Morning Security Brief: More on NSA Surveillance Controversy, Identity-Theft Prevention, and Cloud-Computing Security
Controversy over NSA surveillance continues as do leaks from Edward Snowden. The Federal Trade Commission has issued revised guidance on its identity-theft Red Flag rule. The National Institute of Standards and Technology (NIST) has issued for public comment a draft document on assessing risk of federal agency cloud computing.
► The controversy over the National Security Agency's collection of phone records and other communications continues. The Hill has a piece on the NSA chief's appearance before the Senate Appropriations Committee , in which he cited how the program has helped thwart terrorist plots, plus another on one lawmaker's assertion that federal surveillance programs are far more extensive than these leaks reveal. TIME has a cover story on "The Geeks Who Leek ," Yahoo! News has a piece on Edward Snowden's latest leaks about the U.S. allegedly hacking Chinese sites .
► The Federal Trade Commission has issued revised guidance on its Red Flag rule , which requires financial institutions and certain other businesses to have a written identity theft prevention program designed to spot and report suspicious patterns (red flags). The guidance includes a detailed four-step process on how to comply. The FTC notes that about 9 million Americans have their identities stolen annually. As a current example, charges were unsealed yesterday against members of a group that conspired to use stolen banking information to run money laundering and identity theft schemes to steal at least $15 million from U.S. customers, reports zdnet.
► The National Institute of Standards and Technology (NIST) has issued for public comment a draft document that provides security guidance for federal agencies as a part of a process intended to facilitate their use of cloud computing. This is another step in a process of developing a cloud-computing roadmap for the federal government that began in 2010, reports the Homeland Security News Wire. Called The NIST Cloud Computing Security Reference Architecture, the document includes among other things “a case study that walks readers through steps an agency follows using the cloud-adapted Risk Management Framework while deploying a typical application to the cloud—migrating existing email, calendar and document-sharing systems as a unified, cloud-based messaging system,” reports the article.