NAISG Presentation online

Slides and video of my presentation to the Boston Chapter of NAISG on 201CMR17.00, the new Massachusetts data protection law, are now online at the NAISG presentation archive page.

 

Jack

Julie Amero Case is finally over.

The infamous Julie Amero case is finally over. You remember, the poor substitute teacher who allegedly exposed her students to pornography- on a school PC which did not have up to date anti-virus software on a network without web filtering- and has spent years battling a felony conviction over the incident.

In this case, the unforeseen consequences of failing to secure the network and systems have been dramatic.  There really is a lot more to web content control than just keeping people from visiting inappropriate sites, and this case proves how wrong things can go if you ignore the basics.

The story is here, and more from Rick Green on Julie Amero's case here.  Alex Eckelberry at Sunbelt has been involved, here is his take on it.

Discussion of new Mass. data protection law at Boston NAISG meeting

I will deliver a presentation and then lead a discussion on the new Massachusetts data protection law, 201 CMR 17.00, at this month's meeting of NAISG's Boston chapter.  The presentation and discussion will explore the new law, its impact on businesses, and approaches to compliance.  Details of the meeting are at the NAISG Boston website.

Massachusetts "201 CMR 17.00: Standards for The Protection of Personal Information of Residents of the Commonwealth" is one of the most far-reaching and specific state laws governing the protection of personal information.  It is important to note that the law applies to

"persons who own, license, store or maintain personal information about a resident of the Commonwealth of Massachusetts"

So you do not have to be in Massachusetts for this law to apply to you.

NAISG Boston meets at Microsoft's offices in Waltham, MA, directions here.  Please join us if you are in the area.  Meetings are free and open to the public, but we would appreciate an RSVP so that we have enough pizza for everyone.

Jack Daniel

Security Bloggers Network

Missing your Security Bloggers Network feed this morning?  Blame Google's assimilation of FeedBurner and abandonment of blog networks.

Alan Shimel has the story here. Don't worry, it will reappear.

A Short Reflection on Voting Security

As Americans head to the polls today, here is another perspective on voting and security in America:

We all know about the darker side of voting: voter fraud, vulnerable electronic voting systems, social engineering among others.  There is one topic that is very often overlooked in the United States - Personal Security.

My wife and I left for the polling station mid-morning toting my one year old son.  The biggest things that we were thinking about were "where is the carton of Fishies[tm]" and "we need a copy of the lease to register, where is it?"  We left the polling station after 15 minutes, successfully registering and voting.  I dropped my small family off and headed for work.  On the way to work, while listening to a history lesson on NPR, I began to reflect on what I had just done. 

In less secure and stable parts of the world, people have to vote in makeshift bunkers for fear of bombings.  People are shot, maimed or worse for voicing their opinion.  This is not even a second thought in the US.  The worst thing that I was looking forward to was finding a parking space. 

My reflection: Among all of the normal topics of discussion, I would like to add a congratulations to the people that make the process safe for US voters.  I would Also like to reflect on the fact that as a security buff, I know that this has not been, nor will it always be the case - Vote with pride and care.

Please take a moment to reflect on this and other issues for a moment if you are frustrated with the banter on the major networks.

-Voter 1749, Ward 8 Nashua, NH.

Hackers for Charity and The Academy

Want an easy way to give a buck to Hackers for Charity without taking it out of your own pocket?  The Academy is donating a dollar to HfC for every registration (registration is free).  This post has the details.

Not sure about supporting something called Hackers for Charity? It is a great group, here's a synopsis:

"Hackers for Charity helps non-malicious hackers gain valuable job experience by putting them to work on projects for charity. They also build computer classrooms to help children and adults break the cycle of poverty through empowerment training, and feed children with funds raised by sales of Johnny Long’s books."

[Note: Astaro is a sponsor of The Academy.]