October 06, 2016

EU privacy watchdogs have questions about Yahoo's secret email scanning

Caspar, one of the more outspoken of Germany's regional data protection commissioners, pointed out that, thanks to former National Security Agency contractor Edward Snowden's revelations, we've known for some time that big U.S. internet companies were obliged to give their user data to the country's security services. "The suspicion that Yahoo has actively assisted to scan mails of their users as a henchman of the NSA is not really surprising regarding the information of the PRISM program. On the other hand it goes far beyond what is acceptable," Caspar said. He wants to know what really happened at Yahoo, too. "There has to be a clear and fast examination of these allegations by the competent data protection authority," he said.


Secure Docker on Linux or Windows platforms

Linux alone cannot secure Docker. On the contrary, when administrators allow a subset of end users access to the Docker daemon, they are implicitly granted root access. Therefore, use great caution when granting access. Within the context of Docker, when an end user accesses the daemon, the user could alter the host machine's file system, even without intending to do so. When the developers, IT team or business leaders decide to utilize Docker containers, systems administrators should take comfort in the fact that some of their usual burden is eased by Docker's cross-platform portability. However, admins cannot ignore that the cross-platform nature of Docker containers also gives rise to various other issues, not the least of which is security.


The Big Data Challenge: Getting from Data to Decisions in the Era of IoT

The Internet of Things (IoT) already has enabled connectivity in billions of devices – from thermostats to cars to wearables. But there is a new stumbling block on the horizon. Sensors are now spreading across almost every industry, triggering a massive onslaught of new data that will clearly lead us into the next era of the information age. This reality presents both an opportunity and a challenge. On the upside, many believe that big data will unleash new opportunities for businesses, support decision-making, and lead to the development of new products and services. The question is how to get from data to decisions on a massive scale. After all, the value in big data lies in our ability to analyze and make sense of the information, and as the IoT expands many fear big data will simply become too big, too fast, or too hard for existing tools to process, analyze, and convert into insights.


The need for updated technology

Data play a large role in successful revenue management today. The airline industry has moved to a retailing mindset, and to properly attract and retain today's customers and competitive nuances, airlines need data in the form of proactive, actionable information. Traditional revenue-management systems have relied on a batch-based, processing methodology and predefined data-processing intervals. However, airlines need to be aware of market and competitive changes as they occur. Markets evolve dynamically, not at preset intervals. One of the greatest influences on the success of an airline's business and competitive standing in the market is the ability to understand who is traveling across its network and how much each passenger spends across all revenue streams.


Research Reveals Why Hacked Patient Records Are So Valuable

Typically after a health record hack, the data will "go dark" for some time before resurfacing in different variations, he says. "So, it will look like basic short-form ID theft material, but eventually the electronic health record will surface as a 'fullz' - the slang term on the deep web [for] a complete long-form document [containing] of all the intricacies of a person's health history, preferred pharmacy, literally everything," he says. "What happens is the people who purchase those [fullz] then go to another vendor on the deep web for what's called 'dox,' the slang term for documentation, where they then proceed to have passports, drivers' licenses, Social Security cards - all these things that will help the counterfeit imitation of the victim. ..., and once it's an identity kit, you can sell it for $1,500 to $2,000."


Samarth Shekhar of FinTech Forum: „Banks can’t generate innovations on their own“

We have been fortunate to be the first-movers in the FinTech space in Continental Europe, giving us the chance to build relationships with founders early, as well as giving us visibility on the global stage. Our eleven events since 2013 have brought together nearly 200 startups with over 450 investors and corporations. Over one-third of the FinTech funding rounds in 2015 involved alumni of FinTech Forum. This was also the first year when German FinTech funding overtook the UK. To give you a comparison: As of 2013, Germany’s share of FinTech investments was less than $60 million, versus UK’s $3.2 billion! We have been invited to present the German FinTech scene at leading global events like Innotribe/SIBOS (Boston, 2014),


8 challenges that keep financial services CTOs and CIOs up at night

“Security is the thing that keeps me up at night,” says Michael Thorne, CTO at Bristlecone Holdings. “Nothing else compares. It is never done. The minute you think you're secure, you're at risk again. Being on top of it is nearly impossible. To gain some traction though, I make sure I'm following what's happening with data security and understand the flaws exposed, I stay up to date on developing tech, and, most importantly, I share information among my peers in groups that promote shared insights to enhance security across the board.” ... The challenge for financial services CIOs and CTOs is to “figure out how to update and proactively maintain infrastructures in order to mitigate security risks and keep adversaries at bay during a time when boards of directors are asking IT to further cut budgets to help meet ROE targets”


Are you encouraging your employees to take security risks?

In the information security world, the not so carefully guarded little secret is that conforming to security rules reduces productivity. I might claim that everyone could follow safe security practices and continue to be as productive as they would without following them, but this would be dishonest In fact, following the rules will definitely impact productivity to a varying degree. As an example, we tell our employees to be cautious about clicking on links in email, but then we press them to finish work that relies on links sent via email. We may also require them to research topics, while blocking a large number of websites for security reasons.


Proper Usage of Metrics with Flow Debt as an Example

Flow debt is incurred when Lead Time defined as (Completed Date – Started Date) is artificially reduced for some work items in progress by “borrowing” Lead Time from other work items in progress. The term was coined by Daniel Vacanti in his excellent book Actionable Agile Metrics for Predictability: An Introduction. Here is a flow debt example. Let’s say we have only one work item in progress. If we start another work item before finishing the first one, then we will have two in progress. If we finish the second work item before the first one, then we have incurred flow debt. ... One way to calculate Flow Debt for a given reporting interval is:Flow Debt = The Approximate Average Lead Time (as predicted by the CFD) minus the exact average Lead Time for the items that finished.


Chief risk officers ‘must change course’ to avert another economic crash

Ever more complex financial products, growing technical automation and a narrow focus on regulatory box-ticking could be the perfect storm for banks to lose control of their decision-making processes and potentially wreak havoc on the financial system, warns Dr. Colin Lawrence, partner and managing director of financial services at Parker Fitzgerald. A thirty-year veteran of the financial risk management arena, Lawrence believes CROs need to move far beyond conducting measurement, and start driving strategic change. “Risk officers often don’t have the full picture and don’t know the core risks,” he told delegates at Bloomberg’s recent Risk Day 2016 in London.



Quote for the day:


"Optimism is the faith that leads to achievement; nothing can be done without hope." -- Helen Keller,