Richard Chirgwin reports: The FBI has decided that your Things are too risky to be allowed anywhere on the Internet. Curiously, given that the Internet of Things is backed by some of the largest tech vendors in the world, the Bureau has also decided that responsibility for security – and for understanding the capability of…
Category: Commentaries and Analyses
What You Need to Know About Germany’s Cybersecurity Law
Monika Kuschewsky writes: Whilst the discussions on the proposed Network and Information Security (NIS) Directive at European level are still ongoing (see Update on the Cybersecurity Directive − over to Luxembourg?, InsidePrivacy, June 12, 2015), less has been said about Germany new national Act to Increase the Security of Information Technology Systems (the “IT Security Law”). The IT…
FTC Chairwoman to the Valley: I Come in Peace — And to Keep Your Company Secure
Mark Bergen reports: Edith Ramirez wants Silicon Valley to see her agency as something more than a wrist slapper. Last Wednesday, the Chairwoman of the Federal Trade Commission came to San Francisco to host the agency’s first “Start with Security” conference, an initiative to institute broad guidelines for consumer privacy protection — and convince tech companies…
Medical Informatics Engineering, Concentra, Employers, Data Sharing, And Privacy
Over on I’ve Been Mugged, George Jenkins describes what he learned when he and his wife really pursued the question of how Medical Informatics Engineering had wound up with his wife’s personal information caught up in their breach. It’s a long – but important – read, as it highlights routine business practices that may come…
Why does the FTC keep ignoring my inquiry?
On July 31, after reading a news story about a breach involving a school district, I emailed the FTC to ask for clarification on FACTA: I have searched and searched but cannot find a definitive answer to the following: Are k-12 public school districts covered by FACTA? Assume for purposes of my question that there…
US-CERT’s do’s-and-don’ts for after the cyber hack
Jason Miller reports that US-CERT is offering best practices for after an attack. Here’s a bit of what he reports: Hacked organizations shouldn’t automatically initiate reactive measures to the network without first consulting incident response experts. Barron-DiCamillo said US-CERT and a host of other companies do incident responses for a living as opposed systems administrators…