Ross Graber Consulting

This post is an ongoing collection of articles, surveys, and research about data governance and privacy.

General references:

• The EFF has a page that gives a status update on pending legislation and court cases related to privacy rights.

Specific references:

• Privacy Rights Clearinghouse has a chronology that documents data breaches since 2005. The grand total - 216 Million records in the USA from 2005 to present. A number of these are organizations that sell information security products and/or services and have failed to “eat their own dog-food”.
• MySpace suffered a security breach recently that allowed hackers to download a massive amount of private photos. Those have recently showed up on BitTorrent.

This post is an ongoing collection of articles, surveys, and research about electronic voting.

General, non-partisan references:

• The National Campaign for Fair Elections also covers the electronic voting issue.
• The EFF has a great page dedicated to the subject.
• The New York Times Magazine has a great summary article.

General, partisan references:

• Bev Harris of Blackboxvoting.org is the authority on the challenges surrounding electronic voting.

Specific references by recognized, non-partisan experts:

• The Ohio Secretary of State recently issued the EVEREST report which also found numerous critical flaws in electronic voting systems.
• The California Secretary of State sponsored a “top to bottom” review of electronic voting and decided to decertify several models.
• The Colorado Secretary of state followed suit and decertified the voting machines on 12/18/07.
• One of the most respected security experts, Bruce Schneier, posted an insightful article about electronic voting.
• An AP article documenting the conviction of election workers for rigging the 2004 Ohio recount.

Specific, partisan references:

I don’t endorse the conclusions reached by the materials below, though I do find the information to be thought provoking. While the impact of the systematic weaknesses in voting systems is hotly debated and quickly devolves into conspiracy theories, the fact that they are inexcusably weak is not contested.

• Youtube has a controversial video of a programmer giving testimony that he designed a program to “fix” elections.
• The Washington Post summarized a controversial book by Professor Steve Freeman that compares the security and regulation over slot machines to electronic voting systems.
• Rolling Stone Magazine published two articles by Robert F. Kennedy Jr. about electronic voting.

This post is an ongoing collection of articles, surveys, and research about IT General Controls.

• The Royal Bank of Canada suffered major downtime due to a failed upgrade of their computer systems in 2004.

This post is a collection of articles and research related to insider threats.

Surveys & Research:

• The US Secret Service published the Insider Threat Study in 2003 and 2005.

Articles:

• An infosec professional was moonlighting as a black-hat businessman.
• Brokers commit securities fraud at Morgan-Stanley.

This post is a collection of articles, surveys, and research related to internal controls & fraud.

Surveys & Research:

• Deloitte published some new survey research on fraud specific internal controls.
• PWC published the 2007 Global Economic Crime Survey. There’s also the 2005 and 2003 editions.
• E&Y released the 9th Global Fraud Survey in 2006. There are also regional companion reports.
• KPMG released their Fraud Survey in 2003.

Articles:

• There is a correlation between high stock-option compensation and financial fraud.
• Financial fraud requires collaboration to circumvent internal controls.