Compliance and Privacy
Compliance and Privacy News )
Essential Reading for Today's Business 1st June 2006

in this issue:
  • ID Theft: US FTC's Awareness Initiative
  • Identity and Privacy Strategies Service Orientation - Courtesy of VeriSign
  • Whither Chip and PIN?
  • New Security Blog
  • 60% Have No Information Security Policy
  • Geopolitical Hot spots: An Internet Demographic Analysis - Live WebCast

    Dear Visitor,

    The US Government has woken up to the issue of Identity Theft and launched a new programme to boost awareness. Should the UK or EU be doing something similar? Find out below what the US is proposing.

    Far more concerning is Shell's abandonment of Chip and Pin less than four months after it was brought in. Read on and find out why there is "no safety in numbers".

    But perhaps the most sobering item in this week's issue is that 60% of the visitors to the Compliance and Privacy website have no information security policy.

    As always, we welcome your feedback - do take part in the discussion forums. The more we get from you, the more we can tailor the content we're providing!

    Peter Andrews

    ID Theft: US FTC's Awareness Initiative

    "AvoID Theft: Deter, Detect, Defend"

    You can take steps to minimize your risk of becoming a victim of identity theft. That is the message of a nationwide education program launched today by the Federal Trade Commission:"AvoID Theft: Deter, Detect, Defend."

    • Deter - Take steps to reduce your risk of ID theft
    • Detect - Monitor your personal information
    • Defend - Act quickly when you suspect identity theft

    The program coincides with issuance of an executive order signed by President Bush, creating an Identity Theft Task Force, chaired by Attorney General Alberto R. Gonzales and co-chaired by FTC Chairman Deborah Platt Majoras. The Task Force will develop a strategic plan to enhance the effectiveness and efficiency of government efforts to deter, prevent, detect, investigate, and prosecute identity theft.

    Identity and Privacy Strategies Service Orientation - Courtesy of VeriSign

    You are invited to attend an orientation to Burton Group's Identity and Privacy Strategies service.

    This 60-minute interactive LiveMeeting session will:

    • Introduce you to Burton Group's Identity and Privacy Strategies website and its resources
    • Provide an overview of the Reference Architecture framework and its major components
    • Demonstrate the value of using Reference Architecture to review and develop your organization's network architecture strategy

    As a service to you, these orientations are repeated each month
    • Date: Tuesday, June 6, 2006
    • Time: 9:00 a.m. EDT / 6:00 a.m. PDT / 13:00 UTC / 15:00 CEST

    Registration options:
    • Register online
    • Call 800.824.9924 ext. 174 (for calls outside the U.S., dial +1.801.304.8174)

    Within 24 hours, you will receive a confirmation with dial-up instructions.

    Attendance at this online web event is limited. Register early.

    Whither Chip and PIN?

    Shell had to slam the door fast on Chip and PIN at 600 UK filling stations after skimmers were found and 1,000,000 had been stolen from customer accounts. But there is a wider issue here.

    It can't just be Shell and its UK filling stations that makes us doubt Chip and PIN, but Shell slamming its Chip and PIN equipment shut last week certainly pours a whole lot of cold water on the technology, brought in with such a fanfare in February 2006.

    Before the Chip and PIN Day we had our doubts, but oddly they were not about the technology presenting attack vulnerabilities. Instead we were worried about the things ordinary people worry about:

    • What if I forget my PIN?
    • Why do I need to remember yet another number?
    • Why is this better than a signature?
    • How do I stop people looking over my shoulder wherever I use the card? I can do it at an ATM, but at the supermarket, in the newsagent, at the dentist, that is just plain impossible
    • What if I lose my card? I now need two separate letters, one with a card and the other with a PIN before I can fill my car with petrol!

    New Security Blog

    Part of what we do at Compliance and Privacy is to find new areas to interest you. One such area is Richard Steinnon's blog

    Richard is founder and chief research analyst at IT-Harvest Inc. He is responsible for setting strategic direction as well as editorial coverage at this independent Information Technology research firm. Richard leads IT-Harvest in its efforts to compile the first comprehensive knowledgebase of the entire IT security market. Prior to joining IT-Harvest, he was VP of threat research for Webroot Software, Inc. the leading commercial anti-spyware solution.

    Why Richard's blog? Simply because he specialises in Threats and the chaos they bring. He's a specilist in his field, and his thoughts are often controversial.

    60% Have No Information Security Policy

    When Asked, What Percentage of Staff Know if They Have an Infosec Policy?

    Information Security is basic stuff. It's part of everything we do, or should be. So why were we not surprised when we asked people, knowledgeable people, who visit this site "Do you have an Information Security Policy?" and we were given the answers?

    We have a question for you. "If I can't trust you with my data, can I trust you with my money?"

    Geopolitical Hot spots: An Internet Demographic Analysis - Live WebCast

    Geopolitical hot spots can be identified through a multitude of factors, including the demographics of a given country or location. It is common to hear various organizations identify areas most commonly infected with malicious code, countries most prevalent for hosting phishing attacks on servers, and so on. Are these counties truly the geopolitical hot-spots of the Internet for attacks?

    This WebCast takes a discerning look into the demographics of the Internet for top countries and correlates data to recent reports of geopolitical hot-spots.

    Your active participation is requested. This WebCast will dispel some myths and reinforce areas of true danger

    The WebCast is at 2pm US Eastern Time. That is 7pm UK time and 8pm European time, on 7 June 2006. To participate you will need a fully audio equipped PC. Estimated running time is 30 minutes.

    Quick Links...


    Readers should note that references to VeriSign's sponsorship are historical. That sponsorship ended on 28 February 2007, and is simply included here for context and historical purposes. VeriSign is not formally associated with this site in any manner, and has asked us to emphasise this point.