Pointers: Recommended reading

An analysis of three data breaches in the private sector provides some hard-earned lessons learned for any organization that stores personal data.

Lesson No. 1: Get serious about Web security. It’s not enough to install firewalls and keep up with security patches, according to the article. Security must become part of the application development process.

The authors also note that intrusion detection systems, vulnerability scanners and other security tools can never keep up with the bad guys. They advise using event management systems and similar technology to watch for unusual traffic that could indicate a possible security problem.

Password hacking: Sizing up the threat
Source: InfoWorld

InfoWorld’s Roger Grimes identifies the six most daunting threats to the security of your password.

One technique is password sniffing. It involves installing a standard network protocol analyzer — often called a sniffer — between the authentication client and authentication database, Grimes said. If the log-on credentials are not protected en route, they are easy pickings.

Other techniques try to avoid the log-on process altogether. In authentication bypassing, hackers might use a separate boot disc to gain access to the data partition they want without ever seeing a log-on prompt.

The article discusses the best defenses against those and other techniques.

The Internet and civic engagement
Source: Pew Internet and American Life Project

The nation’s well-to-do could lose their grip on the political process thanks to the Internet, according to a new report from the Pew Internet and American Life Project.

On the one hand, the digital divide is still apparent: People who are educated and financially secure are more likely to participate in political activities, such as sending a letter to a government official or making a contribution to a candidate — whether they do it online or off-line.

But socioeconomic factors appear to play less of a role in the type of political involvement that centers around blogs and social-networking sites. That is because younger users — ages 18 to 29 — have higher levels of online engagement than their older and more affluent counterparts, the report states.

Twitter guidelines: The UK edition
Source: The E-government Bulletin

Government officials in the United Kingdom recently drafted guidelines for agencies that want to join the conversation on Twitter.

The guidelines highlight the various objectives Twitter might help agencies achieve and metrics for measuring their success. For example, if agencies hope to provide “thought leadership,” they should measure the frequency with which their updates are retweeted by other users.

The guidelines also identify risks and possible mitigation strategies. For example, agencies concerned that sensitive or embargoed information might be published in error can develop light but effective procedural controls or require that a digital media team approve all tweets before posting.