DISCLAIMER: Logging other people's keystrokes or breaking
into other people's computer without their permission can
be considered illegal by the courts of many countries.
The monitoring software reviewed here is ONLY for authorized
system administrators and/or owners of computers.
We assume no liability and are not responsible for any misuse
or damage caused by the keylogging software. The end user of
this software is obliged to obey all applicable local, state,
federal and other laws in his country of residence.
July 03, 2008
Reports reveal poor security practices behind data losses
Poor public sector information security practices were highlighted last week by four separate reports into data handling.
Two of the reports focused on the failures that led to the loss of 25 million child benefit records by HM Revenue and Customs (HMRC), while another examined the loss of a Ministry of Defence (MoD) laptop, which contained unencrypted personal records for more than 600,000 people.
A fourth report, the data handling review, looked more widely at data handling practices across government, and made a number of recommendations for improving security.
Improving information security practices were highlighted as a key move. The review announced that a series of mandatory minimum measures will be put in place.
All information that is portable will be encrypted, including laptops and discs, and greater controls will be put on the moving of information. Departments will be obliged to have their networks tested by ethical hackers on a regular basis.
Civil servants who deal with personal data will undergo annual training, and the government will introduce privacy impact assessments (PIAs) that will monitor the effect of government initiatives on citizens’ privacy.
Data security roles in departments are to be more clearly defined to ensure clear lines of responsibility for protecting information something that was lacking in the HMRC breach.
Departments will report on their performance in these areas to the National Audit Office. They will also be subject to spot checks from the Information Commissioner’s Office (ICO) as part of an effort to improve the transparency of procedures.
“Effective public services depend on information about the people they serve. But to command public confidence, that information needs to be safely stored and protected,” said Cabinet Office minister Ed Miliband.
“The government is determined to take the necessary steps to improve data security. The measures outlined today are an important part of that process.”
Despite the high-profile losses, the Cabinet Office is keen to emphasise that data sharing is crucial to its technology strategy.
Each week, the police and courts make 4,500 enquiries to the online driver’s database the Driver and Vehicle Licensing Agency (DVLA)-operated electronic record of data held by MOT garages and the insurance industry that enables 10 million people to renew their car tax online while HMRC saw three million self-assessment tax forms filed online in 2006/2007.
The ICO will play an important role in overseeing the increasing amounts of public information being handled. Equipped with new powers to fine and spot check, the office finally has some of the powers it has demanded.
Information Commissioner Richard Thomas welcomed the Cabinet Office moves to improve security. “This material should help chief executives across the whole of the public, private and not-for-profit sectors achieve better compliance with the Data Protection Act and keep people’s details more secure,” he said.
The number of data loss reports since the HMRC breach suggests that incidents will still occur, even when the danger is highlighted. But putting in place the safeguards laid out in the review will be key to reducing the number of occurrences, according to Graham Titterington, principal analyst at Ovum.
“Security training is the most important measure most of these incidents are down to human failure,” he said.
While encrypting data is a relatively simple process, managing the keys that unlock that data is not.
“Encrypting across departments will mean large, complex key management syste ms, and these are quite a challenge to put in,” said Titterington.
“Despite this, it’s realistic to expect most departments to have the recommended measures in place within a year.”
Source: Vnunet.Com
All news for October, 2008
All news for 2008 year
All news for 2007 year
All news for 2006 year
All news for 2005 year
All news for 2004 year
DONATION: Keylogger.org is an independent research
project supported by a team of enthusiasts. If you find this
project useful or would like to help foster its continued
development please consider making a donation using PayPal`s
online secure payment service. A PayPal account is not required.
All major credit cards are accepted (MasterCard/Eurocard,
Visa/Delta/Electron, American Express, Switch/Maestro, Solo).
Simply click the button below.
Any amount would be useful and appreciated!
Thanks in advance for your support!
|
