Category Archives: Security

Security

AICPA Privacy Maturity Model

1 Comment

Send comments now to the AICPA on their Privacy Maturity Model

The PMM, based on Generally Accepted Privacy Principles (GAPP), outlines the expectations on each of the six levels of maturity in the Capability Maturity Model for each of the 73 criteria in GAPP. The PMM recognizes that an organization’s privacy practices may be at various levels or stages and that based on the organization’s privacy risk assessment, not all privacy initiatives need to reach the highest level. The PMM can serve as a valuable benchmarking tool and serve as a guide as to how practices in a certain area could be improved and strengthened.

Individuals and organizations are invited to submit comments on the PMM and attached user guide. Feel free to make comments directly on the draft documents by tracking changes and adding comments. To be considered, comments must be sent to nicholas.cheung@cica.ca by October 1, 2010.

The first set of questions I will raise with them (meeting this afternoon) are related to multi-tenant and multi-jurisdiction environments — cloudy privacy. The second question set is related to the optimized level. I have always found that organizations tend not to aim beyond a level three. Is five really meant to be practical or are four and five just holy grail stuff?

Security

Irish Bank asks Gov to Restrict Cash Use

1 Comment

The National Irish Bank has issued a report that urges the government to reduce ATM withdrawals

National Irish Bank said in its report, “Target 2013: Modernizing Payments In Ireland,” that ATMs are the principal way many consumers access cash, and the government should try to influence people to reduce cash withdrawals from ATMs in favor of a greater use of debit cards and other electronic payments. The study said by moving to electronic payments and away from cash and checks, the country would save 1 billion euros (U.S. $1.3 billion) annually or about 680 euros (U.S.$869) per household.

Food, Security

Fake Pot Ban Fail

Leave a comment

New laws have been passed to prohibit the sale of synthetic marijuana. They are not working

Barely six months after Kansas adopted the nation’s first ban on K2, even police acknowledge that the laws are all but meaningless because merchants can so easily offer legal alternatives.

Simple changes to the ingredient gets around the letter of the law. Law enforcement is unable to keep up with this technical change, but the letter is also quickly out of date.

[Clemson University chemistry professor John Huffman, who developed the compounds in 1995,] doubts that law enforcement agencies will be able to devote the necessary resources to identify such complex creations as “1-pentyl-3-(1-naphthoyl)indole,” the substance’s scientific name. The compound sold as K2 is also known by the scientific shorthand of JWH-018, a nod to its creator’s initials.

“The guy in the average crime lab isn’t really capable of doing the kind of sophisticated tests necessary” to identify the substance, he said.

It is a good study of the marriage between security filters and compliance language.

The law tries to be so specific that it names a particular chemical makeup. Attempts to ban thus stimulate innovation and new chemical compounds. The more effective approach is to educate the market about harm. A problem with that, of course, is that the harm has been hard to quantify or even describe. All I saw was increased heart-rate, and that is hardly cause for alarm. Another approach could be to write a requirement more broadly. A problem with that is it may infringe upon other legal, let alone beneficial, behavior.

Speaking of filters, when it is hard to prove harm and hard to write a narrow definition the legal system perhaps should be able to avoid passing an ineffective law.

Poetry, Security

TSA focus on photographers

Leave a comment

The TSA has built a bit of a legacy annoying photographers. I have been hassled personally and I sometimes hear of others getting the same treatment.

Their official spokesman online, Blogger Bob, has responded to recent outrage about the following poster intended for an anti-terror awareness campaign.

The most important part of the blog post, aside from explaining the actual intention of the poster, is to say that photographers can be an asset to security.

In fact, many photographers would be prime candidates to use such vigilance programs to report suspicious activity since they’re extremely observant of their surroundings.

Bingo! The poster did a poor job characterizing the threat as someone doing something entirely legal and NOT suspicious — taking a photograph — when it instead could have called upon photographers to be an asset to the TSA. Wired’s response to this is “Nice save, Bob”

I have tried to make fun of this kind of anti-terror campaign before. The latest TSA attempt is almost funnier than my bogus ones! I clearly will have to try harder.

Old attempt:

New attempt:

Even if it isn’t funny, at least I managed to get a haiku in my poster.

Joe Pries Aviation points out that in Europe photographers are given a “great spot from where to safely photograph (free of charge).”

Does anyone see anything but pure terror here? Scary photo.