e-Security | Open Forum

OpenForum.com.au is proud to host a forum for the Australian Business Foundation. The Foundation Forums are a separate but related entity, hosted by us but largely administered by the Australian Business Foundation. To see the Foundation Forums, click here.

Upload your Event!

The debate has been long on rhetoric and short on cold, hard analysis. But it may be about to improve.

Ever since 11 September 2001, governments, national security & law enforcement around the world have been arguing vigorously for hugely increased collection of information about citizens from disconnected sources and applying data mining to it. Enormous resources have gone into these initiatives and laws protecting citizen rights have been compromised to allow them. They have been equally vehemently opposed by civil liberties and privacy advocate interests.

The debate has been long on rhetoric and short on cold, hard analysis.

At last, the debate is beginning to change. It took a significant step forward on 7 October with the release of a report by the US National Academy of Sciences titled Protecting individual privacy in the struggle against terrorists. The report was funded in part by the US Department of Homeland Security and the US National Science Foundation. These are reputable researchers funded from reputable sources.

The report rather bluntly states that explosive increases in data mining have been a waste of time and resources. Hopefully it marks the beginning of the end of a rather frightening era of this form of data surveillance by government.

The Center for Information Policy Leadership (CIPL) summarises the report into 4 major points:

1. There is little evidence that "data mining" works as a tool to detect or prevent terrorism, and lots of reason to think that it is unlikely to ever work for those purposes. There are many practical problems-bad and unstructured data loom especially large-but the major obstacle is that data mining depends on having lots of identified patterns to work with in order to make predictions. Commercial data mining, for example, for fraud prevention and marketing, depends on observing millions or tens of millions of transactions to be able to recognize statistically relevant linkages or patterns. Fortunately, we have very few patterns of terrorist behavior to work with, and terrorists (unlike most consumers) are working hard to mask their transactions, so the "promise" of data mining as a counterterrorism tool seems unlikely to be realized.

2. There is similarly little evidence that behavioral or biometric monitoring works to detect or prevent terrorist acts. In fact, the committee found so little evidence of any success with behavioral or biometric monitoring that it could not reach consensus on any role that such techniques might play in counterterrorism.

Craig Scroggie

Employees are bringing their mobile devices to work and expect IT to support them.

The trend toward employees introducing their own consumer devices - including laptops and mobile devices - into the workplace is resulting in a change of how enterprises deliver services to their employees and customers.

The challenge for IT managers today is to find ways to enable the use of a wide range of technologies in the workplace while ensuring the data residing at the endpoint and in the network is secured and managed appropriately. A key part to managing this change is to put in place policies, educate employees and implement data loss prevention and encryption tools so that organisations can understand where their data is and how it is being used.

Consumerisation of IT is transforming our industry and it's especially transforming the IT function in all enterprises - large and small. This transformation has been driven by the explosive growth of mobile devices. Smart phones and smart mobile devices, are outstripping PCs by a very large number in terms of their shipments, and eventually, they will dominate in terms of the way people access the Web, and in many cases access applications.

Employees are bringing these to work and they expect IT to support their mobile devices. The days in which IT can dictate the standard device are vanishing. Rather than trying to hold on to control, some companies have embraced the change and moved to a model in which they allow employees to bring their own PC or mobile device to work, and the company will accommodate it.

In a digital environment, approval of a data transfer makes about as much sense as approval of an ocean current.

In its preoccupation with a perceived threat to its independence arising out of the recommendation for a private right of action for invasion of privacy, the media commentary on the ALRC's Privacy Report has missed its most significant aspects.

Among its many recommendations, the following deserve wide public discussion: regulating cross-border data flows; rationalisation of exemptions and exceptions; and uniform privacy principles and national consistency.

Regulating cross-border data flows

The existing law, which is based on the 1980 OECD Privacy Principles, regulates cross-border data flow by requiring an assessment of the level of privacy protection that will be provided to the data in the jurisdiction to which it is being transferred. While some flexibility is built into the tests, the basic concept is that privacy protection in the receiving jurisdiction should be similar to that in Australia. This approach was also taken, in a more bureaucratic form, in the European Union's Privacy Directive of 1995.

As Web 2.0 technologies and the threat landscape continue to evolve, it's now more important than ever that both private and public sectors join forces.

Last week, I participated in the Over the Horizon Visionary forum which was held as part of National E-security Awareness Week. The forum was attended by a number of industry representatives from across Australia and aimed to promote discussion on the government's future e-security policies. One of the discussion groups at the forum focused on how the public and private sectors can partner to better educate the public on safe Internet practices.

Many in the group, including myself, agree that there needs to be a working partnership between the public and private sector to educate and equip Australian PC users. By working in collaboration and building a strategy around education, the public and private sector can help make the Internet a positive and safe place to learn, communicate, and socialise.

For many businesses, justifying a budget for IT security remains a perennial challenge.

As part of McAfee's participation in E-security Awareness Week, I've spent the last three days talking directly to customers at an Executive Summit we hosted in the Hunter Valley in New South Wales, and gleaned some of the challenges organisations are currently facing.

In the context of what challenges face CxO's and security managers when it comes to better securing corporate networks and managing risk, there is a definite sense of this being a "work in progress". Their call was to make the proposition simpler while providing higher levels of protection and compliance.

These stakeholders understand the evolving complexity and escalation of threats to their organisations and their data. On the one hand they are witnessing a proliferation of "smart" devices, many of which are being carried into the office and connected up to the corporate network without being properly checked for malware or not having the disk encrypted in the event of the device being lost.

By Dr Martyn Wild

Our kids might understand and recite the safety messages we tell them, but this rarely has much impact on their everyday behaviours.

The cybersafety discussion is more important today than it has ever been. Not simply because of the scare stories that are emerging with ever-increasing frequency (only last Thursday [5 June] we witnessed large numbers of Australians, including at least one teacher and a police officer, identified in the worst type of child exploitation). But more so because, (i) children are changing their use of the Internet; and (ii) their parents are evidently not taking responsibility for the implications that arise from that use.

New data arising from studies very recently conducted in the UK and Australia tell us that 57% of parents are not aware how to keep their children safe online, what actions to take to minimise potential adverse impacts on their children's well-being or even what to do at times of crisis.

"If our taxes and health system was not set up to cover contingencies such as autism, what's its use? If we cannot, as a nation, afford this for our children when they are in need, then someone needs to rearrange our priorities."

—

"Only rich parents need apply" - Blog by Susan Merrell »»

Share your thought!

Welcome to Open Forum!

Contribute

Events

Upcoming events

Subscribe to the RSS feed
Home › IDENTITY MANAGEMENT
›
e-Security

Is rationality returning to the official debate over the "war on terrorism"?

The Rise in Consumerisation of IT

The ALRC Report on Privacy

Collaboration is Key to Keeping Australians Safe Online

A call for maturing our approach to IT security and risk

Keeping our kids safer online

Search

Log In to OpenForum

Thought of the week

Sponsors

Recent blog posts

New forum topics

Footer Menu