Users sharing passwords may breach data protection regulations

June 21, 2007 Leave a Comment

The Data Protection Act 1998 (DPA) can be seen as a very straightforward piece of legislation. Properly applied, it protects the rights of individuals to ensure that data about them is processed properly, securely and only for the purposes they originally gave that information.

In a ruling yesterday the Information Commissioner’s Office decided that allowing staff to access data without proper controls (by using each other’s passwords) is not in compliance with the Act. This kind of lax IT management does not ensure that personal information will only be accessed by authorised people who have a good reason to do so. This does not meet the Act’s requirements that a Data Controller should have appropriate “technical and operational measures” to ensure data is processed in line with the Data Protection Principles.

Read more of this post

Filed under IT legal matters, Security and Malware

Windows Vista more secure after six months than XP

June 21, 2007 1 Comment

Some readers may have seen the report which was published by Jeff Jones three months after Vista was finally released in which he showed that the number and severity of flaws in Vista were far less of a risk than XP after an equivalent period.

He has now updated this report to show the vulnerabilities in Vista after 180 days. What is key is not only the distinctly fewer known vulnerabilities overall, but the number of disclosed holes that remain unpatched at the time of writing.

Note that the blog entry is only a summary and the only graph you get to see relates to high severity vulnerabilities. Also, it only looks at those which affect the core systems, not optional components. So, Vista looks like it is doing better than XP at this point with almost no unpatched holes, and many people will go away with that impression because visuals work well in getting messages into the brain.

The full 14 page report (pdf) is also available, in which the discussion is much more detailed (even patch by patch). It is here that it becomes clearer that while it is faring better than XP did, to me it is not doing so much better given how much hype there has been about trustworthy computing and Vista (and Longhorn / 2008) being secure by design, rewritten from the ground up to be more secure, yadayada more secure.

Filed under Patching + hotfixes, Security and Malware, Windows Vista

Follow

Get every new post delivered to your Inbox.

Join 86 other followers