One of the most hotly contested issues in information security is whether the government should encourage the ubiquitous use of strong encryption to protect data both at rest and in transit, or whether the government (and by this, I mean any government) should require users to use only “government approved” encryption. That is crypto algorithms…
DetailsThe U.S. House Energy and Commerce Committee held hearings on November 16, 2016 on security of Internet of Things in the wake of the massive distributed denial of service (DDoS) attacks perpetrated against certain network DNS servers via a host of unsecured IoT devices. So, what’s a government to do? That is, not what SHOULD…
DetailsIf a tree falls in the forest and there is nobody there to hear it, does it make a sound?? If a company has a data security event exposing sensitive data, but nobody is harmed by the exposure, is it a violation of the law? A recent case from a federal appeals court in Atlanta LabMD…
DetailsOne of the lessons of crisis management is that you don’t make predictions during a crisis. Not to say that the recent UK vote to leave the EU (“Brexit”) is a crisis per se, but just that it is a period of uncertainty. So what impact will Brexit have on data security, privacy, governance, and…
DetailsA federal court in Virginia on June 23 may have put the final stake in the heart of constitutionally protected privacy rights online. The case itself was simple enough – in an effort to investigate the murky and disreputable “business” of sharing of child pornography on the Dark Web that is accessible mostly through TOR…
DetailsIn 1981, R. Foster Winans was a reporter for the Wall Street Journal, writing the “Heard it on the Street” column. As a diligent reporter, he would find out information about companies, and then publish this information in the Journal. He wasn’t an “insider” of any company except the company that owned the Journal. When…
Details