May 9, 2008
Credit Bureaus and Outsourcing
He digs deep into how extensively TransUnion outsources, and where. I went looking, and was surprised to see that their privacy policy is at least honest. They make no claim that they care about your privacy, nor any that they apply the highest standards of security to your information.
Bookmark this post:
May 7, 2008
Security Cameras Functional
Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. "CCTV was originally seen as a preventative measure," Neville told the Security Document World Conference in London. "Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It's been an utter fiasco: only 3% of crimes were solved by CCTV. There's no fear of CCTV. Why don't people fear it? [They think] the cameras are not working." (BBC, "CCTV boom 'failing to cut crime.'")Blogosphere analysis: Schneier, Stoddard.
Our thought? Their chocolate ration needs to be increased to 20 grammes. Action this day.
Image credit: Emergent Chaos
Bookmark this post:
May 5, 2008
Hiring Fraudsters?
PARIS — Jérôme Kerviel, the Société Générale trader who used his knowledge of the French bank’s electronic risk controls to conceal billions in unauthorized bets, has a new job — at a computer consulting firm.First let me say that I'm fond of the phrase "paid his debt to society." It's out of fashion, but it used to mean that someone, after their sentence was carried out, was done. That they ought to be allowed to get on with their lives. I've publicly commented on Frank Abagnale being in this class.Mr. Kerviel, who was given a provisional release from prison on March 18, started work last week as a trainee at Lemaire Consultants & Associates, which specializes in computer security and system development, a spokesman for the former trader, Christophe Reille, confirmed on Friday. (" After Trading Scandal, Banker Gets I.T. Job," The New York Times.)
Kerviel clearly understands how to get around IT controls. I expect that there's a great deal which he might be able to teach people about what's important in security design, and some about what isn't. (His ability to generalize his approach hasn't been tested yet.)
At the same time, he hasn't yet been tried for his actions. What would be the right framework for making a hiring decision like this?
Photo: REUTERS/Benoit Tessier
Bookmark this post:
May 4, 2008
Spending to Protect Assets
There's a story in the New York Times about a bike rental program in Washington DC. It's targeted at residents, not tourists, and has a subscription-based model.
Improved technology allows programs to better protect bicycles. In Washington, SmartBike subscribers who keep bicycles longer than the three-hour maximum will receive demerits and could eventually lose renting privileges. Bicycles gone for more than 48 hours will be deemed lost, with the last user charged a $200 replacement fee.$4,500 is 22.5 bikes. Put another way, they could buy 2,500 bikes, rather than the 120 they're buying. That would require a lot more space if you bought them all at once, but you might just buy them as bikes are stolen. Looking at it another way, if you took the $500,000 being spent on technology, and invested it at 5%, you would make $25,000 per year, enough to completely replace the fleet annually.That technology comes with a price, which is one reason cities and advertisers started joining forces to offer bike-sharing. The European programs would cost cities about $4,500 per bike if sponsors did not step in, Mr. DeMaio said. "Bicycle-Sharing Program to Be First of Kind in U.S."
This is (obviously) an incomplete analysis. But the cost of protection jumped out at me. Maybe it's typical for how people in Washington think about asset protection.
Bookmark this post:
May 3, 2008
A question of ethics
Bookmark this post:
Fasilyce, upon Reading
Much as I enjoy your work, it is entirely dis-congruous to your readers to insert words known to neither the Oxford English Dictionary or the internet (as indexed here, here or here) whose meanings are not rapidly comprehensible.
Thank you for your future attention to this matter.
I remain, etc, etc.
Bookmark this post:
