Last June, I blogged about a draft of the National Strategy for Trusted Identities in Cyberspace (NSTIC) that had been released for public comment. This past April 15, the finalized NSTIC strategy document was released at an event at the US Chamber of Commerce.
For those of you that aren’t already familiar with the NSTIC, it is a US government-facilitated initiative that seeks to simplify and strengthen user authentication and to provide trustable assertions about principals in online transactions through the creation of an ecosystem that includes identity and attribute providers. More information is available at the NIST NSTIC website, particularly the animation video. NSTIC seeks to improve trust in use in the Internet and to enable new uses that depend on trusted attributes and higher assurance transactions.
Read More »
Tags: NSTIC, NSTIC Series, privacy, security
Risk assessments are the underpinning of all effective security programs. It’s quite difficult to best prioritize defensive efforts without a proper valuation of assets to be protected, consideration of threats against those assets, and some means to establish a probable rate at which those threats will result in a particular impact. Because risk assessments describe the priorities of the organization through the perspective of minimizing impact from security events, they must be regularly reviewed to ensure not only that the assets and activities of the organization are current, but also that the current threats are properly accounted for.
Recent research by Christopher Soghoian, a graduate student at Indiana University, Bloomington’s Center for Applied Cybersecurity Research, suggests that underreporting of US law enforcement surveillance could be creating a blind spot in organizational risk assessments. That is, the current legislative reporting requirements exclude certain information and agencies. In the absence of such requirements, it appears that state and local agencies, for example, are responsible for the vast majority of Electronic Communications Privacy Act (ECPA) requests. Unfortunately, the kinds of information excluded from stringent reporting requirements coincides with the current trends in mobile computing and informal electronic communication, namely stored communication (text messages, social networking posts, etc.). At this intersection lies the opportunity for an organization to miss a very real threat to its sensitive communications, as we mentioned in our recent Cyber Risk Report.
Read More »
Tags: privacy, security
Many people wonder what it takes to be PCI compliant. More importantly, people want to know the difference between PCI, FISMA, DIACAP and STIG. With so much alphabet soup, one has to wonder what it all means, and what is the best way to navigate these waters.
I’m not here to provide you with all the answers, but I can certainly help you to understand where PCI fits into the picture.
Read More »
Tags: compliance, cyber crime, government, pci, privacy, security
“The one thing all the popular Japanese social media platforms have in common is anonymity,”
Facebook has more than 500 million active users and is the most popular social media channel in the world. But accordingly to an online article from The Next Web, Japan is one of Facebook’s lowest performing markets. Out of an online population of almost 100 million, there are just 2 million registered Facebook users which represents a penetration of just 2%. Read More »
Tags: culture, facebook, Japan, Japanese, market, Mixi, privacy, social media, social media channel, Social Network, social networking, users
We take social media seriously at Cisco.
We look at it as a collaborative tool to help better serve our customers, our partners, our investors and our employees…and to LISTEN to them as well. There, of course, have to be guidelines and employee training around the use of social media. Within our company culture of transparency, we thought we’d make our newly updated internal Social Media handbook available for everyone. We don’t claim to know everything about Social Media, but we do know that the wisdom of the crowd is generally better than the wisdom of the few. With that in mind, we welcome your thoughts, observations and viewpoints on our Social Media Policy and Guidelines.
Read More »
Tags: Governance, policy, privacy, social media