In the information security industry, we are provided plenty of top-lists and guidance that help us identify information security threats, and determine security controls to mitigate these threats.
Almost everyone has been on the receiving end of a request to provide photo identification (most commonly a drivers’ licence or a passport) when applying for a bank account, or purchasing a new mobile phone, or some similar account-based transaction. The person making the request typically either writes down the details of the document or photocopies it. But there is one piece of information that should not be captured unless there is a legitimate reason to – the unique identifier.
Last week the Dominion Post published a front-page article stating that the Office of the Privacy Commissioner (OPC) had found that smart meters were collecting a “torrent of personal information”. It appears that the media relishes creating hysteria about privacy in the hope that we all beat a retreat from digital-enabled age because our personal information is being ‘stolen’ by corporate businesses and government agencies.
Earlier this week Mandiant released a report about an advanced persistent threat APT1 , where they reveal evidence of cyber espionage targeting a variety of organisations around the world.