A true 'data disaster' would have to be defined to include: 1) loss of data (including minor and major losses)[data is gone]. 2) loss of integrity of that data [the current data cannot be authenticated]. 3) loss of use of the data, even temporarily [loss of access]. 4) loss of the confidentiality of the data [unauthorized exposure of the data, including unauthorized capture]. 5) Unauthorized USE of the data. --->> whether the loss is for an individual or a larger organization can not be a consideration in the definition. the definition would include such loss as may caused, directly or indirectly, by authorized possessors of the data AND unauthorized possessors of the data. Data Disaster. HOW TO PREVENT DATA DISASTER . . should be a topic

biometrics is harder to maintain than one would think (and therefore harder to use). in my experience, once enrolled onto a system, BOTH, a system hardware change and a system SOFTWARE change, can corrupt the file(s) holding the biometric data. The fix is easy for me, -just turn off the biometrics BEFORE making such changes. But for Jane and Joe user, who don't understand how or why to control 'automatic up-dates', biometrics become just too much to deal with. (this is posted before I look at anything already posted below the post it is attached to)

I concur here with Ivmond01. We're no longer in the 80's or 90's, so uninformed, unchecked internet use doesn't make sense, no matter what OS you may be using. And, Yes, of course the attack vector may be changing (again)(routers and modems). -What else does an informed user expect? -Perhaps we do need to think about internet licenses, for both the user and the machine!!! ( -:

MA is trying to protect its' citizens and their rights. All States probably have requirements TO DO this exact thing (make laws that protect its citizens). If they are not required to act upon obvious 'wrongs' to its citizens (failure of PII gatherers to protect that information from being used\misused in ways not authorized by the owners [the citizens]), who is the citizen to turn to for protection? This subject should be a 'common sense' thing but just isn't, MOSTLY because of financial reasons (which happens a lot in business). This law is requiring thoughtful consideration of everything about 'information technology', including the consequences of not thinking about it all, and pulling organizations away from just thinking about ROI and 'ease of use'. Most gatherers of PII admit that the owners of that PII are entitled to protections against unauthorized\misuse of their PII, but for financial reasons the gatherers argue that requiring them to be the protectors is just not fair to them. This idea that MA is going towards cannot be considered a bad thing, so what is all this other arguement about ?

in the event of a breach whose root cause can be whittled back to having been 'allowed' [ because ] there was no 'reasonable' password policy in place and enforced that was designed to decrease the chances of a breach from occurring, the administrator and\or owner of the system can be sanctioned, and\or insurance coverage to mitigate the loss can be denied. The users will learn to understand that; learn and accept that their 'use' of the systems requires compliance, and will stop complaining. -The next job of similar responsibility requires it too.

over a year ago, this post "Security by compliance is obviously not working. We need to stop thinking about information security and start thinking about information risk management. Compliance should be approached from a risk management, and not a purely technical, perspective. You need to do information security not to meet compliance but to protect the business. There is a huge difference between those two methodologies. We need to identify, govern and manage IT risk for security, and therein realize compliance." see it at http://www.linkedin.com/myprofile?trk=hb_tab_pro

there's a MS-sponsored paper that states that users are RATIONAL to reject all security advise like running updated antivirus. see: http://blogs.techrepublic.com.com/security/?p=3275&tag=nl.e036 which has a link to the .pdf of the paper

I am always working. Especially in this economy, my brain is always still looking for that edge; that jump to get me 'ahead'. Even when I am at an employers' location, though, that doesn't mean I am ONLY working on her issues.