Facebook has been the subject of intense scrutiny over privacy concerns…again. Or, is it still? Facebook is not alone, however, as Twitter and Android have also been recent targets of privacy ire. Each of these privacy incidents has something else in common as well–they are a result of relationships with third-parties that users have approved.
via The Link Between Recent Privacy ‘Breaches’.
If there was any doubt about the popularity of electronic dupery, it should be put to rest with a report on global fraud released the week by the risk management consulting firm Kroll. For the first time since 2007, when the company began putting together its annual survey on crime, electronic fraud surpassed physical scams as the most common form of fraud in the world.
via E-crime Now More Common Than Real Crime.
CyberScope represents a major shift in the way federal agencies report their compliance with the Federal Information Security Management Act, the law governing government cybersecurity. The goal, officials have repeatedly said since announcing the tool late last year, is to place an emphasis on operational security as opposed to meaningless, once-a-year compliance reporting.
via Government Ready For Cybersecurity Deadline, Officials Say — Government Security.
If you had any question whether app stores were a passing fad, the answer probably lies with apps.gov, an app store by and for government agencies……
The GSA also takes care of all the acronyms as well. The sites are FISMA and 508 compliant, and the relevant PIAs have been completed, which is bureaucratic shorthand for saying the apps passed a security test, are accessible to those with disabilities and have fulfilled the relevant privacy reporting requirements
via Feds Get Their Own App Store | Epicenter | Wired.com.
Ready for another threat to individual privacy? Less insidious, perhaps, than phishing, but potentially as damaging is a relatively new technique called “scraping.”
Scraping is the practice of trolling social networking sites, message boards and chat rooms looking for personal information that can help firms target the right people with their marketing efforts. And instead of being cloaked in the guise of a Nigerian prince or other shady character, scraping is being sponsored by some big-name, legitimate companies, and it’s starting to find its way into healthcare.
via PatientsLikeMe incident may just be ‘scraping’ the surface – FierceHealthIT.
Long live SSAE 16 and ISAE 3402!
One of the most misunderstood things about SAS 70 was the fact that it was technically only a valid auditing standard in the United States, even though SAS 70 reports are done for non-US based service providers and are relied upon by businesses and auditors worldwide. However, on or before June 15, 2011, that will change. As of that date, Statement on Standards for Attestation Engagements (SSAE) 16 and International Standards on Attestation Engagements (ISAE) 3402 will replace the venerable SAS 70. SSAE 16 is issued by the American Institute of Certified Public Accountants (AICPA) and ISAE 3402 is issued by the International Federation of Accountants (IFAC).
via SAS 70 Is Dead! « PCI Guru.
The Payment Card Industry’s Security Standards Council may be doing a good job helping lock down larger retailers, but the smaller “Mom and Pop” merchants are becoming the new targets of cyber criminals, says a PCI expert.
via PCI: Smaller Merchants Threatened.
Microsoft this week unveiled the ninth volume of its Security Intelligence Report (SIR). The semi-annual assessment of the state of computer and Internet security and overview of the threat landscape generally yields some valuable information
via Microsoft Exposes Scope of Botnet Threat.
Nearly 53,000 of those affected had their names and Social Security numbers compromised, while the rest had their names and dates of birth exposed in the incident.
via University of North Florida breach exposes data on 107,000 individuals.
Three Michigan abortion clinics have been cited by the Office for Civil Rights for violating the federal Health Insurance Portability and Accountability Act HIPAA, but a pro-lifer is disappointed that no further action has been taken.
via Clinics caught, cited for violating the law OneNewsNow.com.
