Blog Elements

Half Sized Blog Element (Single Author Style)

Half Sized Blog Element (Multi Author Style)

A Review of Google’s New Privacy Policy

2012-03-02/0 Comments/in Privacy/by admin

As of March 1, 2012, Google officially combined privacy policies from more than 60 of its services to a single privacy policy. In doing so, Google is now able to take information from users who are logged-in to its products and services and store them into a database.

The Federal System’s Need for a Security Assessment Process: Part 1

2012-02-21/0 Comments/in Vulnerability Assessment/by admin

Federal agencies, due to Federal Information Security Management Act (FISMA) requirements, are obligated to assess the effectiveness of their systems, as well as the security controls that are in place as part of the certification and accreditation (C&A) process before operations can be approved.

A Review of Google’s New Privacy Policy

2012-03-02/0 Comments/in Privacy/by admin

The Federal System’s Need for a Security Assessment Process: Part 1

2012-02-21/0 Comments/in Vulnerability Assessment/by admin

Full Sized Blog Element (Big Preview Pic)

A Review of Google’s New Privacy Policy

2012-03-02/0 Comments/in Privacy/by admin

For example, activities conducted on Google’s search engine, Map, Docs, Calendar, Google+ and YouTube to name a few of their product can all be collected to create a unique user profile that will aid in a better user experience as well as targeted ads for their customer.

The collection of data is not just on computer-based devices; we are talking about mobile devices, such as smart phones and tablets as well.

The biggest issue I personally have with Google’s new privacy policy pertains with its loosely wording. And why wouldn’t it be loose, how can one policy cover over 60 services and products?

Furthermore, with even more concern to privacy experts, the new policy allows for law enforcement to gain access to user information due to the expansion of the Patriot Act this past January. The National Security Letter provision of the Patriot Act allows federal authorities access your data from information custodian without a court order. Moreover, the Federal Law enforcement can order the ISP or information custodian to not disclose such request to the user.

Every year these request continue to increase in part to Google’s growing user-base and product offering. In Google’s latest transparency report of information provided to various government entities per request, the US had the highest count.

Country	User Data Request	Percentage of user data request complied	Users/Account Specified
United States	5,950	93%	11.057
India	1,739	70%	2,439
France	1,312	47%	1,552
United Kingdom	1,279	63%	1,444
Germany	1,065	66%	1,759

If you do not what your information being tracked, we suggest logging off of Google’s services before doing searches and etc. This is a harder task if you are using an android-based device.

The Federal System’s Need for a Security Assessment Process: Part 1

2012-02-21/0 Comments/in Vulnerability Assessment/by admin

Due to the growing threat to federal systems, security assessments are the key to supporting system owners with a detailed understanding of the strengths and weaknesses of their organization’s information system that supports critical applications and missions.

Furthermore, regular security assessments have become an imperative part of the federal government’s computer and network security posture. In this age, many agencies consist of heterogeneous computing environments, distributed computing and Internet facing systems. Best practices in information security acknowledges merely taking a defensive approach to securing an agency’s information system does not suffice and at times is considered inadequate.

By performing regular security assessments, the agency can bridge that vulnerability gap and allow for a proactive stance towards protecting their information-computing environment.

A security assessment can encompass an array of functions or responsibilities such as “Physical Security” to determine if the agency’s computing servers are stored in a secure location and to establish who has access to the communication facilities. A security assessment can also assess the agency’s “Internet Security” posture to determine how vulnerable the organization’s network is from the Internet. An assessment consisting of an Internet security evaluation aids in the understanding of what risks the organization inherits because of unneeded services allowed to and from the outside world. Lastly, an assessment consisting of “Network Security” can determine what access do employees have to critical files and data. A network security assessment will help an organization determine if an adequate solution for virus and spam protection exist and validate internal password and system configuration policies.

Read the rest at the FOSE Blog Site.