Risk News

Forget Information Sharing

"Before it adjourned in August, Congress delayed a vote on the controversial and dangerous Cybersecurity Information Sharing Act."

Annie's take:

Regulation often has a way of making life more difficult for CISOs. Here's an article that proposes amendments to three such regulations already on the books.

EU Court Says Data-Transfer Pact With U.S. Violates Privacy

"The European Union’s highest court on Tuesday struck down a trans-Atlantic pact used by thousands of companies to transfer Europeans’ personal information to the U.S., throwing into jeopardy data traffic that underpins the world’s largest trading relationship."

Annie's take:

A victory for privacy advocates, but a mess for small to medium size businesses who have not had time to figure out how they will now do business, though large technology companies like Microsoft probably have. The ruling also opens the door for every European country to examine the privacy controls of every other country in the European Union and in the United States.

Edward Snowden interview: 'Smartphones can be taken over'

"Smartphone users can do "very little" to stop security services getting "total control" over their devices, US whistleblower Edward Snowden has said."

Annie's take:

Here Edward Snowden is talking about British intelligence services, but the tools he describes could be used anywhere by any intelligence service.

Internet Of Things Hikes Security Risk, Says AT&T

"The Internet of Things and corporate supply chains could increase cybersecurity risks, says AT&T."

Annie's take:

We'll be discussing the Internet of Things next week in my enterprise risk management course.

Deaths Draw Attention to Wall Street’s Grueling Pace

"In retrospect, it was around Easter that John Hughes began to think something unusual was going on with his middle son, Thomas, a 29-year-old investment banker."

Annie's take:

This is a beautifully written, well-balanced analysis of what chews people up in the banking world. I suspect it will win an award, but past policies that firms have already put in place, will anything else change? And are the rewards worth the risks?

The Future of the Internet Is Flow

"People ask where the Web is going; it’s going nowhere."

Annie's take:

A mildly provocative meditation on information flow on the Internet.

Highly personal data for 15 million T-Mobile applicants stolen by hackers

"Hackers broke into a server and made off with names, driver license numbers, and other personal information belonging to more than 15 million US consumers who applied for cellular service from T-Mobile."

Annie's take:

Worse, worse and even worse. The hack was through a third party -- Experian -- and encrypted data might have been decrypted. The final irony here would be if the two free years of credit monitoring were from Experian.

Influencers: Lawsuits to prevent reporting vulnerabilities will chill research

"Companies’ lawsuits aimed at preventing public disclosures of vulnerabilities will have a chilling effect on security research, a majority of Passcode Influencers said."

Annie's take:

Between a rock and a hard place here.