Matt Brownell recently wrote an article on information gleaned by a spy agency he'd hired to uncover personal information through legal means using publicly available information. Limited to a 2 hour window, Brownell was pretty astonished at what the spy agency was able to uncover. The recent revelations based on leaked classified documents from the National Security Agency (NSA) have brought a heightened awareness of U.S. securities agency practices in targeting citizens internet activity. However what Brownell highlighted was that it's not only the government who can obtain this information, anyone accessing public sites can gather a great deal of information on you legally. 

Might we as U.S citizen's need to reconsider our privacy policies? The EU has proposed a “Right To Be Forgotten” legislation that could be finalized sometime in 2014. Ninety percent of EU citizens support the data protection directive law across Europe. The EU currently restricts flow of data from its countries to the U.S. under the protection directive due to its view that our privacy protections are not adequate. The recent NSA debacle only adds to the perception that the U.S. privacy protections are inadequate.  The previous dictatorships of ‘Old Europe’ countries who are part of the EU where government intrusion was a reality see how U.S. business and government are working together to share data as problematic to maintaining citizens privacy. Google, Microsoft, Yahoo, and Facebook are just some of the large U.S. technology organizations sharing data with the U.S. Government under the guise of the PRISM program. PRISM is the code name for the U.S. government’s data mining efforts.  Multiple EU agencies have voiced concern for right to privacy and data protection by EU citizens. The EU is demanding legislative change in the U.S. in order to foster multinational talks that could lead to agreed upon standards. Discussions between the European Council and U.S. officials ensue post the NSA information leaks to address the U.S. data mining and internet surveillance practices.

http://www.dailyfinance.com/2013/06/28/identity-theft-protection-test/

Anti-leak control measures are being implemented at the NSA to mitigate risks like the ones that created the platform for Edward Snowden to walk off with 4 laptops and highly classified documents. These new measures include processes used in the nuclear industry to protect security assets. The 2 man system rule which has been used in the nuclear industry for some time is one of the security processes the NSA will implement. Ensuring that information is not concentrated on one server as well as providing a physical security layer with locked rooms are measures the NSA is currently applying. Seen as a basic security measure, encryption will also be deployed to protect the NSA's information assets. These risk based policies are a step in the right direction of a solid control management program.

The latest report from the California attorney General's office discloses that the majority of security breaches in 2012 were due to a breakdown in utilization of basic security measures. What boggles the mind is how  lack of security process and management continues to be a persistent problem in all business sectors. Simple solutions such as encrypting sensitive personal information don't appear to take priority leaving the organization and it's clients vulnerable to security threats. The report disclosed that 55% of the breaches were due to deliberate intrusions by outsiders or unauthorized insiders. The NSA debacle surrounding the U.S. Intelligence leak of classified documents by William Snowden a former contract employee have highlighted the importance of securing access data from internal threats and breaches within the organization.     The NSA's newly implemented 'two-man rule' provides administrative oversight as a means to protect sensitive data and has brought a heightened awareness on the need to address the internal threat. Implementing access controls and role based monitoring to secure data against threats is a step in the right direction and something every organization should addressing to ensure a secure data environment.

http://searchsecurity.techtarget.com/news/2240187604/California-data-breach-report-25M-residents-at-risk-of-identity-theft?asrc=EM_ERU_22439892&utm_medium=EM&utm_source=ERU&utm_campaign=20130709_ERU%20Transmission%20for%2007/09/2013%20(UserUniverse:%20607658)_myka-reports@techtarget.com&src=5144272

The debate rages on regarding NSAs security measures, or lack there of

As Edward Snowden continues to evade the US government, debate continues on what could be done differently to ensure sensitive classified information is maintained as top secret. It appears that if the NSA used the SSE-CMM mature security model as a framework to protect the agency's assets from threats, that adequate measures would have been implemented to  ensure their data was secure. This does not seem to be the case. Following the Snowden's whistleblowing incident, the agency is putting in place actions to track system administrators with a policy called the two man rule. While hind site is 20/20, it is evident the agency's security department did not take the adequate measures to mitigate the risk of information freely walking out the door.