web analytics

Flash mobs – the next online threat

Dec 08

compliance and privacy

Current News Updates Sorry, I could not read the content fromt this page.

View the original article here

<!–0dc9b70ebfca438e8388a92eea175fe8–>

Read More

Transatlantic Events – Data Privacy Conference

Dec 08

EXCLUSIVE READERS OFFER:

Now ONLY £200 per day!

Dear Readers of Compliance and Privacy,
It’s our pleasure to announce and invite you as a VIP Delegate to:
The 5th Annual Privacy & Data Protection UK 2008
3rd & 4th of September 2008
at The Law Society, 113 Chancery Lane, London, United Kingdom The event is broken up into two separate days & two separate events:

“Data Protection: Global Compliance Management” 3rd of September 2008

“Data Protection: CRM, Privacy 2.0 & Social Networking ” 4th of September 2008

This is a major Privacy & Data Protection event with more than 20 internationally renowned speakers. If there is one Privacy & Data Protection event to attend this year, this is it!

The full conference agenda for The 5th Annual Privacy & Data Protection UK 2008 is available at:
TRANSATLANTIC-EVENTS.COM Please note: All VIP Delegates who attend are entitled to a special VIP discount: VIP Delegates are able to attend this event for only £250.00 (either day) or £450.00 for both days. This invite is open to you and/or any colleague(s) you would like to recommend to this event. The VIP Delegate Registration portal is:
http://www.transatlantic-events.com/PDP2008UKCPVIP.html

VIP Delegate places are limited, and sold on a “first come, first served” basis. So be sure to reserve your place(s) ASAP before they are all allocated.

WHO SHOULD ATTEND?
You will have the opportunity to meet players in the industry and discuss the latest issues with:
Chief Executives, Chief Operating Officers, Managing Directors, Heads of Human Resources, Information Security and Risk Management Specialists/Consultants, Strategy Directors, Commercial Directors, Communications Directors, Sales and Marketing Directors, Heads of e- Commerce, Information Assurance Specialists/Consultants, Heads of Business Development, Heads of Compliance, Regulatory and Legal Affairs, Consultants and Advisors, Heads of IT & Database Management, Privacy Officers and … anyone concerned with Privacy & Data Protection.

The 2008 Expert Speaker Faculty
Chairman (Day One):
Alastair Gorrie, Partner, Orrick, Herrington & Sutcliffe, UK
Co-Chairman (Day One):
James Leaton Gray, Head of Information Policy & Compliance, BBC UK
Chairman (Day Two) :
Francis Aldhouse, Consultant, Bird & Bird, UK
Co-Chairman (Day Two):
Nigel Roberts, Director and CTO, Island Networks, UK Internationally Renowned Speaker Faculty:
Bridget Treacy, Partner, Hunton & Williams LLP, UK
Monika Kuschewsky, Senior Associate, Van Bael & Bellis, Brussels
Rosemary Jay, Partner, Pinsent Masons LLP, UK
Mark E. Schreiber, Partner, Edwards Angell Palmer & Dodge LLP, USA
Robert Bond, Partner, Speechly Bircham LLP, UK
Renzo Marchini, Dechert LLP, UK
Vinod Bange, Associate, Eversheds LLP, UK
Anne Coles, Senior Partner, AMC Law, UK
Philip Nolan, Partner, Mason Hayes + Curran, Ireland
Lynda K. Marshall, Partner, Hogan & Hartson LLP, USA
Karen A. Morris, Chief Innovation Officer, AIG, USA
Tim Beadle, Director, Marketing Improvement, UK
Peter G. Wray, Chairman & Founder loyaltymatters.com and cm4p.com
Gareth Wong, Founder of CXO Europe, GamBond, and Gambit, UK
Dr. Mark Watts, Partner, Bristows, UK
Nicola McKilligan, The European Privacy Partnership, UK
Andy Thomas, Director, Garlik, UK
Edna Kusitor, Global Data Privacy Compliance Coordinator, Accenture, UK
Graham Sadd, Chairman & CEO, PAOGA Limited, UK
Winston Maxwell, Partner, Hogan & Hartson MNP, France
Tim Trent, Consultant, Marketing Improvement, Managing Editor ComplianceAndPrivacy.Com

UK Delegate places are limited, so reserve your delegate place TODAY!!! For more information, visit:
Transatlantic Events, Event Organisers:
Transatlantic Events
Production Office
Epsom, Surrey, United Kingdom
email: info@transatlantic-events.com
phone: +44 (0) 208 658 6568 

Compliance and Privacy has direct access to the entire iDefense series of online events for our members. The archive requires you to be a member, so it checks to see if you are before it lets you stream the events to your desktop.

Take me to the iDefense Online Event Archive.

Proactive intelligence is critical to effective risk management. Check out our free Web seminar series on global Internet security trends and emerging cyberthreats presented by VeriSign iDefense Security Intelligence experts. Register for this free series by choosing your preferred event from the schedule and note the that times are US Eastern Time.

Webcast Schedule:

7 November 2007, 2PM ET: IPv6 – Risks & Ramifications of a Potential Disruptor
While the various modifications and improvements to IPv4 have served the Internet well, these stop gaps can only go so far. Fortunately, IPv6 is finally maturing and provides some much needed functionality that will undoubtedly facilitate growth and innovation. Now that more products include IPv6 functionality, the technology is slowly becoming a reality. While this is a slow process, it will be moved along with the US Government’s mandate that organizations implement IPv6 by 2008; the mandate even includes organizations that do not have external factors forcing an upgrade.

While delaying deployment may lead to missed opportunities, completely disregarding the technology can have serious security ramifications. Most networks are partially IPv6-capable whether or not network managers are aware of it, and IPv4 networks left unprepared are vulnerable to attackers. So, for those considering upgrading to IPv6, there are a number of issues to consider before taking the plunge. Organizations must remember that platform upgrades of this scale will cause disruptions. In addition, an upgrade could cause confusion, resulting in security holes that attackers will certainly try to exploit. These are just some of the issues network managers and implementation specialists must consider, which makes it imperative they have a solid understanding of this new protocol. From a strategic standpoint, IPv6 facilitates a paradigm shift toward increasingly distributed, end-to-end communications, changing the threat landscape and requiring similarly distributed security. This report provides an overview of IPv6 and discusses the risks associated with its implementation.

Regular Monthly Webcast Series: Emerging Threats

Privacy Laws and Business Events may be found here

View the original article here

Read More

Data Vendor Sends SPAM about The Dangers of Prospecting Databases

Dec 08

Today (4 September, 2008) ComplianceAndPrivacy.Com received an email that appears to be from Harris Infosource, a D&B Company. Not a lot wrong with that, you may say. The email is a cold unsolicited email, or SPAM, What makes this amusing is that the SPAM has this subject line:

Why Using Cheap Prospect Lists Can Cost You Big!

Harris Inforsource, it seems, are the purveyors of fine prospect lists.

Harris addressed their SPAM to Milton Bennett at our domain. If Milton existed, if Milton had ever existed, if we had ever created, used, publicised an address for Milton, who is not now and never has been a member of our staff, then this would have been something we could pass off as “just one of those things”. But we have never heard of Milton Bennett. He is a figment of Harris Infosource’s database. We wonder if they are selling him as a part of their very fine data.

But this is SPAM with a cloned email address.

Look, here’s a screenshot of the email:

Harris Infosource - the offending SPAM email

The purists will note that this is a composite of two screenshots. It couldn’t be captured as just the one. And there is the email address, plain as a pikestaff.

Seems like the “rigorous, patented DUNSRight™” process fouled up rather well there, then!

Oh the irony! We do hope they use their own systems!

We’re cynical here at C&P, so we did some small digging. After all, Harris Infosource might have been the target of some wicked person who was trying to discredit them. But it appears not. The “from” address is harrisinfo-mail.com, not harrisinfo.com, so we did a Whois check. Harrisifno-mail is owned by Smartsource, who are an eMarketing company. That is not a surprise. Any sensible corporation outsources its email to avoid its own domain becoming known as a source for SPAM.

We checked. Our Peter Andrews forwarded the email to Harris Infosource as an attachment, to ensure that they coudl inspect all the email headers. He sent it to abuse@harrisinfo.com and also to customerservice@harrisinfo.com asking:

Is the enclosed email from your company?

We like to check before we run a story, after all.

He received the following answer from a sales guy. Hmm, not exactly ‘customer service’, then:

Good Afternoon Peter,

Yes the email is from our company.

Thanks,

(we have edited out personal information)
Harris InfoSource (A D&B Company)
(role edited out)

Tel. 800-888-5900 (Extension edited out)
Fax (Fax edited out in case it identifies the writer)
email edited out | www.harrisinfo.com

So, it comes from Harris, it is genuine, not a cloned email in order to wreck their reputation.

Peter confesses to having been a little naughty. He has sent them the following reply:

You are 100% sure about that?

If so, how did you get the data?  Milton’s email address doesn’t appear anywhere.  I’m his manager and he’s an intern here.

Remember that Milton does not exist, never has existed. But Peter is interested in the source of the data. Harris Infosource are, after all, a D&B company, and appear to understand the damage that bad prospect data can do to an organisation. Harris Infosource’s website says that they are purveyors of data.

The reply wil be interesting. We’ll bring it to you when it happens.

There has been nothing from the “abuse” address. One might think such an address woudl be monitored, but it appears not to be.

We’re fair minded. Harris Infosource is welcome to make a full reply to this article. We’ll publish it verbatim, thiough we reserve the right to take trade puffery out. They can email the fictitious Milton with it if they like. We get to see all badly addressed mail. “Milton” will now be maintained as a SPAM Trap, now, though. All mail to Milton gets forwarded to the SPAM vigilante groups.

View the original article here

Read More

Trust is not about SSL. It's about domains

Dec 08

to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations data protection registerBreaking Global News
Global Compliance and Privacy News
– Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID News
How the New EU Rules on Data Export Affect Companies in and Outside the EU – Thomas Helbing
Farmers’ Data Leak Highlights Old Technology Use – Wick Hill
Saving Money with SFTP – Wick Hill
UK Information Commissioner targets firm selling vetting data – Eversheds e80
12 Key Steps to Internet Security – Wick Hill
Telephone Monitoring Legality in the UK – Dechert
Firewall or UTM – Wick Hill
UK Information Commissioner demands mobile device encryption – Eversheds e80
Data loss – liability, reputation and mitigation of risk – Eversheds e80
Phorm, Webwise and OIX – BCS Security Forum
The challenges of PCI DSS compliance – Thales, Russell Fewing
“Quality” Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 – Wick Hill
Unified Threat Management – Watchguard Technologies
Trust is not about SSL, It’s about Domains – ComplianceAndPrivacy Survey
Centralised UTM – a Wick Hill White Paper
Mobile & Remote Working – Is it secure? Wick Hill

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]Industry Blogs
Tim Berners Lee’s Blog
Tim Callan’s SSL Blog
Davis Wright Tremaine’s Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum’s Blog
Phillip Hallam-Baker’s Blog – The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King’s Security and Risk Management Blog
David Lacey’s IT Security Blog
Metasploit Official Blog
Jeff Pettorino’s Security Convergence Blog
Jeff Richards’s Demand Insights Blog
David Rowe’s Risk ManagementBlog
Bruce Schneier’s Security Blog
Larry Seltzer’s Security Weblog
Mike Spinney’s Private Communications Blog
Richard Steinnon’s Threat Chaos Blog
The TechWeb Blog
Tim Trent’s Marketing by Permission Blog
Rebecca Wong ‘s DP Thinker Blog Newsletters
23 February Newsletter
Newsletter Archives are located in “News” Industry Update
Internet Security Intelligence Briefing – November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/SpywareReports
Phorm, Webwise and OIX
– BCS Security Forum
‘The Any Era has Arrived, and Everyione has Noticed‘ – Stratton Sclavos – VeriSign
Identity Security – Time to Share
Malicious code threats – iDefense
Public Alerts – updated as they happen from Stopbadware.org
Public Alerts – updated as they happen from Websense
Public
Advisories
– updated as they happen, from iDefense
Phoraging – Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60 Security Reviews
February 2007 – VeriSign Security Review
The security review archive is here Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service – description of the service
Life of a Threat – Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance – Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library Legal Notices
Privacy Policy
Terms of use
basel 2 sarbanes oxleylegislation

compliance and privacy

Current News Updates

At ComplianceAndPrivacy we’ve been running a study on domains to trust. We don’t mean “trustmydomain.com”, we mean the thing most people call the ‘domain suffix’ but is really the ‘Top Level Domain’; the little thing that you choose when buying “myfabulousdomain”.

Do you choose .com, or do you think, incorrectly “That is for the USA”? Do you choose .biz? Is .org for you? What about .info?

So we asked, on a pretty normal website, this question: “Some domains seem to feel more trustworthy than others. This survey is about the .com .biz .info .org and other domain suffixes and which put you most at ease. OK, there are iffy nations, but we are lumping all national style ones under one entry. Tick all that say to you ‘Trust this domain'”

We expected nothing significant. After all it was a website for Joe Q Public, but this is what we got:

Domain Suffixes and Trust

The conclusions are pretty easy to draw, but we were surprised by the 77% of .org until we realised that the site we mounted the survey in is a .org, so that has skewed that bar unreasonmably highly. We suspect it shoudl be about level with .net in reality.

We did a little research:

.biz is the home of spam and scam, it appears. .info is badly understood. .eu is pretty pointless – a mere affectation..mobi: why? Just why? .name says that you want your name in lights.

So, if you want to be trusted, got for mainstream national coverage like .com, .co.uk, .de. Go for .net and .org if relevant to you, and avoid the others like the plague. No-one cares about them. Well, except not to trust them, that is!

This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.

View the original article here

Read More

National Gateway Security Survey 2008 Shows Interesting Changes in Threat Landscape

Dec 07

to help enterprise security across Europe
The resource centre for busy senior executives seeking the latest insights into IT Compliance & Privacy issues for major organizations data protection registerBreaking Global News
Global Compliance and Privacy News
– Breaking News, updated every 30 minutes
•   Compliance, Privacy and Security
•  Money Laundering
•  Phishing
•  Regulatory Issues
•  SOX, Basel 2, MiFID News
How the New EU Rules on Data Export Affect Companies in and Outside the EU – Thomas Helbing
Farmers’ Data Leak Highlights Old Technology Use – Wick Hill
Saving Money with SFTP – Wick Hill
UK Information Commissioner targets firm selling vetting data – Eversheds e80
12 Key Steps to Internet Security – Wick Hill
Telephone Monitoring Legality in the UK – Dechert
Firewall or UTM – Wick Hill
UK Information Commissioner demands mobile device encryption – Eversheds e80
Data loss – liability, reputation and mitigation of risk – Eversheds e80
Phorm, Webwise and OIX – BCS Security Forum
The challenges of PCI DSS compliance – Thales, Russell Fewing
“Quality” Data Vendor Spams us! Editor astounded!
National Gateway Security Survey 2008 – Wick Hill
Unified Threat Management – Watchguard Technologies
Trust is not about SSL, It’s about Domains – ComplianceAndPrivacy Survey
Centralised UTM – a Wick Hill White Paper
Mobile & Remote Working – Is it secure? Wick Hill

news archives
:
0 | 1 | 2 | 3 | 4 | 5 |
6 | 7 | 8 | 9 | 10 | 11 |
12 | 13
[What is this?]Industry Blogs
Tim Berners Lee’s Blog
Tim Callan’s SSL Blog
Davis Wright Tremaine’s Privacy & Security Law Blog
Emergent Chaos Blog
Michael Farnum’s Blog
Phillip Hallam-Baker’s Blog – The dotFuture Manifesto: Internet Crime, Web Services, Philosophy
Stuart King’s Security and Risk Management Blog
David Lacey’s IT Security Blog
Metasploit Official Blog
Jeff Pettorino’s Security Convergence Blog
Jeff Richards’s Demand Insights Blog
David Rowe’s Risk ManagementBlog
Bruce Schneier’s Security Blog
Larry Seltzer’s Security Weblog
Mike Spinney’s Private Communications Blog
Richard Steinnon’s Threat Chaos Blog
The TechWeb Blog
Tim Trent’s Marketing by Permission Blog
Rebecca Wong ‘s DP Thinker Blog Newsletters
23 February Newsletter
Newsletter Archives are located in “News” Industry Update
Internet Security Intelligence Briefing – November 2005
Find out the latest trends in e-commerce, web usage & the latest threats from adware/SpywareReports
Phorm, Webwise and OIX
– BCS Security Forum
‘The Any Era has Arrived, and Everyione has Noticed‘ – Stratton Sclavos – VeriSign
Identity Security – Time to Share
Malicious code threats – iDefense
Public Alerts – updated as they happen from Stopbadware.org
Public Alerts – updated as they happen from Websense
Public A
dvisories
– updated as they happen, from iDefense
Phoraging – Privacy invasion through the Semantic web: a special report by Mike Davies of VeriSign Legislation
Privacy Laws & Business International E-news, Issue 57
Privacy Laws & Business UNited Kingdom E-news, Issue 60 Security Reviews
February 2007 – VeriSign Security Review
The security review archive is here Case Studies
Finance Industry
Case Study Example

A case study on a Finance industry company.White Papers
VeriSign® Intelligent Infrastructure for the 21st Century
VeriSign® Intelligent Infrastructure for Security
VeriSign® Intelligent Infrastructure: An Overview
Identity Protection Fraud Detection Service – description of the service
Life of a Threat – Video on Threat Management Lifecycle
Optimizing Enterprise Information Security Compliance – Dealing with all the audits
For a full list of all whitepapers, visit our Whitepaper library Legal Notices
Privacy Policy
Terms of use
basel 2 sarbanes oxleylegislation

compliance and privacy

Current News Updates Strong move towards remote and mobile use.Securing the network from external attack is top priority.The focus for IT security is on external threat rather than internal threat. This is at variance with the threat risks most organisations face.Green issues considered important, but that is not yet translating into purchasing IT securityConditions right for UTM growthUsers’ purchasing decisions show IT security is not commoditised.Wireless and VoIP increasing The National Gateway Security Survey 2008, carried out for value added distributor and security specialist Wick Hill and sponsored by WatchGuard Technologies, leaders in unified threat management systems, has highlighted the increasing move toward remote and mobile use, as well as the concerns users have about this shift. In a survey of 341 of the top UK companies, by employee number and turnover, 48% had over 150 remote users and a further 11% had 50 to 100 remote users. 61% said that the number of remote users on their network was increasing. 45% reported that the number of VPNs was increasing and 43% that the number of SSL users was increasing. Despite consistent research which shows that internal threat is a greater IT security risk than external threat, the survey showed that external threat is still perceived as the greater problem. This may be partly due to the regular drip of news on external security problems endured by a range of high profile organisations. Reinforcing this, the survey showed that the top priority for 2008 was securing the network from external attack, which 79% rated as very important. Securing remote access was rated very important by 75% and authenticating remote users was rated important by 67%. Green issues have been prominent in the IT world over the last year, with many suppliers jumping on the bandwagon to present their products as offering green credentials. However the report shows that, while users are aware of the importance of green issues, they are not prepared to purchase IT security on green issues alone. They will only do so if ?green’ solutions also meet other commercial requirements, including price. When questioned about what their IT world would look like, 62% considered green issues to be important. Environmental impact, however, came well down the list of important issues in purchasing decisions at only 29%. With the survey highlighting the increasing numbers of remote users and increasing concerns about security, UTMs are well placed to provide the firewalling features which respondents considered most important. 67%, for example, said that centralised management of multiple devices was a very important factor in firewall choice and 60% said that reporting was important. Both centralised management and reporting are greatly facilitated with the right UTM system, where a head office centralised management console can easily manage remote, same-brand UTMs, carrying out tasks such as configuration updates and implementing security policies at remote sites. With a greater number of remote users, together with a need for easier centralised management and good reporting, it makes sense to use fewer appliances. This again mitigates towards UTMs, which commonly combine up to five functions in one appliance. The survey shows that users do not consider IT security to be commoditised. They prefer an easy to use solution and reseller/supplier knowledge. In answers to questions on the importance of various factors in IT purchasing, price came only fourth at 73%, behind ease of use at 90%, performance at 90% and reseller/supplier knowledge at 74%. The relationship with the supplier was also rated highly at 66%, while interestingly web purchasing availability came bottom of the list at only 15%. The survey showed that both wireless use and VoIP use are increasing. 49% of the sample said that the number of VoIP users was increasing and 50% said that the number of wireless users was increasing. Read the Survey

Ian Kilpatrick, the author, is chairman of Wick Hill Group plc, specialists in secure infrastructure solutions for ebusiness. Kilpatrick has been involved with the Group for over 30 years and is the moving force behind its dynamic growth. Wick Hill is an international organisation supplying most of the Times Top 1000 companies through a network of accredited resellers.

Kilpatrick has an in-depth experience of computing with a strong vision of the future in IT. He looks at computing from a business point-of-view and his approach reflects his philosophy that business benefits and ease-of-use are key factors in IT. He has had numerous articles published in the UK and oveseas press, as well as being a regular speaker at IT exhibitions.

CRN 2008 channel awards winnder of ‘ Channel Personality of the Year’, he is never afraid to voice his opinions on all aspects of the industry and on IT security issues in particular. He has an in-depth experience of computing with an excellent
understanding of the industry from the vendor, distributor, reseller and end user point-of-view.

He has a strong vision of the future in IT and IT security. His approach reflects his philosophy that business benefits and ease-of-use are key to successful infrastructure deployment.

This site is independent of all its sources
The contents of the site are sourced from across the industry. All copyrights are acknowledged.

View the original article here

Read More