This draft policy (below) is based on the President’s Cyberspace Policy Review (bottom). I have embedded both your your convenience.
Well what do you think?
What can government do to ensure that users have control of their own information, which might live on indefinitely on the Web? Would regulation work? Or should government stay out of this arena?
via Should Government Take On Facebook? – Room for Debate Blog – NYTimes.com.
Look, I understand the IT person’s position: “I was hired to protect the network. If I fail, I lose my job. Convenience and productivity are really secondary.”
Maybe companies need to hire a PT person as well (Productivity Technology), somebody who’s a counterweight to the IT person. Somebody whose job it is to argue: “Oh, come on. Is this really necessary?”
via Online, How Much Security Is Too Much? – Pogue’s Posts Blog – NYTimes.com.
I could so be that “PT” person, in fact, I often am without knowing it. So many security “professionals” often declare unsafe or unsecure what they simply do not have the capacity, nor intent to understand, all while hiding behind the umbrella of “security”.
Its quite amusing sometimes, and I wish that there were more people in IT who would provide that check and balance to the security guy, but sadly, often times no one can “man up” to prevent intrusive anti-productive security measures from being implemented.
Im gonna be a rebel one day!
A rogue Internet service provider that hosted and participated in the distribution of spam, malware, and porn has finally been shut down as a result of a request made by the FTC to a district court judge. The ISP, 3FN, has had its servers and assets seized and has been ordered to turn over $1.08 million of its proceeds to the FTC.The FTC first charged 3FN in June 2009 with a number of… really bad things. These included active recruiting of and working with criminals to distribute content such as spyware, trojan horses, phishing schemes, and pornography—including child porn.
The FTC says 3FN advertised its services to like-minded people in the “darkest corners” of the Internet, like chat rooms for spammers.3FN was accused of deploying and operating botnets and bot herders to send spam and execute denial-of-service attacks. It hosted the command-and-control servers that were responsible for the communication of information between the bot herders it recruited and the zombie computers used to mount attacks.
Under the bill, it becomes illegal “to cause any caller ID service to transmit misleading or inaccurate caller ID information, with the intent to defraud and deceive.” The bill maintains an exemption for blocking ones own outgoing caller ID information, and law enforcement isnt affected.
How can you tell the difference between a real report about online vulnerabilities and someone who is trying to scare you about the security of the internet because they have an agenda, such as landing lucrative, secret contracts from the government?
Here’s a simple test: Count the number of times they use the adjective “cyber.” Nobody uses the word “cyber” anymore, except people trying to scare you and trying to make the internet seem scary or foreign. (Think, for instance, of the term “cyberbullying,” which is somehow much more crazy and new and in need of legislation than “online bullying.”)
…
Amit Yoran, a respected security expert who runs a company that sells computer security services to the government, wrote a long post on a Forbes blog this week to defend the concept of “cyberwar,” in no small part because this blog ranted about how that term is used to hype militarization of the internet and feed a new and very dangerous arms race.
…
Yoran and Forbes also fail to mention that his company, NetWitness, markets computer security equipment to the government and has a vested interest in the outcome of this debate.
…
That kind of rhetoric doesn’t launch sensationalist — and often demonstrably false — scare stories in opinion-making outlets like 60 Minutes, The New York Times, The Wall Street Journal, The Washington Post and the National Journal.
No, when that kind of fear-mongering is needed to loosen the purse strings for computer security, only one word will do.
Cyber.
And it’s even better when repeated ad nauseum in front of Congress and at the country’s top security conferences by former and current government officials, even if those people couldn’t even enable MAC address filtering on their own wireless routers.
via Check the Hype — There’s No Such Thing As ‘Cyber’ | Threat Level | Wired.com.
Internet filtering: 2009 in review | Berkman Center.
From the OpenNet Initiative blog:
The OpenNet Initiative is proud to release its 2009 Year in Review, a look into instances of filtering, surveillance, and information warfare around the world in 2009.
The events of 2009 demonstrated a global rise in third-generation Internet controls. Within the first two weeks of January 2009, both Pakistan and Thailand had ordered the filtering of several Web sites, and Germany announced plans to filter certain types of pornography, garnering outrage from free speech activists. By mid-year, the events surrounding the elections in Iran had taken center stage, prompting Iranian authorities to crack down on Internet use and sparking outrage throughout the world, which then rippled through social media.
The OpenNet Initiative estimates that at the end of 2009, 32% of all Internet users were accessing a filtered version of the Internet.
WASHINGTON–The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.
FBI Director Robert Mueller supports storing Internet users' “origin and destination information,” a bureau attorney said at a federal task force meeting on Thursday.
FBI director Robert Mueller
As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.
via FBI wants records kept of Web sites visited | Politics and Law – CNET News.
“Sensitive information is stolen daily from both government and private sector networks, undermining confidence in our information systems, and in the very information these systems were intended to convey,” said Blair in prepared remarks outlining the U.S. intelligence communitys annual assessment of threats.
via InformationWeek.com.
Deciding that you need an Information Systems (IS) security function within your business is easy. Deciding where to put it and how to manage it isn’t nearly as straightforward. Security, IT, and even Engineering all bring value to the table, but they also bring their own unique priorities, biases, and politics. Let’s examine the variables, review some options, and offer some suggestions for where to put IS Security in your org chart.