nNew sections to the report include a page where Google HTTPS efforts can be tracked, as well as a Certificate Transparency log viewer.
\nGoogle also now reports on HTTPS use by leading websites, listing the top sites running modern HTTPS by default and that support modern HTTPS — not by default — with a list of other top sites that have not yet updated to HTTPS.
\nThe Certificate Transparency log viewer offers users a way to look up all of the digital certificates in public Certificate Transparency logs that have been issued for a given hostname, including expired certificates and certificates for subdomains of a hostname.
\nCertificate Transparency provides a way for certificate authorities to publicly declare certificates they have generated legitimately.
\nUsing the logs, it is possible to determine whether an attacker has been issued a certificate for a domain not under the attacker’s control, as well as to determine when a CA has been subverted.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=b436005add&e=20056c7556<\/p>\n
New Risks Impacting E & O Claims
\nCyber risk is just one of the factors impacting errors and omissions claims, according to panelists at the American Bar Association\u2019s annual Tort Trial & Insurance Practice Section\u2019s Insurance Coverage Litigation Committee.
\nBecause of a convergence of new risks facing professionals today, including technology and media liability, explained James Rhyner, vice president, global specialty E & O product manager, Chubb & Son in Warren N.J., insurers are taking a broader risk view.
\nNew modular policies start off with base of E & O coverage and include other coverages tailored to a particular professional\u2019s business.
\nIt\u2019s an educational process about what the risks truly are, Rhyner said.
\nProfessional service providers that sustain a cyber loss need to be cognizant of what their E&O policy covers.
\nFor example, he explained that first party expenses aren\u2019t covered under E & O or commercial general liability policies.
\nThere is limited cyber coverage under an E&O policy, said Kristine Tejano Rickard, who has experience working in claims and underwriting and is currently general counsel for Indiana-based Fuzion Analytics, Inc.
\nProfessionals should be asking questions as to what extent cyber is covered because the coverage they have might not be suited to their business.
\nBecause cyber is a newer exposure, professionals still need to get their arms around it and stay on top of the business risk, said Rhyner.
\nIn addition, he explained that it isn\u2019t when you\u2019ll be attacked by cyber, but how prepared you are and what steps you plan to take to mitigate it.
\nHe said he\u2019s often met with professionals who have no incident response plan in place.
\nAnother area of increasing risk are social engineering fraud claims, said Rickard.
\nAn example is when an escrow agent holds funds on a home sale, waiting for final confirmation that the transaction closed, he or she then receives an email with wiring instructions, which looks legitimate but isn\u2019t, asking that funds be transferred to a separate account.
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=d739231ae5&e=20056c7556<\/p>\n
MITRE offers temporary solution to the CVE assignment problem
\nMITRE\u2019s short-term solution to the problem of slow CVE assignment is to set up an experimental system for issuing federated CVE IDs using a new format.
\n\u201c(\u2026) the researcher and discloser communities have identified a need for rapid, early assignments of CVE IDs to enable early-stage vulnerability coordination and mitigation.
\nThe immediacy of this use case means that the requirement for traditional references and descriptions is, at times, less important than the rapid issuance of unique identifiers,\u201d says the press release that will accompany the launch of the pilot program scheduled for Monday, March 21, 2016.
\n\u201cThe new format will not have any impact on either direct or downstream uses of the current-format CVEs.
\nMITRE also recognizes that it is critical for the community and stakeholders to be able to easily differentiate between traditional CVE entries and those IDs that have been assigned for the rapid-response use case,\u201d it is noted.
\nTo that effect, \u201cthe federated ID syntax will be CVE-CCCIII-YYYY-NNNN\u2026N, where \u2018CCC\u2019 encodes the issuing authority\u2019s country and \u2018III\u2019 encodes the issuing authority.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=ec91e8722c&e=20056c7556<\/p>\n
One Step Closer to Mandatory Breach Reporting Across Canada: Consultations Open
\nOn March 4, 2016, Innovation, Science and Economic Development Canada (Ministry) published a consultation document soliciting input from stakeholders on the development of regulations that will support mandatory data breach reporting requirements under the Personal Information Protection and Electronic Documents Act (PIPEDA).
\nParties interested in participating in this consultation must provide comments in writing by May 31, 2016.
\nOnce these amendments come into force, organizations that experience a \u201cbreach of security safeguards\u201d will be required to:
\n\u200bDetermine if the breach poses a \u201creal risk of significant harm\u201d to any individual whose personal information was involved in the breach
\nNotify individuals as soon as feasible of any breach that poses a \u201creal risk of significant harm\u201d
\nReport any data breach that poses a \u201creal risk of significant harm\u201d to the Privacy Commissioner, as soon as feasible
\nWhere appropriate, notify any third party that the organization experiencing the breach believes is in a position to mitigate the risk of harm
\nMaintain a record of the data breach and make these records available to the Privacy Commissioner upon request
\nThe consultation document asks stakeholders to consider whether the regulations should set out specific circumstances in which a third party organization would always be required to be notified of a data breach.
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=1ccd359fda&e=20056c7556<\/p>\n
Experts: Data, devices, employees pose biggest challenges to hospital cybersecurity
\nSimply keeping track of your data, how it enters your system and subsequently moves through it can be a huge challenge.
\nIt can create vulnerabilities if it’s a challenge that isn’t adequately met, said Suzanne Widup, senior analyst of healthcare cybersecurity for Verizon.
\n“Take a data-centric approach to your security.
\nLook at all the places where data is acquired, how it’s processed and how it moves through the organization and in each step make sure that it is protected.
\nIf you don’t know where your data is, it’s going to be difficult to have any level of confidence that you’re actually putting security measures in place to protect it.”
\nJohnson, Anderson and Widup all stress one thing: education and employee training.
\nRight now, there isn’t enough of it going on in the workplace, and bad habits still abound, they said.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=8fe8309b9d&e=20056c7556<\/p>\n
CFPB\u2019s First-Ever Data Security Enforcement Action
\nEarlier this month, the Consumer Financial Protection Bureau (CFPB) made headlines by bringing its first enforcement action in the data security space.
\nDwolla, Inc., an Iowa-based online payment processor, was the CFPB\u2019s target.
\nAccording to CFPB Director Richard Cordray, \u201cWith data breaches becoming commonplace and more consumers using these online payment systems, the risk to consumers is growing.
\nIt is crucial that companies put systems in place to protect this information and accurately inform consumers about their data security practices.\u201d
\nn order to set up an account and move money online, Dwolla customers provide Dwolla with sensitive personal information, including address, telephone number, social security number, and bank account and routing information.
\nAccording to the consent order, Dwolla made a variety of misrepresentations about the manner in which it secured such information.
\nFor instance, Dwolla falsely claimed that it encrypts all personal information and it also misrepresented that its data security procedures exceed industry standards.
\nThis enforcement action makes it clear that the CFPB is closely monitoring data security practices of companies that offer financial products and services.
\nIt should also serve as a warning to any business that handles consumers\u2019 personal and\/or financial account information.
\nThe following are some key takeaways:
\nLink: http:\/\/paulgdavis.us3.list-manage1.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=bde389c6b1&e=20056c7556<\/p>\n
Biometrics not a magic infosec bullet for web banking, warns GCHQ bloke
\nSpeaking at a Westminster Business Forum on Biometrics, the CESG’s Head of Identity in Government, Dr Chris Allgrove, claimed that society had reached \u201cthe tipping point\u201d at which financial and other services have started backing the introduction of biometrics for authentication, according to Allgrove, due to the mass misuse of alternative authentication methods.
\nIn the work conducted by GCHQ’s information assurance arm, Allgrove noted that \u201cpeople basically use passwords that are not terribly helpful, people don\u2019t use them well, people don\u2019t follow rules \u2013 or the rules are so horribly complicated that there\u2019s no point following them.\u201d
\nHe added that \u201cthere\u2019s also huge amounts of innovation going on, and both pushing forward existing technology and developing new modalities, implementing novel ideas on these platforms.
\nAnd this is all underpinned by developments of the architectures, the processes, both in terms of power and how fast they operate, and also how secure they can operate, and how reliably we can expect them to do particular tasks and look after our sensitive data.\u201d
\nAccording to Allgrove, different manufacturers may implement different security paradigms for uploading apps or accessing information, \u201cbut they are all vulnerable.\u201d
\nLink: http:\/\/paulgdavis.us3.list-manage.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=6206d3e1b7&e=20056c7556<\/p>\n
curl, 17 years old today
\nToday we celebrate the fact that it is exactly 17 years since the first public release of curl.
\nI have always been the lead developer and maintainer of the project.
\nThere\u2019s no glory and there\u2019s no eternal bright light shining down on me.
\nI have not climbed up onto a level where I have a special status.
\nI\u2019m still the same old me, hacking away on code for the project I like and that I want to be as good as possible.
\nObviously I love working on curl so much I\u2019ve been doing it for over seventeen years already and I don\u2019t plan on stopping.
\nLink: http:\/\/paulgdavis.us3.list-manage2.com\/track\/click?u=45bf3caf699abf9904ddc00e3&id=4be1c8dccb&e=20056c7556<\/p>\n
============================================================
\nFeedback, questions? Our mailing address is: dailynews@paulgdavis.com (mailto:dailynews@paulgdavis.com)<\/p>\n
If you know someone else who would be interested in this Newsalert, please forwarded this email.
\nIf you want to be added to the distribution list, please click this: Subscribe to this list (http:\/\/paulgdavis.us3.list-manage2.com\/subscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a)<\/p>\n
Unsubscribe from this list (http:\/\/paulgdavis.us3.list-manage.com\/unsubscribe?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556&c=d3d225f41e)<\/p>\n
Update subscription preferences (http:\/\/paulgdavis.us3.list-manage.com\/profile?u=45bf3caf699abf9904ddc00e3&id=e09452545a&e=20056c7556)<\/p>\n","protected":false},"excerpt":{"rendered":"
[From the desk of Paul Davis – his opinions and no-one else’s, apart from the reporter’s opinions ] * IT Pros Are Choosing Between Productivity and Security * Data security concerns fuel IT investment decisions * DocPoint Solutions Adds New Capabilities to GSA Schedule 70 * Harry Styles photo hack:…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29],"tags":[],"class_list":["post-1209","post","type-post","status-publish","format-standard","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1209","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=1209"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1209\/revisions"}],"predecessor-version":[{"id":3696,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/1209\/revisions\/3696"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=1209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=1209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=1209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}