Centre for Cybercrime and Computer Security – Threats and Trust in Cyberspace Conference – 2011 – Review
How to Put Users in Control of their own Internet Data:
Maciej Machulak of Newcastle University presented a new web based software product to compliment and re-enforce existing social networking security and privacy controls.
Machulak demonstrated a new product which has been developed in order to provide a one stop shop for your social networking security and privacy controls, called SmartAM (AM – Automation). SmartAM allows a user to register to its website, have it search and register data on the World Wide Web about the registered user, such as images, videos, text files etc. The user is then able to create a single security policy with regards to who can access that data as a whole or the individual items of data/asset registered and choose who exactly can access that data.
Once this has been done, access to that data can then be handed over from the likes of Facebook, Picasa and Flikr to SmartAM and once the security access policy has been defined, only those permitted to access that data can do so. SmartAM beta provides –
- Centralised and user-driven management of access control settings
- Consolidated view of sharing settings for all of a users web resources
- Unified user experience – Removes the need to learn multiple user interfaces with regards to implementing and configuring access controls on each individual web site.
- Sharing settings which are re-usable – Create once, apply everywhere
Acknowledgements of SmartAM –
- Lukasz Moren – SMART Developer, Newcastle University
- Eve L. Maler – UMA WG Chair, Specification Editor
- Aad van Moorsel – SMART PL, Newcastle University
- Maciej Machulak – SMART Developer, Newcastle University
- Domenico Catalano – Graphics/UX Editor
You can read more at http://www.smartam.net
Security in SME’s, Industry and Government
Brian Fenwick (Security Risk Management Ltd, Newcastle upon Tyne) discussed ‘The need for security’ and how crime is both progressive and repetitive and how large scale crime has many offenders with multiple victims, whilst organised crime has multiple victims with an increasing amount of expertise.
Brian also discussed the brief history of the internet since 1960 to recent times –
- 1960 – Internet Development
- 1980 – ISP’s Developed
- 1990 – More wide spread commercial deployment/take-up of the Internet
- 1999 – First reported attack – Melissa Worm
- 2000 – First arrest for DDOS attack
- 2007 – Major data losses and fraud
and the reaction to the recent events, such as major data losses by government departments. An example is the implementation of ISO 27001, the governments own HMG Security Standards and the Cybercrime Strategy.
Brian also discussed the 4 tiers of PCI-DSS (Payment Card Industry Data Security Standards) and how currently (2011) small and medium enterprises are self assessed for taking and processing credit card transactions. As well as card security standards, Brian discussed fraud detection and exactly how many ‘frauds’ constitute and breach as well as the follow-on forensic investigation relating to a breach, the potential fine for the card processor, the ongoing annual audits involved and the ultimate result of a disqualification of a business being allowed to accept card payments.
Brian also discussed how currently, private sector organisations, unlike governmental departments, are NOT required to disclose any loss of data or ‘breaches’ with regards to missing personal data of customers. This however, is going to become mandatory within the next 12 months (12 months from March 2011) for all private sector small and medium enterprises to declare personal data incidents to the Information Commissioners Office and to notify the affected customers.