The Third PrivacyOS conference is going to take place in Vienna, 25-27 October 2009:
http://www.amiando.com/3rdprivacyos.html
“The third PrivacyOS Conference focuses on “rising awareness – functions and impact of data protection”.
Participants are invited to join the Austrian Big Brother Awards Gala on the evening of the 25th of October and to discuss about privacy issues or their experiences in this field. The conference provides a unique opportunity to articulate and exchange best practices, challenges and solutions in privacy and data protection on the 26th and 27th of October.
The conference primarily addresses legal and technical IT experts, interested manufacturers of IT products or services as well as data protection authorities. All persons interested in privacy or data protection aspects are welcome to register for the event. “
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
Monday, September 28, 2009
Workshop on Access Control (and Privacy) Application Scenarios
Please consider submitting a position paper at the W3C Workshop on Access Control (and Privacy) Application Scenarios, by October 23rd:
http://www.w3.org/2009/policy-ws/cfp.html
"W3C invites people to participate in a Workshop on Access Control Application Scenarios on 17-18 November 2009 in Luxembourg. This Workshop is intended to explore evolving application scenarios for access control technologies, such as XACML. Results from a number of recent European research projects in the grid, cloud computing, and privacy areas show overlapping use cases for these technologies that extend beyond classical intra-enterprise applications. The Workshop, co-financed by the European Commission 7th framework program via the PrimeLife project, is free of charge and open to anyone, subject to review of their statement of interest and space availability.
The workshop is intended to discuss issues around access control in very wide sense, encompassing conditions and rules derived from the fact of accessing information. Topics that might serve as appropriate discussion points for position papers include, but are not limited to:
The workshop will examine experiences and recent research results in these areas, their need for agreed semantics, the need for extensions to existing access control languages, and perhaps for radically new approaches.
Position papers are due 23 October. See the call for participation for more information."
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
http://www.w3.org/2009/policy-ws/cfp.html
"W3C invites people to participate in a Workshop on Access Control Application Scenarios on 17-18 November 2009 in Luxembourg. This Workshop is intended to explore evolving application scenarios for access control technologies, such as XACML. Results from a number of recent European research projects in the grid, cloud computing, and privacy areas show overlapping use cases for these technologies that extend beyond classical intra-enterprise applications. The Workshop, co-financed by the European Commission 7th framework program via the PrimeLife project, is free of charge and open to anyone, subject to review of their statement of interest and space availability.
The workshop is intended to discuss issues around access control in very wide sense, encompassing conditions and rules derived from the fact of accessing information. Topics that might serve as appropriate discussion points for position papers include, but are not limited to:
- interaction between access control and privacy policies
- language extensions to connect access control languages to novel types of credentials
- large-scale cloud and grid computing use cases for access control technologies
- policy management
- mechanisms for controlling progressive disclosure of information by user agents and servers
- the emerging role of trust delegation and supportive mechanisms in cloud computing, grid, and Web use cases
- mechanisms for richer user control over downstream data controllers
The workshop will examine experiences and recent research results in these areas, their need for agreed semantics, the need for extensions to existing access control languages, and perhaps for radically new approaches.
Position papers are due 23 October. See the call for participation for more information."
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---
Interesting article – “Phishing Fraud hits two year high”
http://www.theregister.co.uk/2009/09/28/phishing_fraud_trends/
“Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor. …”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
“Phishing attacks reached a record high during the second quarter of 2009, with 151,000 unique attacks, according to a study by brand reputation firm MarkMonitor. …”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
Tuesday, September 8, 2009
On Enterprise Security Playbooks
I am interested in getting a few real-world examples of enterprise “Security Playbooks” and explore them.
What is an enterprise Security Playbook? It is the “outcome” of organisation’s scenario planning and security risk assessment exercises, describing what should be done in presence of specific events and threats, for given contexts.
A security playbook can relate both to current and foreseeable situations where decisions must be taken by one or more “decision makers” and courses of actions carried out by specific people.
Why are “security playbooks” important? They are strategic for organisations as they synthesize what has to be done in critical situations (and who has to carry out actions) when very little time is allowed for debates and reactions.
Interestingly enough, “playbooks” are available in many fields, related to traditional business risk management (in case of faults, natural disasters, etc.).
I am interested in learning more about enterprise playbook that specifically focus on “IT security and cybercrime” aspects: I am wondering if any public template, example or guideline has ever been produced. I struggled to find anything really relevant …
I am also interested in better understanding what the implications are in the IAM space, which impact playbooks have on people, IAM processes and related IT operations …
Any input or links would be greatly appreciated.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
What is an enterprise Security Playbook? It is the “outcome” of organisation’s scenario planning and security risk assessment exercises, describing what should be done in presence of specific events and threats, for given contexts.
A security playbook can relate both to current and foreseeable situations where decisions must be taken by one or more “decision makers” and courses of actions carried out by specific people.
Why are “security playbooks” important? They are strategic for organisations as they synthesize what has to be done in critical situations (and who has to carry out actions) when very little time is allowed for debates and reactions.
Interestingly enough, “playbooks” are available in many fields, related to traditional business risk management (in case of faults, natural disasters, etc.).
I am interested in learning more about enterprise playbook that specifically focus on “IT security and cybercrime” aspects: I am wondering if any public template, example or guideline has ever been produced. I struggled to find anything really relevant …
I am also interested in better understanding what the implications are in the IAM space, which impact playbooks have on people, IAM processes and related IT operations …
Any input or links would be greatly appreciated.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
On my Experience in Using Twitter …
I’ve now been using my Twitter account for a few months, in order to provide quick updates about my work and activities.
My overall experience is positive. The 140 chars limitation is actually a pros, imposing some discipline on what to say and focus.
I have used Twitter many times to complement my blogging activities, to provide short pointers to blog posts of interest, to a wide community of followers.
I noticed that the communities operating in Twitter are nowadays much more active and dynamic than the ones operating in the traditional blogging space.
But this is just based on my personal experience and discussed topics …
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
My overall experience is positive. The 140 chars limitation is actually a pros, imposing some discipline on what to say and focus.
I have used Twitter many times to complement my blogging activities, to provide short pointers to blog posts of interest, to a wide community of followers.
I noticed that the communities operating in Twitter are nowadays much more active and dynamic than the ones operating in the traditional blogging space.
But this is just based on my personal experience and discussed topics …
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
W3C Policy Languages Interest Group (PLING) - Public Teleconference - 09 September 2009 – 12:00 AM (UTC)
The next W3C Policy Languages Interest Group (PLING) public teleconference is going to be held on 09 September 2009, at 12:00 AM (UTC).
Among many other topics, the agenda includes:
Among many other topics, the agenda includes:
- PLING Note on Best Practices for Privacy Awareness. See W3C GeoLocation API WD and FireFox Location-Aware Browsing for inspiration
- HTML 5 Licensing Works
- Proposal for a new Web Policy Language Working Group
Please consider attending this teleconference.
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
Subscribe to:
Posts (Atom)