Map “Privacy and Data Protection by Country”, by Forrester

Posted on 4 September 2012 by Admin

Forrester is publishing an interesting map “Privacy and Data Protection by Country” (Global heat Map), which provides a status overview in the world.

Forrester-globalheatmap

Posted in Privacy, Security Training, Awareness and Reports | Comments Off on Map “Privacy and Data Protection by Country”, by Forrester

Mobile Privacy guidelines, by GSM Association (GSMA)

Posted on 4 September 2012 by Admin

GSMA has prepared privacy guidelines within their “GSMA Mobile Privacy Initiative“.

privacy-main-image1

What this is about?

See their brochure:

In January 2011, the GSMA published a set of universal Mobile Privacy Principles that describe the way in which mobile consumers’ privacy could be respected and protected when consumers use mobile applications and services that access, use or collect their personal information.

GSMA also published a discussion document in April 2011, outlining a set of Privacy Design Guidelines for Mobile Application Development.

High-level Privacy Principles

  • Openness, Transparency and Notice
  • Purpose and Use
  • User Choice and Control
  • Data Minimisation and Retention
  • Respect User Rights
  • Security
  • Education
  • Children and Adolescents
  • Accountability and Enforcement

Privacy Design Guidelines for Mobile Application Development

(Shortened list for readability)

  • Transparency, choice and control (TCC) guidelines
    • TCC1 Do not surreptitiously access or collect personal information.
    • TCC2 Identify yourself to users
    • TCC3 Let users exercise their rights.
  • Data retention and security (DRS) guidelines
    • DRS1 Actively manage identifiers.
    • DRS2 Keep data secure.
  • Education guidelines
    • E1 Educate users about the privacy implications …
  • Social networking and social media (SNS) guidelines
    • SNS1 Prompt users to register for social networks, but be careful about mapping registration information to public profiles.
    • SNS2 Ensure default settings are privacy protective and give users control of their
      personal profiles…
    • SNS3 Take measures to protect children from endangering themselves.
  • Mobile advertising (MA) guidelines
    • MA1 Inform users about advertising features.
  • Location guidelines
    • L1 Inform the user that location will be used and give them choice.
    • L2 Capture appropriate consents to use location data.
  • Children and adolescents (CA) guidelines
    • CA1 Tailor applications to appropriate age ranges.
    • CA2 Set privacy protective default settings.
  • Accountability and enforcement guidelines
    • AE1 Assign responsibility for ensuring end-user privacy is considered and delivered
      throughout the product lifecycle…
    • AE2 Give users tools to report problems regarding an application.
Posted in GSMA, Privacy, Security Standardization and Practises | Comments Off on Mobile Privacy guidelines, by GSM Association (GSMA)

Curiosity robot vehicle on Mars

Posted on 2 September 2012 by Admin

NASA’s Curiosity robot has reached Mars surface.

Article with 10 min intro video “Target Mars: Rover Lands on the Red Planet

Curiosity01

Landing Video

Links

Note

Depending on findings (minerals, water, life?), the impact might be big!

Next

Next NASA mission: discover what’s inside Mars

Posted in Science | Comments Off on Curiosity robot vehicle on Mars

News: virus attack blows Qatari gas giant offline

Posted on 1 September 2012 by Admin

Disturbing news, see article “Mystery virus attack blows Qatari gas giant RasGas offline“.

Posted in Security Incidents and Cases | Comments Off on News: virus attack blows Qatari gas giant offline

Good Link: IT’s 9 biggest security threats

Posted on 1 September 2012 by Admin

It is worth to look article “IT’s 9 biggest security threats

Questions: Where the world is going? What can individuals do? What can companies do?

Posted in Security Incidents and Cases, Security Threats | Comments Off on Good Link: IT’s 9 biggest security threats

GreatNews, Tool for reading news (RSS feeds)

Posted on 30 August 2012 by Admin

GreatNews is a good alternative for reading news (RSS/Atom feeds)

Good:

  • list of feeds are maintained
  • automatic refresh of feeds
  • different styles available for showing feeds
  • search over Feed Group
  • import & export in OPML format (XML)
  • possibility to open feed text in external browser for better reading

The figure below shows the condensed view when using “Brief” style.

Greatnews

 

Automatic updates makes it possible to use this tool to display latest news on “newsboard”.

The figure below shows the handy search function applied to Feed Group Security.

Greatnews-search

 

OPML Example

The text below is created by exporting the BBC Feed Group from GreatNews tool.

OPML

Advanced

One can extend GreatNews functionality for a “newsboard” display by using a simple autoit script for automating the looping through all the feeds. See autoit script below; key F7 is send regularly into GreatNews tool.

While 1
WinActivate(“GreatNews”, “”)
WinWaitActive(“GreatNews”, “”, 30)
Send(“{F7}”)
Sleep(10000)
WEnd

With wine tool, one can run GreatNews (and autoit) also in linux environment.

 

Alternatives

  • Sage is a light Firefox add-on. However, it still lacks the automatic updates. Although it does updates feeds when clicked. Condensed view can be achieved by using custom css called StealthCSS, which is available from their wiki pages.
  • Readefine is capable of showing feeds in a condensed way (in newspaper style). In addition, it can be runned in Linux. However, it does not “really” maintain list of feeds.
Posted in Recommended Free Tools | Comments Off on GreatNews, Tool for reading news (RSS feeds)

Cybersecurity, recommendations for governments by DIGITALEUROPE, JEITA and ITI

Posted on 30 August 2012 by Admin

Cybersecurity is clearly an issue for national security. 3 organizations have created a joined set of recommendations for governments.

Press release and Recommendations in June 2012.

The recommendations are:

  • Develop cyber security policies in a transparent manner and with relevant stakeholder input.
  • Enable risk management and innovation.
  • Develop and implement cyber security policies in partnership with the private sector.
  • Encourage the development and use of globally recognized, industry-led, voluntary consensus
    security standards, best practices, assurance programs, and conformity assessment schemes.
  • Ensure the use of globally standardised tests and certification.
  • Ensure that cyber security requirements are technology-neutral.
  • Ensure that cyber security requirements allow for procurement of technologies regardless of
    the country of origin or the nationality of the technology vendor.
  • Ensure that any cyber security requirements avoid forced transfer or review of intellectual
    property (IP), such as source code.
  • Limit any prescriptive requirements to areas of the economy that are highly sensitive, such as
    government intelligence and military networks.
  • Strengthen institutions, and develop contingency plans and cyber security strategies.
  • Focus on criminals and their threats.
  • Focus on education and awareness.

Notes

This is good news for information security industry, ie. to address cybersecurity with a mature approach. It encourages to use standards and best practises. The issue is difficult. But also there are tools and methods to address this. The solution is not only to create one security unit for this, but to involve stakeholders, which we have many, in the process. Information security professionals are needed to guide and educate stakeholders into a mature approach.

Other links

The information is also available at EurActiv.

Posted in Cybersecurity, Security Management | Comments Off on Cybersecurity, recommendations for governments by DIGITALEUROPE, JEITA and ITI