Mrplunkey please tell me you don't agree with this bull shit

[superqt4u2nv]

Republicans proceed with cybersecurity bill despite White House opposition over privacy issues

WASHINGTON - House Republicans are pushing ahead with legislation to protect America's critical infrastructure and corporations from electronic attacks despite Obama administration objections that the legislation fails to protect Americans' civil liberties.

The House of Representatives begins work Thursday on the bill designed to address the cybersecurity threat by getting the private sector and government to share information to thwart attacks from foreign governments, terrorists and cybercriminals.

Although the information sharing is voluntary, civil liberty groups fear that the measure could lead to government spying on Americans.

The administration objections run deeper.

"The sharing of information must be conducted in a manner that preserves Americans' privacy, data confidentiality and civil liberties and recognizes the civilian nature of cyberspace," the administration said in a statement Wednesday. "Cybersecurity and privacy are not mutually exclusive."

The administration also complained that the bill's liability protection for companies that share information is too broad and argued that the Homeland Security Department should have a primary role in domestic cybersecurity. In its current form, the administration said, the president's advisers would recommend a veto.

Yet, the White House opposition is not expected to derail the House bill that has bipartisan support, Republicans and Democrats said Wednesday.

"It certainly will have an impact I think on the margin of the vote, but the bill is still likely to pass," said Democratic Rep. Adam Schiff, who had hoped to amend the bill by limiting the government's ability to collect information that could be used to identify individuals, such as birthdays. His measure reflected the concerns of the White House, but Republicans refused to allow its consideration.

A final vote on the overall bill is expected Friday.

Republicans, the U.S. Chamber of Commerce and companies such as Facebook and Google are receptive to the legislation because it does not impose new regulations on businesses to share information, making that step voluntary.

One significant foe also has signalled that it won't work to defeat the bill. The Center for Democracy and Technology, a leading organization on Internet freedom, said this week that the Intelligence Committee had made "important privacy improvements" in the bill. The organization still raised concerns about the flow of Internet data to the National Security Agency.

"We will not oppose the process moving forward in the House," the group said in a statement. "We will focus on the amendments and subsequently on the Senate."

The administration backs a Senate bill sponsored by Independent Sen. Joe Lieberman and Republican Sen. Susan Collins that would give Homeland Security the authority to establish security standards.

However, that legislation remains stalled, facing opposition from senior Senate Republicans.

House Republicans are determined to secure passage of their bill, a step they hope will force the Senate to act.

 

[PICK3]

first

 

[superqt4u2nv]

first

Of course cause you jelly I be making a thread to your bromance

 

[lander2312]

Super, they are already doing this. The government can look and listen to anything they want in the name of national security. Plus the next time our country will be attacked, I dont believe it will be a place but in cyberspace. Much more damage could be done to our country if they were successful there.

 

[superqt4u2nv]

Super, they are already doing this. The government can look and listen to anything they want in the name of national security. Plus the next time our country will be attacked, I dont believe it will be a place but in cyberspace. Much more damage could be done to our country if they were successful there.

How so by hacking a network?

Most critical data is backed up many many many times they would need to actually attack a data centre and even then with server virtualization it's pretty easy to move data from one machine to another.

I promise you any truly critical information that business or goverment has a DR plan

 

[lander2312]

Backed up critical data is fine if you have the hours or more likely days to re-install it. What about the FAA and flight controls. What about financial/banking/wall street stuff. I dont pretend to understand what "they" could really do. I do know that it is a major concern for the NSA and H.S.I. and now just by mentioning those 2 agencies this thread is prob being read...lol
HI big brother!

 

[CoBra666]

i have a to do list on my pc, i hope it will be ok or i will never get stuff down

 

[superqt4u2nv]

Backed up critical data is fine if you have the hours or more likely days to re-install it. What about the FAA and flight controls. What about financial/banking/wall street stuff. I dont pretend to understand what "they" could really do. I do know that it is a major concern for the NSA and H.S.I. and now just by mentioning those 2 agencies this thread is prob being read...lol
HI big brother!

It's doesn't take days depending on the attack minutes or hours. Most DR plans have an off site location or multiple off site locations.

I will give you an example of a large customer I worked with in Toronto they had a data centre here. A second data centre in Vancouver and a third somewhere in the EU not saying just in case.

Anyways main data centre in TO would fail DR would go up in VAN if that faild EU site went up.

In Canada there is legislation requires our financial institutions and such to have a DR plan. Canada is typically slighty behind the IT curve thant the US so it's safe to assume there is similar laws. Not sure have to research a little more but almost postive.

Oh and in addition to having these DR sites I haven't even brough up the "cloud" yet many business also have critical data saved in cloud valuts that have even higher redundancy.

Oh and that customer example is from 2008

 

[redsamurai]

but didn't obama passs some eye opening legislation a few months ago about search and seizures? i forget exactly what it was about but it seems like the other side is always against until it's something they put forth. BOth sides are slowly chippin away at us, there is zero difference

 

[superqt4u2nv]

Indeed DR is required for SOX

See the blue bubble for secion 404 page 3
http://www.comp-soln.com/SOX404_whitepaper.pdf

Sarbanes?Oxley Act - Wikipedia, the free encyclopedia

Sarbanes–Oxley Section 404: Assessment of internal controlFurther information: SOX 404 top-down risk assessment
The most contentious aspect of SOX is Section 404, which requires management and the external auditor to report on the adequacy of the company's internal control on financial reporting (ICFR). This is the most costly aspect of the legislation for companies to implement, as documenting and testing important financial manual and automated controls requires enormous effort.[31]

Under Section 404 of the Act, management is required to produce an “internal control report” as part of each annual Exchange Act report. See 15 U.S.C. § 7262. The report must affirm “the responsibility of management for establishing and maintaining an adequate internal control structure and procedures for financial reporting.” 15 U.S.C. § 7262(a). The report must also “contain an assessment, as of the end of the most recent fiscal year of the Company, of the effectiveness of the internal control structure and procedures of the issuer for financial reporting.” To do this, managers are generally adopting an internal control framework such as that described in COSO.

To help alleviate the high costs of compliance, guidance and practice have continued to evolve. The Public Company Accounting Oversight Board (PCAOB) approved Auditing Standard No. 5 for public accounting firms on July 25, 2007.[32] This standard superseded Auditing Standard No. 2, the initial guidance provided in 2004. The SEC also released its interpretive guidance [33] on June 27, 2007. It is generally consistent with the PCAOB's guidance, but intended to provide guidance for management. Both management and the external auditor are responsible for performing their assessment in the context of a top-down risk assessment, which requires management to base both the scope of its assessment and evidence gathered on risk. This gives management wider discretion in its assessment approach. These two standards together require management to:

Assess both the design and operating effectiveness of selected internal controls related to significant accounts and relevant assertions, in the context of material misstatement risks;
Understand the flow of transactions, including IT aspects, in sufficient detail to identify points at which a misstatement could arise;
Evaluate company-level (entity-level) controls, which correspond to the components of the COSO framework;
Perform a fraud risk assessment;
Evaluate controls designed to prevent or detect fraud, including management override of controls;
Evaluate controls over the period-end financial reporting process;
Scale the assessment based on the size and complexity of the company;
Rely on management's work based on factors such as competency, objectivity, and risk;
Conclude on the adequacy of internal control over financial reporting.
SOX 404 compliance costs represent a tax on inefficiency, encouraging companies to centralize and automate their financial reporting systems. This is apparent in the comparative costs of companies with decentralized operations and systems, versus those with centralized, more efficient systems. For example, the 2007 FEI survey indicated average compliance costs for decentralized companies were $1.9 million, while centralized company costs were $1.3 million.[34] Costs of evaluating manual control procedures are dramatically reduced through automation.

[edit] Sarbanes–Oxley 404 and smaller public companiesThe cost of complying with SOX 404 impacts smaller companies disproportionately, as there is a significant fixed cost involved in completing the assessment. For example, during 2004 U.S. companies with revenues exceeding $5 billion spent 0.06% of revenue on SOX compliance, while companies with less than $100 million in revenue spent 2.55%.[35]

This disparity is a focal point of 2007 SEC and U.S. Senate action.[36] The PCAOB intends to issue further guidance to help companies scale their assessment based on company size and complexity during 2007. The SEC issued their guidance to management in June, 2007.[33]

After the SEC and PCAOB issued their guidance, the SEC required smaller public companies (non-accelerated filers) with fiscal years ending after December 15, 2007 to document a Management Assessment of their Internal Controls over Financial Reporting (ICFR). Outside auditors of non-accelerated filers however opine or test internal controls under PCAOB (Public Company Accounting Oversight Board) Auditing Standards for years ending after December 15, 2008. Another extension was granted by the SEC for the outside auditor assessment until years ending after December 15, 2009. The reason for the timing disparity was to address the House Committee on Small Business concern that the cost of complying with Section 404 of the Sarbanes–Oxley Act of 2002 was still unknown and could therefore be disproportionately high for smaller publicly held companies.[37] On October 2, 2009, the SEC granted another extension for the outside auditor assessment until fiscal years ending after June 15, 2010. The SEC stated in their release that the extension was granted so that the SEC’s Office of Economic Analysis could complete a study of whether additional guidance provided to company managers and auditors in 2007 was effective in reducing the costs of compliance. They also stated that there will be no further extensions in the future.[38]

On September 15, 2010 the SEC issued final rule 33-9142 the permanently exempts registrants that are neither accelerated nor large accelerated filers as defined by Rule 12b-2 of the Securities and Exchange Act of 1934 from Section 404(b) internal control audit requirement.[39]