Tag Archives for " report "

A third of Brits plan to exercise right to be forgotten

After the General Data Protection Regulation compliance deadline, a third of Britons polled say they plan to exercise their right to be forgotten, but few fully understand the GDPR and how it will affect them.

A survey has found that Britons are concerned about their privacy and data protection, and many would like to exercise the rights granted by the EU’s General Data Protection Regulation (GDPR).

Source: A third of Brits plan to exercise right to be forgotten

NIST publishes report on metadata schema for attributes

This NIST Internal Report contains a metadata schema for attributes that may be asserted about an individual during an online transaction. The schema can be used by relying parties to enrich access control policies, as well as during runtime evaluation of an individual’s ability to access protected resources, and for an individual’s.

Attribute metadata could also create the possibility for data sharing permissions and limitations on individual data elements. There are other possible applications of attribute metadata, such as evaluation and execution of business logic in decision support systems; however the metadata contained herein is focused on supporting an organization’s risk-informed authorization policies and evaluation.

Source: NISTIR 8112, Attribute Metadata–Evaluating Federated Attributes | CSRC

Web Hosting Services Could Leave Small Businesses at Risk of Phishing

The Federal Trade Commission today released a staff report that examines 11 web-hosting services that market themselves to small businesses and finds that many do not provide by default certain email authentication and anti-phishing technologies, potentially leaving many small firms at risk of facilitating phishing scams.

Source: FTC Report Finds Some Small Business Web Hosting Services Could Leave Small Businesses at Risk of Facilitating Phishing Scams | Federal Trade Commission

Lawsuits threaten infosec research — just when we need it most

Security researchers and reporters have something in common: both hold the powerful accountable. But doing so has painted a target on their backs — and looming threats of legal action and lawsuits have many concerned.

Source: Lawsuits threaten infosec research — just when we need it most | ZDNet

The Argument Against a Mobile Device Backdoor for Government

The ‘responsible encryption’ demanded by law enforcement and some politicians will not prevent criminals ‘going dark’; will weaken cyber security for innocent Americans; and will have a hit on the U.S. economy. At the same time, there are existing legal methods for law enforcement to gain access to devices without requiring new legislation.

These are the conclusions of Riana Pfefferkorn, cryptography fellow at the Center for Internet and Society at the Stanford Law School in a paper published Tuesday titled, The Risks of “Responsible Encryption”.

Source: The Argument Against a Mobile Device Backdoor for Government | SecurityWeek.Com

NIST Issues Draft Report: Status of International Cybersecurity Standardizations for the Internet of Things

The Interagency International Cybersecurity Standardization Working Group (IICS WG) was established in December 2015 by the National Security Council’s Cyber Interagency Policy Committee. The purpose of the IICS WG is to coordinate on major issues in international cybersecurity standardization and thereby enhance U.S. federal agency participation in international cybersecurity standardization.

Source: NIST Issues Draft Report: Status of International Cybersecurity Standardizations for the Internet of Things

ENISA publishes reports on PPPs and ISACs

A common objective of every European national cyber security strategy is collaboration to enhance cyber security across all levels, from threat information sharing to awareness raising. Collaboration is often achieved through two formal structures: Information Sharing and Analysis Centres (ISACs) and Public Private Partnerships (PPPs).

ENISA collected information on best practices and common approaches that resulted in two studies, namely Cooperative Models for Public Private Partnership and Information Sharing and Analysis Centres.

Source: Cybersecurity built on trust – ENISA supports Member States in establishing PPPs and ISACs — ENISA

Stanford quantifies the privacy-stripping power of metadata

More proof, if proof were needed, of the privacy-stripping power of metadata. A multi-year crowdsourced study, conducted by Stanford scientists and published this week, underlines how much information can be inferred from basic phone logs cross-referenced with other public datasets.

The research paper, entitled Evaluating the privacy properties of telephone metadata, details how the scientists investigated what they describe as the “factual assumptions that undergird policies of differential treatment for content and metadata”, underlining how easily they were able to generate detailed intelligence from metadata.

Source: Stanford quantifies the privacy-stripping power of metadata | TechCrunch

Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties

Independent Oversight, Privacy Protections Are Needed San Francisco, California—Face recognition—fast becoming law enforcement’s surveillance tool of choice—is being implemented with little oversight or privacy protections, leading to faulty systems that will disproportionately impact people of color and may implicate innocent people for crimes they didn’t commit, says an Electronic Frontier Foundation (EFF) report released today.

Source: Law Enforcement Use of Face Recognition Systems Threatens Civil Liberties, Disproportionately Affects People of Color: EFF Report

1 2 3 9
>