Friday, December 6, 2013

Infosec Constitution

Today Spain celebrates the 35th anniversary of the referendum that allowed the nation, in 1978, be provided with a Constitution that ended nearly 40 years of dictatorship and political obscurantism. 35 years later, many items may be subject to revision. In the areas that we usually take, there are some sections that are perhaps more times into question, such as Section 18. Let's see them.



Section 18.1: the right to honor, to personal and family privacy and to the own image is guaranteed. Continuous espionage scandals that have rocked this year 2013 are enough to put on the table these rights, and to deepen their compliance. The renowned cryptographer Bruce Schneier says, in a recent interview with the TV magazine MotherBoard, that privacy is a right so high that sooner or later the citizens themselves will put a stop to the atrocities that have been experienced since the fateful September 11 2001.

Section 18.2: The home is inviolable. No entry or search may be made without the consent of the householder or a legal warrant, except in case of flagrante delicto. That's what the paper says. The reality of today tells us almost the opposite: if ADSL or any connection is considered a gateway to the house, well, that’s continually violated. One of the continuing unlawful accesses are cybercriminals seeking to gain control of our bank accounts. In this sense, Russia has announced the arrest of 12 leaders of a cybercriminal group precisely dedicated to fraud via Blackhole exploit kits.

Section 18.3: Secrecy of communications is guaranteed, particularly regarding postal, telegraphic and telephonic communications, except in the event of a court order. That secret is roughly fulfilled (see Section 18.1), but in any case, if something is secret in our digital communications, we must refer to passwords. Recall the ideal: one for service, and combining uppercase, lowercase, numbers and special characters. If that secret falls, all others fall. The specialist Eric Chabrow reviews on GovInfoSecurity the lessons learned from the recent security breach of 2,000,000 Google, Facebook, Twitter and LinkedIn accounts. The main one: do not use the same password for personal and business affairs. That let’s jump into the next item.

Section 18.4: The law shall restrict the use of data processing in order to guarantee the honour and personal and family privacy of citizens and the full exercise of their rights. Today’s limitations on the use of information not only affect personal and family privacy. If there is a raging debate in recent years, that is the use of personal devices at work (the BYOD phenomenon). Is there a limit? For now it is the kingdom of contradictions. In Spain, for example, several companies are aware of the risk, but they do nothing about it... and they are not thinking in any improvement, at least according to a recent survey.

---

We invite you to rate our posts, to leave your comments and to share them on social networks. Also, if you want you can follow us on our profiles. At the sidebar, you’ve got the links ;-)

0 comments:

Post a Comment