Monthly Archives: March 2007

Auditing Privacy Part 2 – Risk Assessment of Data Loss

Posted on March 30, 2007 by dutcherstiles

The easy way to assess privacy risks is to focus on the impact of data theft to the organization by including the private data as a corporate asset. There are well documented methods to identify the vulnerabilities in means of … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

Impacted Molars II

Posted on March 28, 2007 by dutcherstiles

OcclusalPanopticonistas Cyveillance say ID theft is so bad, we are all going to die. Seems like shutting down copyright scofflaws got a little too Web 1.0 for them, so they’ve unleashed their vicious crawling spiders on a search for contraband … Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Insider Threat Assessment

Posted on March 27, 2007 by dutcherstiles

Step one: Play a crappy new-agey cover of “All Along the Watchtower.”

Posted in Uncategorized | Tagged , | Leave a comment

Panopticon Enabled Desktops Increase Productivity!

Posted on March 22, 2007 by dutcherstiles

From Dark Reading, the joys of workforce monitoring software with Ascentive!: “We call it ‘workforce activity management,’” says Schran. “Our latest edition provides all the insight necessary to eliminate time-wasting, increase productivity, and protect private company data.” Or, in the … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Auditing Privacy Part 1 – Ethics and the Canon

Posted on March 20, 2007 by dutcherstiles

It would comfort many compliance auditors to discover the ultimate checklist and tear after their organization’s privacy program, collecting tick marks and developing the dreaded deficiency finding. I say to them, “Google is your friend.” For the more enlightened internal … Continue reading

Posted in Uncategorized | Tagged , , , | Leave a comment

I Am Not A Cop

Posted on March 20, 2007 by dutcherstiles

A couple posts on the role of internal audit in the information security controls of a company got me thinking. First, Anton describes an auditor as “policing agent” model: InfoSec develops controls. Operations operationalizes them. Audit goes around with a … Continue reading

Posted in Uncategorized | Leave a comment

More Questions than answers

Posted on March 16, 2007 by dutcherstiles

This evening has been spent practicing for my SXSW day show: a brief discussion about privacy for which some auditors will be getting CPE. As a result, I have also spent the evening listening to my voice slowly decay into … Continue reading

Posted in Uncategorized | Tagged , , | Leave a comment

Repost Redux: Special SXSW Edition

Posted on March 14, 2007 by dutcherstiles

Having read a few additional commentaries, I began to think some more on two issues I posted about earlier. Greg Abbott vs. The County ClerksMordaxus at Emergent Chaos says we need to chill, which made me wonder if there was … Continue reading

Posted in Uncategorized | Tagged , , , , , | Leave a comment

Charts ‘n Graphs

Posted on March 13, 2007 by dutcherstiles

From Pogo, this article from Physorg on the classic Evil Hacker v. Evil Suit dilemma. From the article: If Phil Howard’s calculations prove true, by year’s end the 2 billionth personal record – some American’s social-security or credit-card number, academic … Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment

SSN Panic, Texas Style

Posted on March 8, 2007 by dutcherstiles

Here’s the Computerworld run-down. And here’s the Attorney General’s letter (worth reading) and the proposed bill to change the law Texas HB 2061 so as all the county clerks don’t get thrown in jail. The AG letter says it in … Continue reading

Posted in Uncategorized | Tagged , , , , | Leave a comment