September 25, 2015

US protection of Europeans' personal data is inadequate, says EU court official

Bot's opinion concerns a rather convoluted case brought before the High Court of Ireland by Austrian citizen Maximillian Schrems. .. He had made the complaint in Ireland because Facebook's European headquarters is there, putting its interactions with citizens of any EU country under Irish data protection law. EU law requires that companies exporting EU citizens' personal data do so only to countries providing a similar level of legal protection for that data. In the case of the U.S., the exchange of personal data is covered by the Safe Harbor Privacy Principles, which the European Commission ruled in July 2000 provide adequate protection.


After A Long Slump, IT Certification Pay Bounces Back

In general, IT certifications that are increasing salaries include ones related to architecture, security and cloud, including those that require deep systems knowledge, as well as certifications on skills specific to a platform or vendor, Foote said. Even if some of the most in-demand skills begin to see salary rates drop slightly, it may not be a sign that those skills are no longer hot -- it may simply be the supply of workers is catching up with the demand, so the certification payoff isn't as strong. One job that will stay at the top of the hot-skills list: security. That's because members of companies' board of directors are getting personally sued after security breaches, putting security concerns squarely in the C-suite, Foote said.


Mobile strategies increase the need for data loss prevention technology in Europe

Google’s Android lock functionality should help relieve at least some of the concerns that IT administrators might have in allowing employees to use Android devices to access and store business applications and data. “One of the main tasks of administrators is to set authorisation levels for employees according to departmental and task requirements. They also have to ensure that security does not limit accessibility,” according to Foecki. “For example, two users on the same device will mean two completely different levels of authorisation for transferring data. This flexibility marries convenience with security.”


Regulated Cloud Data: A Day in the Life

Recent survey findings show most IT security professionals believe they don’t have full visibility into where all their organization’s sensitive data truly resides. It’s important to note that cloud data has a three-phase life-cycle. And the journey carries many new risks. Today’s data privacy and compliance practitioners increasingly embrace the idea that safeguards must be in place during all three phases – In-motion; at-rest and, in-use – regardless of where it physically exists (e.g., within the company or in outsourced cloud systems). As many in the nation tune in to the U.S. Open, let's take a look at why so many enterprises are making such a racket (sorry!) about cloud – and the major concepts and considerations they must consider when it comes to gaining visibility into and control over data during its daily journey to, from, and within public cloud environments.


The Top 10 Tips for Building an Effective Security Dashboard

Today, enterprises must grapple with a panoply of numerous and highly sophisticated threats. In response to this dangerous landscape, it is no wonder that businesses are increasingly turning to security dashboards – a powerful communication vehicle for all information security professionals. An effective security dashboard provides personnel, ranging from security analysts to CISOs, with the tools to report on incidents and evaluate security risks. Providers typically offer customers a number of customizable solutions, but this variety begs the question: what features make a security dashboard most effective? We asked industry experts for their tips on what they recommend a powerful dashboard must have.


Infrastructure Code Reviews

When trying to first introduce systematic code review organizations often get tripped up on when to insert the review. Should it be pre-push review (before the change has landed in the authoritative repository) or post-push (some time after the change has landed)? Since pre-push review happens before the change is deployed authors are incentivized to craft small changes that can be readily understood (since the change will not be deployed until someone else understands it) and reviewers have a chance to make meaningful suggestions before the code runs in production. However, adding a new -- blocking -- step to the development process is a risky and potentially disruptive change. Post-push review still realizes many of the benefits of review in general and requires no initial changes to anyone's process.


XMLFoundation

XML data is processed by xmlLex.cpp like all XML in the XMLFoundation it then uses JNI to make instances of Java Objects that come instantiated with all the member variables already assigned from the XML - No code needs to be written to accomplish this - just a little table of information that allows the algorithm to correlate XML Elements to member variables. ... It's like magic from the Java side, the objects just appear in their containers. I make some outrageous claims in this article, and so that none of them be proved false – it needs to be known that JavaXMLFoundation.cpp uses a DOMish approach underneath Java, and therefore although it’s still fast its not going to have the big speed gain of the pure C++ implementation.


Doing tokenization and cloud computing the PCI way

While the cloud has its benefits, it’s only as secure as you make it. As recent as last week, over 1.5 million medical records were breached on Amazon Web Services. The names, addresses, and phone numbers, along with biological health information including existing illnesses and current medications, were posted in the clear to Amazon S3 storage servers. These could have just as easily been credit card numbers. It’s also imperative to realize that just because a cloud vendor offers up a PCI certified environment; it does not mean everything you build on top of it will automatically be in compliance with the PCI DSS or PA-DSS requirements.


Deals Demand Prior CFO Involvement in Data Security

Companies would perform due diligence on a target and look at all the standard risk factors: tax issues, environmental issues, employee arrangements, intellectual property issues, licenses and permits, debt, and other aspects of financial health among them. But as sensitivity to data and its value has risen over the recent years, a company’s data can become a significant asset, often to the point of being the critical one justifying a deal. But it also can be the reason a deal gets killed. No one wants to invest in a company only to have it hacked due to poor data security and then become the target of a regulatory investigation for unfair and deceptive trade practices due to poor privacy disclosures.


Creating an organizational culture of resilience: Resilient leaders are the key

An organizational culture of resilience may be thought of as a climate or general atmosphere within a group, organization, or community which fosters resilience in the wake of adversity. It is an environment is that perceived by the majority of members/ workers as supportive, motivating, and non-punitive.  ... IOM notes that in developing resilient leaders, it is especially important to focus on frontline supervisors. Frontline supervisors may be the best medium for not only initiating changes within organizations but also sustaining those changes. Once created, resilient leadership practices serve as the catalyst that inspires others to exhibit resilience and to exceed their own expectations.



Quote for the day:

"Leadership is intangible, and therefore no weapon ever designed can replace it." -- Omar N. Bradley