|Compliance and Privacy News|
Happy New Year and welcome to the first issue of Compliance and Privacy News for 2006. It already looks like this year will be a very busy one for us and for you
Firstly, Network Security is increasingly high on the corporate priority list because vulnerabilities are starting to be issues for regulators, not simply for the CIO. Our new survey on penetration testing may well produce some interesting results.
Secondly, in today's increasingly rule-bound world "Data Protection legislation" - which of course has little to with protecting data and everything to do with individuals' data rights - is high on the agenda. GE is the first corporation to adopt Binding Corporate Rules in the UK and has been working hard with the UK Information Commissioner to ratify their policies and processes to enable the legal export of data from the EEA.
Thirdly, tomorrow brings the threat that the Sober worm will unleash a new virus attack storm. Are you ready for this alleged neo-nazi threat? And are you ready to protect yourself and your users against spyware? A new webcast may give you the answers.
Like all major corporations, GE transfers its data globally. Unlike many, it has been working with Data Protection Authorities across Europe to ensure legality.
Without major policies and contractual or other arrangements formalised it is unlawful to transfer data capable of identifying a living individual from the EEA. GE has blazed a trail with the UK Information Commissioner to ratify a set of Binding Corporate Rules to allow it to make those data transfers within the law.
GE has completed negotiations with the UKIC. While it is not a simple rubber stamp job it expects few challenges with the rest of Europe.
There are so many threats nowadays to your network from the outside. How do you know that you are secure enough? In fact, do you even know how secure you need to be?
We've launched a new survey for the New Year on Vulnerability and Penetration testing. Simple enough questions, simple answers, but the overall topic is complex. So we added a whitepaper (free to download) to describe what needs to be done.
Do, please, answer the survey. It's in the left hand margin of all the site's main pages. And also download the whitepaper
Of course it just may be a damp squib, but we've seen nothing from people like iDefense to downgrade the alert for the Sober Worm's activation of a virus storm on the 5th of January, coinciding with the anniversary of the formation of the Nazi party.
Oddly some good came out of the worm. This is the one that tells you that "your IP Address was logged" and "You visit illegal websites". The German language variant arrived in the email of a naive Paderborn resident who gave himself up to the police for visiting underage websites of doubtful pedigree.
Sure enough they inspected his PC and found the fruits of his unlawful browsing. A court case and probable conviction for underage unlawful pictures is pending. So it's hard to say too much against Sober... Well, no. It's easy to say a lot about it. 100+ virus emails per day into my own mailbox is just too much trouble. The question is, "Are you protected?"
As most people herald the arrival of 2006 with fanfare, the creators of spyware and adware applications continue inexorably toward the goal of maximizing revenue from their creations. The automatons that they set into motion do not take holiday breaks, preferring instead to lie in wait for the next user gullible enough to download, install and use the malicious software and provide financial benefit to the spyware distributors. Spyware is a perfect example of the growing trend in which questionable entities exploit the Internet for financial gain. The last few years have proven that malicious code, and its cousins adware and spyware, have become the raison d'Ítre for many computer professionals. Additionally, the fine line between the malicious code camp (writing and distributing worms, viruses, Trojan horses and combinations thereof) and that of adware and spyware (writing code that is "questionable" at the least) is blurring, and successful techniques used by one faction are often, and quickly, incorporated into the products of the other. There is even a fast-growing trend of adware and spyware being deployed by means of malicious code droppers and websites - all in the pursuit of easy money.
This iDefense Webcast is at 2pm EST (that's 7pm GMT) on 5th January. As usual we'll bring the replay here a few days after the Webcast
Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.