法律化的今天

用户也懒得更改默认密码

二月 22, 2012 通过全球预产集团发表评论

Most people working with sensitive information want stricter security policies but rarely bother changing default, automatically generated and assigned passwords.

To collect the responses, ElcomSoft was running a questionnaire during the last few months. After gathering a statistically significant sample, the company discovered interesting information about its customers’ habits and preferences in regards to IT security.

Less than 50% of all respondents come from Computer Law, Educational, 财政, Forensics, 政府, Military and Scientific organizations.

Less than 30% of respondents indicated they have never forgotten a password. Most frequently quoted reasons for losing a password to a resource would be infrequent use of a resource (28%), not writing it down (16%), returning from a vacation (13%).

Only about 25% of all respondents indicated they change their passwords regularly. The rest will either change their passwords infrequently (24%), sporadically or almost never.

通过用户也懒得更改默认密码.

提出在: 技术字节标签: default passwords, Educational, ElcomSoft, 财政, 取证, 政府, 信息, Military, sensitive information

冲突发生时，当遵守中美. 和E.U. 法律 | 企业法律顾问 (凯瑟琳·邓恩)

二月 22, 2012 通过全球预产集团发表评论

As companies in the U.S. work to comply with laws such as the Foreign Corrupt Practices Act (反海外腐败法), they often conduct internal investigations that rely, 部分, on collecting information from employees, such as documents and emails. It’s all perfectly legal in the U.S., but it can quickly lead to potential conflict when in-house lawyers also have to navigate European Union regulations on data protection—laws that guard employee privacy, even for information stored on company computers and servers.

Now imagine a scenario in which that information is even harder to obtain. Such appears to be the case under the E.U.’s new data-protection proposal.

“Currently, one of the ways that in-house counsel manage this potential conflict of laws is obtaining genuinely voluntary employee consent,” says Jim Halpert, a partner in DLA Piper’s communications, e-commerce, and privacy practice in Washington, 直流. “The proposed [E.U.] regulation would declare employee consent—even if freely given—to be per se invalid.”

通过冲突发生时，当遵守中美. 和E.U. 法律.

提出在: 从新闻标签: 法, 凯瑟琳·邓恩, conflict of laws, 同意, 企业, 欧盟. 法律, European Union regulations, 外国腐败行为法案, 信息, 工作

的R-E-S-P-E - ç - T, 跨境电子发现 : 隐私法博客 (诺兰戈德堡)

二月 21, 2012 通过全球预产集团发表评论

Litigants navigating the conflict between U.S. discovery obligations and foreign data protection laws have a new ally, the American Bar Association (“the ABA”). The ABA recently passed Resolution 103, which “urges” that:

[在]here possible in the context of the proceedings before them, 美国. federal, 国家, territorial, tribal and local courts consider and respect, as appropriate, the data protection and privacy laws of any applicable foreign sovereign, and the interests of any person who is subject to or benefits from such laws, with regard to data sought in discovery in civil litigation.

The full text of the resolution and accompanying report (the “Report”) can be found here. In supporting its resolution, the ABA noted that “[升]itigants often face a Hobson’s Choice: violate foreign law and expose themselves to enforcement proceedings that have included criminal prosecution, or choose noncompliance with a U.S. discovery order and risk U.S. sanctions ranging from monetary costs to adverse inference jury instructions to default judgments.” Report at p. 2. As “U.S. law already provides a clear and workable standard for resolving the conflict” the ABA believes that Courts should give more consideration “to the national interests behind the non-U.S. laws” such that the comity factors are weighed and applied “in a manner that demonstrates respect for those laws and the principles of international comity.” Report at p. 17.

The ABA’s involvement with this issue is particularly timely, as it has recently become apparent that new data analytic technologies have weakened the effectiveness and reliability of anonymization, one of the primary mechanisms available to litigants to navigate cross border discovery conflicts. See e.g., The Practice of Law in the Age of Big Data, 夜. L. J., 四月 11, 2011.

通过的R-E-S-P-E - ç - T, 跨境电子发现 : 隐私法博客.

提出在: 从新闻标签: ABA, 美国, American Bar Association, 边框, Comity, 诺兰戈德堡, 隐私法, 保护, 决议

跨境数据流风险 : 信息“集团 (W·斯科特百马)

二月 21, 2012 通过全球预产集团发表评论

Physical borders may be technically irrelevant in the age of online business, global corporate groups, and cloud computing, but they retain legal and cultural significance. Some recent developments in data privacy law around the world suggest that the “free flow of information” is becoming more conditional, and that enterprises will have to be nimble to meet the expectations of regulators, 消费者, and employees when the organization wants to move personally identifiable data from one country to another.

The proliferation of comprehensive data privacy laws, more or less on the European model, increasingly requires US-based multinationals and online companies to adapt to strict requirements for dealing with individuals in other countries. While the rules may soon become more uniform in the EU, they are still new and uncertain in many other countries.

欧盟

一月 2012, the European Commission published a proposed Regulation that would replace the 1995 EU Data Protection Directive. While national practices differ considerably under the 1995 framework directive, the Regulation would establish a much more consistent European approach to data protection rights and enforcement.

The Regulation would continue to authorize data transfers to “white-listed” jurisdictions with EU-style comprehensive data protection laws (such as Switzerland, 阿根廷, 以色列, 和, for most purposes, 加拿大). It would also continue to recognize data transfers to US “Safe Harbor” companies and transfers protected by EU-approved standard contract clauses (“model contracts”) or binding corporate rules (“BCRs”), as well as transfers relying on informed consent. These have been subject to divergent national interpretations and procedures, 不过, and the Regulation aims to eliminate these differences.

通过跨境数据流风险 : 信息“集团.

提出在: 从新闻标签: 数据保护, 欧洲, 信息“集团, 模型, 隐私, 保护, 规例, Transborder Data Flows

微软Office应用程序到iPad? | 信号强度 – CNET科技资讯网

二月 21, 2012 通过全球预产集团发表评论

Microsoft Office Suite may soon come to the Apple iPad, according to a report by The Daily.

周二, the blog reported that its sources say that an Microsoft app that will include Office programs, Word, Excel中, and PowerPoint will soon be submitted to the Apple App Store. The blog first noted the existence of an iPad version of the Microsoft Office Suite in November.

The Daily said that it’s had some hands-on experience with the new app. The user interface is supposedly similar to the current OneNote app. There is also some resemblance to Metro, the new design language used on Windows Phone and the soon to be released Windows 8 桌面操作系统.

The Daily said that Word, Excel and PowerPoint will be supported and users will be able to create and edit these documents locally or online. But the blog said it’s unclear if other Office apps will be supported.

通过微软Office应用程序到iPad? | 信号强度 – CNET科技资讯网.

提出在: 技术字节标签: 应用程序, Apple App Store, 日报, 微软, 微软Office, microsoft office suite, News Microsoft Office Suite, signal, 套件

美国. 参议员寻求海外贿赂法的清晰度 | 路透社 (阿鲁娜Viswanatha)

二月 21, 2012 通过全球预产集团发表评论

Two Democratic senators urged the U.S. Justice Department on Thursday to explain what it considers a bribe of a foreign official, saying the lack of clarity has led companies to devote disproportionate resources to complying with the law.

Senator Chris Coons of Delaware and Senator Amy Klobuchar of Minnesota asked Attorney General Eric Holder to clarify how the Justice Department interprets the Foreign Corrupt Practices Act (反海外腐败法), which bars bribes to foreign officials, and under what circumstances it would pursue a bribery case.

美国. government has stepped up enforcement of the FCPA, extracting $1.8 billion in sanctions from 23 companies in 2010, according to an industry blog called the FCPA Blog.

通过美国. 参议员寻求海外贿赂法的清晰度 | 路透社.

提出在: 从新闻标签: 法, 行贿, 贿赂法, Democratic senators, 缺乏, 法律, 路透社, Senator Amy Klobuchar, Senator Chris Coons, 美国. 司法部

云安全是所有关于可视性和控制 | CFOworld (托尔Olavsrud)

二月 19, 2012 通过全球预产集团发表评论

这是一个经常重复的口头禅: 从事或调查云计算，在其众多的风味任何组织都担心安全问题. 事实上, 有关安全的关注, 数据隐私和数据居留经常被引用作为抑制剂，采用云. 但是是合理的关切? 一些安全专家说，可视性和控制，是缺少的元素.

最近的一项研究，在IT和业务主管, CompTIA的, IT行业协会, 发现 50 ％的受访者列为更大的依赖像云计算和软件作为一种服务，基于互联网的应用，在他们的网络安全问题的驱动因素. 但云专家说，在许多方面，云中的数据是较安全的前提下安装在–或者至少是迅速成为这样–尤其是规模较小的组织，没有资源，致力于安全技术和专家人员.

通过云安全是所有关于可视性和控制 | CFOworld.

提出在: 技术字节标签: 通过, CFOworld, 云, 云计算, CompTIA的, 口头禅, 组织, 托尔Olavsrud, 能见度

技术透视: 开始使用数据可视化的图片 – 黑暗读 (约翰·索耶)

二月 19, 2012 通过全球预产集团发表评论

负责日志分析和数字取证调查的安全专家今天有这么多的数据来分析，它可以是很难做出没有合适的工具来分析它的头或尾巴, 优先, 并确定有价值的信息.

有时晦涩的日志条目可以很容易地在互联网上简单搜索破译. 但其他时候, 有太多的结果，很难涉水通过他们找到正确的信息. 许多组织已经采用了安全信息和事件管理 (暹) 为了帮助转化为可操作的信息安全数据的优先次序和相关的解决方案. 一次正确的配置和调整, SIEMs可以肯定有很大的差别. 但往往, 原来的SIEM的最大特点是采取数据和可视化的方式，分析师可以很容易地发现在活动模式或峰，这说明一个问题的能力.

数据可视化, 或者最简单的术语, 数据的可视化表示, 是什么新鲜事. 最后的二十年里，研究人员在兴趣增加, 安全专家, 和供应商都致力于计算机相关的数据可视化，以有意义的方式. 在 2004, 我看到的第一个数据可视化重点介绍安全数据可视化在亚特兰大会议的小黑客称为Interz0ne会议. 格雷格·孔蒂了精彩的演讲，我经常使用入侵检测系统的基础上分析显示，许多不同的端口扫描和攻击的图形表示 (入侵检测系统), 数据包嗅探器, 网络流量数据. (PDF格式). 活动杀出的方式是大开眼界.

通过技术透视: 开始使用数据可视化的图片 – 黑暗读.