December 2009

Data protection accountability - the essential elements

A document for discussion by the Centre for Information Policy Leadership and the Irish Office of the Data Protection Commissioner.

The Centre for Information Policy Leadership: Data protection accountability - The essential elements (PDF)
[Open link in this window | Open link in new window]

The Centre for Information Policy Leadership: Commonly accepted elements of privacy accountability, "Galway project"
[Open link in this window | Open link in new window]

Tech and Law: Data protection, privacy - accountability, self-regulation - Galway paper
[Open link in this window | Open link in new window]

[09/12/27]

Anatomy of a data breach

A study conducted by the Verizon Business RISK Team.

Verizon: 2009 Data breach investigations supplemental report - Anatomy of a data breach (PDF)
[Open link in this window | Open link in new window]

Verizon: 2009 Data breach investigations report (PDF)
[Open link in this window | Open link in new window]

Verizon: Verizon business issues 2009 supplemental data brach report profiling 15 most common attacks
[Open link in this window | Open link in new window]

Risktical rambings - Verizon - 2009 Data breach investigations supplemental report
[Open link in this window | Open link in new window]

Wired threat level: Verizon - data breaches getting more sophisticated
[Open link in this window | Open link in new window]

[09/12/26]

Security risks, online banking and eID cards

A position paper by ENISA.

ENISA: Privacy and security risks when authenticating on the internet with European eID cards
[Open link in this window | Open link in new window]

ENISA: Position paper - security risks, online banking and eID cards
[Open link in this window | Open link in new window]

Tech and Law: security, privacy - online banking via European eID cards - ENISA paper
[Open link in this window | Open link in new window]

[09/12/25]

The Data protection guide

The principles of the Data Protection Act in detail, published by the Information Commissioner's Office.

ICO: Data protection guide
[Open link in this window | Open link in new window]

David Lacey: Everything you wanted to know about Data Protection
[Open link in this window | Open link in new window]

Tech and Law: Data protection - new guides
[Open link in this window | Open link in new window]

[09/12/24]

The rational rejection of security advice by users

A paper by Microsoft Research.

Cormac Herley: So long, and no thanks for the externalities - the rational rejection of security advice by users (PDF)
[Open link in this window | Open link in new window]

Schneier on security: Users rationally rejecting security advice
[Open link in this window | Open link in new window]

[09/12/23]

Cyber security mega trends

A study conducted by the Ponemon institute.

Ponemon institute: Cyber security mega trends (PDF)
[Open link in this window | Open link in new window]

David Lacey: Cyber security mega trends
[Open link in this window | Open link in new window]

[09/12/21]

Outpacing change

Ernst & Young's 12th annual global information security survey.

E&Y: Outpacing change - Ernst & Young's 12th annual global information security survey (PDF)
[Open link in this window | Open link in new window]

[09/12/20]

Applying the risk management framework to federal information systems

New draft guidelines by the National Institute of Standards and Technology (NIST).

NIST: SP 800-37 Rev. 1, DRAFT Guide for applying the risk management framework to federal information systems - a security life cycle approach (Nov. 17, 2009)
[Open link in this window | Open link in new window]

InformationWeek: NIST drafts cybersecurity guidance
[Open link in this window | Open link in new window]

TaoSecurity: Control "monitoring" is not threat monitoring
[Open link in this window | Open link in new window]

DarkReading: NIST urges feds to keep continuously monitor cybersecurity efforts
[Open link in this window | Open link in new window]

[09/12/06]