Outsourcing Information Security?

IBM and Tata Communications have announced separately that they enter into the managed security market this week. IBM was the main force behind the idea of outsourcing IT jobs years ago. They were the pioneer of outsourcing. The industry has embraced that idea. Now, IBM is pushing managed security. Does it mean that managed security will be embraced by the industry? We will see.

You've got mail from United States District Court in San Diego!

If you have received an email from United States District Court in San Diego, it is most likely that the email is a phising. According to NYTimes, this well-crafted attack targets specific larger prey: wealthy and powerful people. Since the letter looks and sounds so authentic, even those who are well-aware of such scams became victims of the latest phising attack (for instance, a lawyer was tricked into to download a piece of application that allows to show the document supposedly sent by the court). This is another example that shows attackers are getting smarter and more focused.

Privacy Protection-- Microsoft Style

Last week, Microsoft proposed a 5-tier standard for protecting customer privacy when customers are targeted by the online advertisement. According to the proposed standard, customer consent should be sought in five key circumstances:

• when site visitors' data is collected for online advertising,
• when ads are delivered on unrelated sites,
• when sites engage in behavioral advertising,
• when personally identifiable information is used, and
• when sensitive personal data is used.

Although there is an understanding among players in the online ads industry that there is a need for a better protection of customer privacy when they are targeted with online advertisement, there is no common understanding as to what privacy protection should be. Microsoft's move is considered as one of the boldest among the industry players so far.

According to NYTimes, Microsoft's comments on Friday are "in response to the U.S. Federal Trade Commission's request for comments on its proposed privacy principles that would be self-administered by the online advertising industry."

FTC Tries to keep up

As more and more customer information is collected, the concerns over privacy escalate. Although there are two sides to the issue, one can wonder where the FTC stands. So far, it appears that the FTC prefers self-regulations on collection and use of the customer data (some people refer to it as 'behavior marketing') over mandatory government regulation.

HSBC Loses Data of 370,000 customers

HSBC may be facing a fine from British Bankers' Association after the loss of a disk containing customer information. It is reported by Bloomberg that "a disk with personal information from 370,000 insurance customers has been lost in the mail." Although it is indicated that the information in the disk is not extremely sensitive and "there is no reason to suppose that the disk has fallen into the wrong hands", it would not be easy to convince customers whose information is stolen. Today's take-away is again "we should not ignore ensuring the physical security".