Saving Money with IT Security Processes. Example 7/26: Early Notice of Regulatory Compliance Changes through Technological and Legal Watch

Article number 7 in a series dedicated to giving examples of the way IT security processes can help your company save money.

Regulatory Compliance requirements are a pain in the back for companies. They've got to reach some government-imposed or industry-imposed requirements and they sometimes have to reach them by using imposed means, tools, technologies...

However, the most costly is not to put the requirements in practice if you know them from the start of projects. The most costly is to modify production afterwards, in haste, in order to comply:

• The production may incur downtimes and bugs because of the hasty patches.
• Besides, the architecture may have to be reviewed to support the requirements, and the previous architecture may be obsolete before it has paid off.
• Eventually, the patched system may be more expensive to operate than if it had been thought about correctly from the beginning.

A good way to prevent such blunders and losses of money from happening is the Technological and Legal Watch process. The goal of the process is to identify emerging threats. Threats can be:

• Technical, like a new vulnerability.
• Commercial, like a vendor no more supporting a product.
• Trends, like the emergence of a new kind of attacks (think XSS a few years ago).
• Regulatory, like the validation of an industry standard.
• Legal, like the imposition of a new legal requirement.

The best tool for Technological and Legal Watch process is the RSS feed. Feeds can be collected from related web sites. Feeds can also be created from Google searches (with keywords).

Le problème du transfert des données des passagers européens aux États-Unis

Article qui pointe un problème de fond : Le problème du transfert des données des passagers européens aux États-Unis.
Le problème de fond est l'harmonisation des législations et des pratiques informatiques (ou "informatique et libertés") entre des pays "alliés sur tous les autres plans", ici l'Union Européenne et les États-Unis.

L'une des parties a une tendance très démocratique, sauf sur les questions de politique étrangère (États-Unis), l'autre a une tendance très pro-peuple mais peu démocratique (Union Européenne). Je n'ai pas de certitude sur la façon dont ces problèmes vont se résoudre, à terme, mais je parie que le processus ne sera pas démocratique.

10,000 Romanians spied upon by their employers

The news comes from the daily newspaper cotidianul.ro (RO).

The application is named Cyclope, developed by Amplusnet, a Romanian company, and works on all Windows stations. It reports things such as the time spent on some filetypes, the time spent surfing the web and integrates with notions such as overtime hours, in order to provide HR with detailed information, not only on the statistical level but also on the personal one.

The current size of the target is roughly 10,000 employees in Romania and, according to Amplusnet, 50,000 employees in other countries.

Let's take this opportunity to remind that such spying upon employees is not legal everywhere. In Europe especially, different laws exist to make sure that the workplace doesn't become a hell. In France, the monitoring of employees is allowed only in a very strict legal framework (FR). In Switzerland, spying upon employees at work is completely illegal (FR). In Romania, there is more subtlety. Cristian Ducu has examined the matter (RO).