Podcasts about cylab

Listen to this interview of Omer Akgul, postdoctoral researcher, CyLab, Carnegie Mellon University. We talk about his coauthored paper Investigating Influencer VPN Ads on YouTube (SP 2022). Download this screenshot of the paper. In the screenshot, you see yellow highlighting that continues the meso-level argumentation of the Introduction. We, the readers, are now brought inside of one particular kind of ad on YouTube — and crucially, as well, we are told explicitly why those ads in particular. After reading this, we have no further doubt or concern as to the authors' selection of data. Learn more about your ad choices. Visit megaphone.fm/adchoices Support our show by becoming a premium member! https://newbooksnetwork.supportingcast.fm/new-books-network

Listen to this interview of Omer Akgul, postdoctoral researcher, CyLab, Carnegie Mellon University. We talk about his coauthored paper Investigating Influencer VPN Ads on YouTube (SP 2022). Download this screenshot of the paper. In the screenshot, you see yellow highlighting that continues the meso-level argumentation of the Introduction. We, the readers, are now brought inside of one particular kind of ad on YouTube — and crucially, as well, we are told explicitly why those ads in particular. After reading this, we have no further doubt or concern as to the authors' selection of data. Learn more about your ad choices. Visit megaphone.fm/adchoices

Podcast: Nexus: A Claroty Podcast (LS 28 · TOP 10% what is this?)Episode: Lorrie Cranor on IoT Security and Privacy LabelsPub date: 2023-04-27Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufacturers closer toward delivering secure smart devices to market. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufacturers closer toward delivering secure smart devices to market. 

In this episode, I'm joined by Lorrie Cranor, FORE Systems Professor, Computer Science and Engineering & Public Policy at Carnegie Mellon University (CMU); Director, CyLab Usable Privacy and Security Laboratory; and Co-Director, of CMU's MSIT-Privacy Engineering Masters Program. We discuss the different tracks within the Privacy Engineering Program at CMU, privacy engineering hiring trends, the need for industry education, and Lorrie's research outside of the classroom.----------Thank you to our sponsor, Privado, the developer-friendly privacy platform----------Lorrie explains how this next generation of privacy experts and engineers can work together to bring new architectures, innovations, and software to market. She describes the kind of hands-on work in which her students participate, including a capstone project sponsored by Meta that's exploring ways the platform can integrate more privacy education into its UI/UX.In addition, Lorrie shares her perspective on the job market for privacy engineers for recent grads and explains how CMU's Certificate Program in Privacy Engineering aims to meet the high demand for experienced privacy experts with knowledge of privacy engineering concepts. We also get into her research on cookie banners and privacy “nutrition labels” for IoT devices.Topics Covered:Lorrie's professional background and what drew her into privacy engineeringWhat candidates can expect from the Privacy Engineering Program at CMU Insights into how people interact with cookie banners and potential solutions to improve the user experienceWays that we can bridge the hiring gap in our industryDifferent sectors outside of tech that are looking for privacy experts, including finance and retailResources Mentioned:Apply to CMU's Privacy Engineering Program (Applications due Dec 12th, 2022 for the next enrollment period)Learn about CMU's CyLab Security & Privacy InstituteLearn about the CyLab Usable Privacy and Security (CUPS) LaboratoryReview CMU's research on IoT Privacy & Security Labels.Guest Info:Connect with Lorrie on LinkedInFollow Lorrie on TwitterLearn more about Lorrie Privado.ai Privacy assurance at the speed of product development. Get instant visibility w/ privacy code scans.Shifting Privacy Left Media Where privacy engineers gather, share, & learnBuzzsprout - Launch your podcast Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.Copyright © 2022 - 2024 Principled LLC. All rights reserved.

Gyakorlatilag betiltja a 8K-s tévéket az Európai Unió Rakéta     2022-10-18 06:09:02     Infotech Energia Európai Unió A jövő márciusban életbe lépő új energiahatékonysági szabályozásnak jelenleg egyik 8K-s készülék sem felel meg. Kérdés, hogy az EU változtat-e az utolsó pillanatban a kritériumokon. Kiderül, mennyibe kerül egy iPhone 14 Pro Max legyártása GSMring     2022-10-18 06:04:03     Mobiltech USA Apple Okostelefon iPhone Az amerikai vállalat már több, mint egy hónapja piacra dobta az iPhone 14 Pro Max modellt, amiről most kiderült, hogy mennyibe kerül legyártani azt. Mutatjuk, hogy mit tudunk erről. Az Apple 2022 szeptember 7-én mutatta be az iPhone 14 sorozatot, köztük az iPhone 14 Pro Max készüléket. A sorozat mindegyik tagjáról elmondható, hogy irreálisan magas Német startup oldaná meg az elektromobilitás alapproblémáját Bitport     2022-10-18 07:50:00     Mobiltech Startup Hiány van az akkumulátorokhoz szükséges alapanyagokból, az elhasználódott akkuk pedig rendkívül szennyezőek. Ezen a két problémán segítene az aacheni Cylab. „A pokolba vele” – Elon Musk továbbra is finanszírozza az ukrán Starlink szolgáltatást IT Business     2022-10-18 06:24:05     Infotech Ukrajna Világűr Elon Musk Műhold SpaceX Bombaként robbant a hír, hogy a SpaceX vezérigazgatója többé már nem akar ingyen internetszolgáltatást nyújtani a megszállás alatt lévő Ukrajnának. Aztán hirtelen meggondolta magát.   Nem volt pozitív fogadtatásban része Musk azon bejelentésének, hogy elzárja az ingyenes internetcsapot Ukrajnában, ahol a régió lakosainak a Starlink műholdas hálózat Egy furcsán viselkedő kisbolygó egyre gyorsabban pörög​ — mi történik vele? in.hu     2022-10-18 09:37:00     Tudomány Világűr Geminidák A Geminidák meteorrajért felelős kisbolygó elemzése közben egy nagyon titka mozgási formára figyeltek fel a szakértők. Mint kiderült, ez a kőzettest valamilyen rejtélyes oknál fogva változtatja a forgási sebességét, így egyre gyorsabban pörög. Mit jelenthet ez a jövőbeli kutatásokra nézve?A 3200 Phaethon névre keresztelt kisbolygó valójában egy 5, Fukuyama nem adja fel: igenis rohadnak a tekintélyuralmi rezsimek 444.hu     2022-10-18 14:45:54     Tudomány Vlagyimir Putyin liberális Marine Le Pen Újabb írással jelentkezett Francis Fukuyama, aki 1989-ben nagy hatású esszében jövendölte meg a liberális demokráciák végső győzelmét. Marine Le Pen, Éric Zemmour, Salvini és Trump mellett Orbán is szimpatizál Putyinnal, és szívesen vezetné az országát úgy, ahogy Putyin Oroszországot. Napelemszövetség: Az új kormányzati döntéssel értelmetlenné válnak a napelemes beruházások hvg.hu     2022-10-18 05:16:00     Infotech Beruházás A szövetség úgy véli, csakis a napelemes rendszerek bővülésével lehet csökkenteni Magyarország villamosenergia-importját. Díjkorrekció: a szent tehénnel sem tesz kivételt a Yettel HWSW     2022-10-18 11:06:42     Mobiltech Yettel Az idén bevezetett "díjkorrekciós mechanizmus" 2023-től a flottás ügyfelekre is vonatkozik. Sony Xperia 5 IV - házon belüli siker Mobilarena     2022-10-18 14:15:00     Mobiltech Generáció Sony Ad és el is vesz a Sony a negyedik generációs Xperia 5-tel, a szolgáltatáscsomag továbbra is sokoldalú, a külső továbbra is egyedi, az ár pedig továbbra is magas. A húst megették, a vért és a csontot nem szerették a neandervölgyiek Qubit     2022-10-18 14:04:33     Tudomány Neandervölgyi ember Egy friss kutatás a fogzománc vizsgálata alapján arra jutott, hogy a neandervölgyiek leginkább a ragadozókhoz hasonló étrenden éltek, de a vér fogyasztását valószínűleg kerülték. A csontot nem ették meg, de a csontvelőt szerették. Űrszemét fenyegeti a Nemzetközi Űrállomást 168.hu     2022-10-18 07:11:00     Tudomány Világűr Űrállomás Módosítani kellett hétfőn a Nemzetközi Űrállomás (ISS) pályáját, hogy elkerülhessék az ütközést űrszeméttel – közölte a Roszkoszmosz orosz űrkutatási hivatal. A Mars és a Jupiter holdjainak együttállása Spacejunkie     2022-10-18 10:05:52     Tudomány Világűr Mars Az ESA Mars Express űrszondája megörökítette azt a nem mindennapi pillanatot, amikor a Mars egyik holdja, a Deimos elhalad a Jupiter és négy legnagyobb holdja előtt. A nap képe - Látogatóban a Lucy űrszonda Spacejunkie     2022-10-18 07:05:00     Tudomány Világűr A Lucy űrszonda október 16-án elhaladt Földünk mellett, mellyel teljesítette első gravitációs hintamanőverét.

Gyakorlatilag betiltja a 8K-s tévéket az Európai Unió Rakéta     2022-10-18 06:09:02     Infotech Energia Európai Unió A jövő márciusban életbe lépő új energiahatékonysági szabályozásnak jelenleg egyik 8K-s készülék sem felel meg. Kérdés, hogy az EU változtat-e az utolsó pillanatban a kritériumokon. Kiderül, mennyibe kerül egy iPhone 14 Pro Max legyártása GSMring     2022-10-18 06:04:03     Mobiltech USA Apple Okostelefon iPhone Az amerikai vállalat már több, mint egy hónapja piacra dobta az iPhone 14 Pro Max modellt, amiről most kiderült, hogy mennyibe kerül legyártani azt. Mutatjuk, hogy mit tudunk erről. Az Apple 2022 szeptember 7-én mutatta be az iPhone 14 sorozatot, köztük az iPhone 14 Pro Max készüléket. A sorozat mindegyik tagjáról elmondható, hogy irreálisan magas Német startup oldaná meg az elektromobilitás alapproblémáját Bitport     2022-10-18 07:50:00     Mobiltech Startup Hiány van az akkumulátorokhoz szükséges alapanyagokból, az elhasználódott akkuk pedig rendkívül szennyezőek. Ezen a két problémán segítene az aacheni Cylab. „A pokolba vele” – Elon Musk továbbra is finanszírozza az ukrán Starlink szolgáltatást IT Business     2022-10-18 06:24:05     Infotech Ukrajna Világűr Elon Musk Műhold SpaceX Bombaként robbant a hír, hogy a SpaceX vezérigazgatója többé már nem akar ingyen internetszolgáltatást nyújtani a megszállás alatt lévő Ukrajnának. Aztán hirtelen meggondolta magát.   Nem volt pozitív fogadtatásban része Musk azon bejelentésének, hogy elzárja az ingyenes internetcsapot Ukrajnában, ahol a régió lakosainak a Starlink műholdas hálózat Egy furcsán viselkedő kisbolygó egyre gyorsabban pörög​ — mi történik vele? in.hu     2022-10-18 09:37:00     Tudomány Világűr Geminidák A Geminidák meteorrajért felelős kisbolygó elemzése közben egy nagyon titka mozgási formára figyeltek fel a szakértők. Mint kiderült, ez a kőzettest valamilyen rejtélyes oknál fogva változtatja a forgási sebességét, így egyre gyorsabban pörög. Mit jelenthet ez a jövőbeli kutatásokra nézve?A 3200 Phaethon névre keresztelt kisbolygó valójában egy 5, Fukuyama nem adja fel: igenis rohadnak a tekintélyuralmi rezsimek 444.hu     2022-10-18 14:45:54     Tudomány Vlagyimir Putyin liberális Marine Le Pen Újabb írással jelentkezett Francis Fukuyama, aki 1989-ben nagy hatású esszében jövendölte meg a liberális demokráciák végső győzelmét. Marine Le Pen, Éric Zemmour, Salvini és Trump mellett Orbán is szimpatizál Putyinnal, és szívesen vezetné az országát úgy, ahogy Putyin Oroszországot. Napelemszövetség: Az új kormányzati döntéssel értelmetlenné válnak a napelemes beruházások hvg.hu     2022-10-18 05:16:00     Infotech Beruházás A szövetség úgy véli, csakis a napelemes rendszerek bővülésével lehet csökkenteni Magyarország villamosenergia-importját. Díjkorrekció: a szent tehénnel sem tesz kivételt a Yettel HWSW     2022-10-18 11:06:42     Mobiltech Yettel Az idén bevezetett "díjkorrekciós mechanizmus" 2023-től a flottás ügyfelekre is vonatkozik. Sony Xperia 5 IV - házon belüli siker Mobilarena     2022-10-18 14:15:00     Mobiltech Generáció Sony Ad és el is vesz a Sony a negyedik generációs Xperia 5-tel, a szolgáltatáscsomag továbbra is sokoldalú, a külső továbbra is egyedi, az ár pedig továbbra is magas. A húst megették, a vért és a csontot nem szerették a neandervölgyiek Qubit     2022-10-18 14:04:33     Tudomány Neandervölgyi ember Egy friss kutatás a fogzománc vizsgálata alapján arra jutott, hogy a neandervölgyiek leginkább a ragadozókhoz hasonló étrenden éltek, de a vér fogyasztását valószínűleg kerülték. A csontot nem ették meg, de a csontvelőt szerették. Űrszemét fenyegeti a Nemzetközi Űrállomást 168.hu     2022-10-18 07:11:00     Tudomány Világűr Űrállomás Módosítani kellett hétfőn a Nemzetközi Űrállomás (ISS) pályáját, hogy elkerülhessék az ütközést űrszeméttel – közölte a Roszkoszmosz orosz űrkutatási hivatal. A Mars és a Jupiter holdjainak együttállása Spacejunkie     2022-10-18 10:05:52     Tudomány Világűr Mars Az ESA Mars Express űrszondája megörökítette azt a nem mindennapi pillanatot, amikor a Mars egyik holdja, a Deimos elhalad a Jupiter és négy legnagyobb holdja előtt. A nap képe - Látogatóban a Lucy űrszonda Spacejunkie     2022-10-18 07:05:00     Tudomány Világűr A Lucy űrszonda október 16-án elhaladt Földünk mellett, mellyel teljesítette első gravitációs hintamanőverét.

In this episode, host Olivia Neal speaks to Mary Ann Blair, the Chief Information Security Officer of Carnegie Mellon University. Blair and her team, the Information Security Office, protect the global research university from cyber threats that attack the confidentiality, integrity and availability of information and systems. Hear her challenges, priorities, and lessons learned since starting her role in 2004.  Click here for transcript of this episode.   Olivia Neal [host] | LinkedIn | Twitter  Microsoft Public Sector Center of Expertise   Cybersecurity at Carnegie Mellon University     CyLab at Carnegie Mellon University    The CERT Division at Carnegie Mellon University    Carnegie Mellon University Information Security Office  Cybersecurity Center Development at Carnegie Mellon University  REN-ISAC (Research Education Networking Information Sharing & Analysis Center)   Microsoft Cybersecurity Scholarship Program  Learn about Microsoft's new security certifications  Learn more about Microsoft Security     Discover and follow other Microsoft podcasts at aka.ms/microsoft/podcasts 

PPP wanted to give their past high school selves the infosec education they didn't have. But if you think picoCTF is only for HS students, think again.  Megan Kearns of Carnegie-Mellon University's Cylab joins The Hacker Mind to talk about the early days and the continued evolution of this popular online infosec competition site. No matter what your age or interest level, picoCTF probably has something new for you to learn.  

Traditionally, security and privacy research focused mostly on technical mechanisms and was based on the naive assumptions that Alice and Bob were capable, attentive, and willing to jump through any number of hoops to communicate securely. However, about 20 years ago that started to change when a seminal paper asked "Why Johnny Can't Encrypt" and called for usability evaluations and usable design strategies for security. Today a substantial body of interdisciplinary literature exists on usability evaluations and design strategies for both security and privacy. Nonetheless, it is still difficult for most people to encrypt their email, manage their passwords, and configure their social network privacy settings. In this talk I will highlight some of the lessons learned from the past 20 years of usable privacy and security research, and explore where the field might be headed. About the speaker: Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint. She has authored over 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, and the Aspen Institute Cybersecurity Group. In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three teenagers.

In this episode you are going to hear Eugene journey to health. From a very young age he was struggling with all kinds of digestive issues, mental like depression and anxiety, also last summer he got lyme disease. He is sharing his experience about diet and lifestyle changes that helped him to overcome health problems and feel better.This is an amazing story for me because he talks about cultural and social influence on his health problems. This is very close to my heart and one of the reasons why I started BODY IS TEMPLE PODCAST. I think we got really disconnected with our bodies in modern society and my mission is to help people to reconnect with our bodies. Your physical health is a very tangible manifestation of your actual consciousness. Matter is a condensation of consciousness . Your body is made of matter. Therefore the health, the shape and the vitality of your body is the manifestation of your dominant thoughts, beliefs and behaviours. Eugene approached his problems from a very practical point of view. He talks about tests and medical protocols he was on, in his journey to health. We live in this space and time and we have amazing modern tools we can use to improve our health. However at the end of the day no-one is living in your body and you need to learn how to build a relationship with it.I hope you will get inspired with this story! Eugene’s Short BioEugene turned 32 this year. He was born in Moscow when Russia was still the USSR. He lived most of his life in NYC or right around it, but also has lived abroad (Hong Kong) for a few years. Now is his 4th year in Pittsburgh, where he first moved out to do his master's degree. After finishing a public policy and management degree in May 2019, he got a job at the university (Carnegie Mellon). He works as project manager at the university between Heinz College and CyLab Security and Privacy Institute. For Heinz he produced a podcast, for CyLab partnerships relating to IoT, blockchain, and other technologies. Most of his life he experiences health problems, especially GI related issues, since he's been a little kid. Sleeping issues around the age of 13, sensitive stomach got a lot worse in his early twenties, and he's dealt with depression and anxiety since teenage years. He got Lyme disease earlier this year and the medicine that he had to take for that really messed up GI health. He's tried all kinds of diets - gluten-free, GAPS, low FODMAP, SCD, carnivore for ~6 weeks this summer, keto etc. He is still at a point where he almost never sleeps 6 hours without waking up. He prioritises diet and GI health, as well as working to improve mental health.Over the years he learned how to build relationships with his body and that health is not only a treatment or a pill but also a lifestyle.Were you can find more about Eugene:https://www.cmu.edu/block-center/podcast-consequential/https://historyofdrugsinsociety.podbean.com/Show he is talking about Beautiful Anonymous by https://chrisgeth.com/Follow me:Website: https://karilifeart.com/ Facebook: https://www.facebook.com/kari.life.art Instagram: https://www.instagram.com/kari.life.art/ LinkedIn: https://www.linkedin.com/in/karinagerszberg/ YouTube: https://www.youtube.com/karinalifeart E-mail: kari.life.aSupport the show (https://karilifeart.com/)

Flashback Friday! Songs anywhere from 1976 to 2019! Futurepop, Synthpop, EBM, Industrial, Post-Punk, Darkwave, Dark Electro, Synthwave, and more! Give the bands a listen and if you like what you hear then support the bands! Buy their music! Like their social media pages! Go see them on tour! Today's episode features music by Cylab, Naked Eyes, E-Craft, New Today, Babyland, Opressive Sound Control, Cryocon, Chvrches, Blind Faith And Envy, Den Harrow, IC 434, Synthjunk, The KVB, Wolf Club, Massiv In Mensch, Zone Tripper, Zoon Politicon, Depeche Mode, I, Synthesist, Sector 516, Accessory, The Thompson Twins, Vierance, Dead Or Alive, Pulse Legion, Orchestral Manoeuvres In The Dark, Lost Years, Deutsch Amerikanische Freundschaft (DAF), Neue Strassen, Brigade Enzephalon, and Jason Alacrity!

Flashback Friday! Songs anywhere from 1976 to 2019! Futurepop, Synthpop, EBM, Industrial, Post-Punk, Darkwave, Dark Electro, Synthwave, and more! Give the bands a listen and if you like what you hear then support the bands! Buy their music! Like their social media pages! Go see them on tour! Today's episode features music by Cylab, Naked Eyes, E-Craft, New Today, Babyland, Opressive Sound Control, Cryocon, Chvrches, Blind Faith And Envy, Den Harrow, IC 434, Synthjunk, The KVB, Wolf Club, Massiv In Mensch, Zone Tripper, Zoon Politicon, Depeche Mode, I, Synthesist, Sector 516, Accessory, The Thompson Twins, Vierance, Dead Or Alive, Pulse Legion, Orchestral Manoeuvres In The Dark, Lost Years, Deutsch Amerikanische Freundschaft (DAF), Neue Strassen, Brigade Enzephalon, and Jason Alacrity!

Flashback Friday! Songs anywhere from 1976 to 2019! Futurepop, Synthpop, EBM, Industrial, Post-Punk, Darkwave, Dark Electro, Synthwave, and more! Give the bands a listen and if you like what you hear then support the bands! Buy their music! Like their social media pages! Go see them on tour! Today's episode features music by Cylab, Naked Eyes, E-Craft, New Today, Babyland, Opressive Sound Control, Cryocon, Chvrches, Blind Faith And Envy, Den Harrow, IC 434, Synthjunk, The KVB, Wolf Club, Massiv In Mensch, Zone Tripper, Zoon Politicon, Depeche Mode, I, Synthesist, Sector 516, Accessory, The Thompson Twins, Vierance, Dead Or Alive, Pulse Legion, Orchestral Manoeuvres In The Dark, Lost Years, Deutsch Amerikanische Freundschaft (DAF), Neue Strassen, Brigade Enzephalon, and Jason Alacrity!

Computers and information technology are getting more and more integrated into our daily lives, so they need to be easy to use. But recent, historically large data breaches have demonstrated the need to make systems more secure and to protect information about individuals. How will the security−privacy−usability triangle successfully accommodate the challenges that the future will bring? In this podcast, Dr. Lorrie Faith Cranor, director of CyLab, sits down with Bobbie Stempfley, director of the SEI’s CERT Division, to talk about the future of cyber in security and privacy.

Privacy policies: most apps and websites have them, buried away somewhere. These legal documents explain how the company collects, uses, and shares your personal data. But let's be honest, few of us actually read these things, right? And that passive acceptance says a lot about our complicated relationship with online privacy. In the Season 5 premiere of IRL, host Manoush Zomorodi speaks with Charlie Warzel, writer-at-large with the New York Times, about our complicated relationship with data and privacy — and the role privacy policies play in keeping things, well, confusing. You'll also hear from Parker and Lila, two young girls who realize how gaming and personal data intersect. Rowenna Fielding, a data protection expert, walks us through the most efficient ways to understand a privacy policy. Professor Lorrie Cranor explains how these policies have warped our understanding of consent. And privacy lawyer Jenny Afia explains why "privacy" is a base element of being human. IRL is an original podcast from Firefox. For more on the series go to irlpodcast.org. Charlie Warzel is an Opinion writer at large for the New York Times. You can get more insights from him about privacy online when you sign up for the Times’ Privacy Project Newsletter. If you’d like to learn more about privacy policies and their impact on our youth, check out Jenny Afia’s article on tech’s exploitative relationship with our children. This IRL podcast episode referenced several privacy policies, and we encourage you to read them. To start, here’s Firefox’s privacy policy. You’ll see that Firefox’s business model is not dependent on packaging your personal info. And, we hope you’ll find that our policy is easy-to-read, fully transparent, and specific. The other privacy policies referenced in this episode include: Google’s privacy policies Uber’s privacy policy Microsoft’s privacy policy Twitter’s privacy policy Facebook’s privacy policy

In today’s podcast, we hear that Ukraine is preparing for this weekend’s elections while facing intense Russian information operations. Estonia’s experience with such interference may hold lessons. A Magneto vulnerability, just patched, could compromise paycards on e-commerce sites. Huawei reports record profits, and comes in for sharp British criticism over slipshod engineering. Prisoners in Finland will be helping train AI. And security companies hungry for talent should take note of tech layoffs in the larger IT sector. Ben Yelin from UMD CHHS with news that law enforcement agencies are encrypting their radio communications. Guest is Lorrie Cranor, director of CyLab at Carnegie Mellon University. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_29.html  Support our show

In this SEI Podcast, Dr. Lorrie Cranor, director of CyLab, discusses her career, her work in privacy and security, and her upcoming keynote at the 2019 Women in Cybersecurity Conference, March 28-30 in Pittsburgh. This podcast is one of the inaugural interviews in our Women in Software and Cybersecurity podcast series.

ITSPmagazine's Selena Templeton sat down with Dena Haritos Tsamitis of Carnegie Mellon University to capture CMU’s story, which was among the first institutions in the world to create a degree program for cybersecurity. Dena has been at CMU for 18 years in many facets inspiring students and colleagues, driving initiatives, spearheading student organizations, leading new efforts, and contributing to CMU’s international expansion. Currently she is Director of the Information Networking Institute (INI), Barbara Lazarus Professor in Information Networking, and Founding Director of Education, Training and Outreach at CyLab. They discuss CyLab, Carnegie Mellon University's security and privacy research institute, of which she is founding director, and MySecureCyberspace, a cyber-awareness initiative for all ages that she established. Since its launch in 2005, it has reached over one million people in 167 countries. Diversity and inclusion is a topic about which Dena is very passionate, and she talks about increasing the number of women at the INI from 6% in 2002 to 42% in 2018 – plus 50% of their faculty are women!

Zur GPN17 des Entropia e.V. im ZKM - Zentrum für Kunst und Medien und der Hochschule für Gestaltung (HfG) hat Florian Magin (@0x464d) einen Vortrag zu Automated Binary Analysis gehalten und war bereit uns auch im Podcast zu erzählen, wie er mit mathematischen Verfahren Software auf Schwachstellen analysiert. Florian studiert Informatik an der TU Darmstadt und engagiert sich im CTF-Team Wizards of Dos seiner Universität. Sein Interesse an der Computersicherheit hat ihn auch zur Firma ERNW Research geführt, wo er als Werkstudent in der IT-Sicherheitsforschung tätig ist. Wie wichtig die Suche nach Schwachstellen und deren Absicherung ist, wurde kürzlich bei der weltweiten Verbreitung der WannaCry/WannaCrypt-Schadsoftware bewusst, die die Aufmerksamkeit von einer anderen und lukrativeren Schadsoftware Adylkuzz ablenkte. Unter der Binary Analysis versteht man die quellenlose Analyse eines Programms alleine auf den Daten im Maschinencode auf einem Speichermedium. Ein erster Schritt der Analysis ist die Wandlung der Maschinensprache in Mnemonic durch einen Disassembler. Dieser Programmcode kann sich deutlich von einer ursprünglichen Quelltext des Programms unterscheiden, da der Maschinencode erzeugende Compiler eine Vielzahl von Optimierungsmöglichkeiten umsetzt, die den Ablauf und das Abbild des Programms im Maschinencode deutlich verändern können. Eine Herausforderung stellt sich inzwischen in der Größe der Programme: Während es inzwischen zahlreiche Wettbewerbe gibt, Programme unter extremen Platzbeschränkungen umzusetzen, wächst die Größe klassischer Programme stark an. Ein Maschinensprache-Befehl kann in einem Byte kodiert sein, wie früher etwa hexadezimal C9 auf dem Z80 eine Unterroutine beendet, so können in 4 Bytes Operationen wie eine Addition samt Parameter definiert sein. Die automatisierte Binäranalyse hat besonders durch die Darpa Cyber Grand Challenge im Jahr 2016 großes Interesse geweckt, wo die Teams autonome Software entwickeln sollten, die für sich alleine den CTF-Wettbewerb bestreitet. Eine Anwendung solcher automatisierten Programme ist die schnelle Überprüfung von neuer Software auf bekannte oder typische Schwachstellen oder Implementierungsfehler. Eine sehr allgemeine Methode zur Detektion von Sicherheitslücken ist das Fuzzing: Das Open Source Tool AFL modifiziert beispielsweise korrekte Eingabewerte und prüft bei welcher Modifikation das Programm vom zuvor aufgezeichneten Programmablauf abweicht und damit einen Hinweis auf eine mögliche Schwachstelle gibt. Es kann dabei idealerweise auf dem Sourcecode operieren oder auch das Programm in einem Emulator wie QEMU ausführen und analysieren. Wie schwer aber selbst Source Code zu verstehen sein kann, zeigen die Wettbewerbe International Obfuscated C Code Contest (IOCCC), zu möglichst schwer verständlichen sinnvollen Code, und der Underhanded C Contest, wo ein scheinbar sinnvoller Code für Menschen möglichst unvorhersehbare Zusatzfunktionen aufweist. Ebenso können sehr beliebte Programmiersprachen wie Python sehr unvorhersehbar reagieren, wenn man versehentlich Tabulatoren und Space vermischt, oder gleich die Programmiersprache Whitespace benutzt. Ein weiteres Beispiel ist, dass das Breitenlose Leerzeichen in neuen C++-Standards erlaubt ist, und für den Menschen ununterscheidbaren Code ermöglicht, der unterschiedliche Dinge tut. Aber auch Computer können getäuscht werden, wenn zum Vergleich unsichere Hash-Funktionen genutzt werden, wie jüngst die Shattered-Attacke auf die SHA-1 Hash zeigte. Eine automatisierte Analysemöglichkeit ist die Control Flow Graph Recovery, die beispielsweise mit IDA , radare2, binary ninja durchgeführt werden kann, um aus einer eindimensionalen Speicherdarstellung zu einem Programmnetz, wo zusammengehörige Programmblöcke miteinander vernetzt werden. Hier kann auch schon sichtbar werden, ob beschränkte Bereiche ohne Authentifikation erreicht werden können. Ein weiteres automatisierbares Verfahren ist die Datenflussanalyse, wo die Verarbeitung und Auswirkungen von Variablen und Daten im Verlauf des Programms analysiert wird. Hier kann der Verlauf von beispielsweise vertraulichen Daten kontrolliert werden. Bei einer Symbolischen Auswertung wird das Programm abstrakt mit einem Interpreter auf beliebigen variablen Daten bzw. symbolischen Ausdrücken auf allen Pfaden gleichzeitig ausgeführt. Für die Pfaderkundung benötigt man hier eine Strategie zwischen der Breitensuche und Tiefensuche, um die relevanten Teile des Ausführungsgraphen möglichst schnell abzudecken. In der automatisierten Analyse werden dabei offene Sprungmöglichkeiten zu nahezu beliebigen Adressen sehr interessant, da dies einen starken Indikator für einen Angriffsvektor liefern. Mit Return-oriented Programming kann man so bestehenden Code gezielt anspringen und für eigene Zwecke missbrauchen. Das Open-Source Framework Angr wurde von Forschern des Computer Security Lab at UC Santa Barbara entwickelt und belegte mit Shellphish auf der Darpa-Challenge den dritten Platz. Ein weiteres Open-Source Analyseframework ist Triton, welches man leicht in eigene Projekte einbinden kann. Sehr verbreitet ist auch das Framework S2E der École Polytechnique Fédérale de Lausanne. Ein weiterer Finalist der Cyber Grand Challenge ist das Team CodeJitsu von der University of California at Berkeley, Cyberhaven, and Syracuse. Die Binary Analysis Platform wurde vom Team um Professor David Brumley am Cylab der Carnegie Mellon University entwickelt. Funktionale Programmiersprachen wie OCAML oder Haskell haben für den Anwendungsfall der symbolischen Auswertung ganz besondere Vorteile. Ebenso werden Programmiersprachen auch auf ihre inherente Unsicherheit im Sinne der Language based security untersucht, sowie fertige Programme versucht auch auf ihre Korrektheit zu verifizieren. Ein Tool, das dies vereinfachen soll ist der Z3 Prover. Hier kommt die Suche nach Sicherheitslücke zur Mathematik: In der formalen Darstellung einer Routine kann das Verhalten als Abbildung aus symbolischen Variablen beschrieben werden, und die Suche nach einer Lösung führt auf die entsprechenden Logik oder Optimierungsverfahren. Literatur und weiterführende Informationen Florian Magin: Introduction to Automated Binary Analysis, Vortrag auf der GPN17, 2017. Program Analysis reading list D. Brumley: Analysis and Defense of Vulnerabilities in Binary Code, PhD thesis, School of Computer Science Carnegie Mellon University, 2008. Podcasts M. Musch: Steganographie, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 57, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2015. J. Breitner: Incredible Proof Machine, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 78, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2016. GPN17 Special Sibyllinische Neuigkeiten: GPN17, Folge 4 im Podcast des CCC Essen, 2017. M. Lösch: Smart Meter Gateway, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 135, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2017. F. Magin: Automated Binary Analysis, Gespräch mit S. Ritterbusch im Modellansatz Podcast, Folge 137, Fakultät für Mathematik, Karlsruher Institut für Technologie (KIT), 2017.

Hackers are in high demand by companies to help strengthen their security, but there's currently a shortage of talent. CyLab director David Brumley argues that the problem is that society at-large does not fully understand what hacking means. In this episode, we'll hear from four members of CMU's top internationally ranked hacking team, the Plaid Parliament of Pwning, about how they got into hacking, and why.

Hackers are in high demand by companies to help strengthen their security, but there's currently a shortage of talent. CyLab director David Brumley argues that the problem is that society at-large does not fully understand what hacking means. In this episode, we'll hear from four members of CMU's top internationally ranked hacking team, the Plaid Parliament of Pwning, about how they got into hacking, and why.

David Brumley President & DirectorCarnegie Mellon Univeristy’s CyLab   Checking the World's Software for Exploitable Bugs   Follow along with the slide show here. To Carnegie Mellon University’s David Brumley, hacking is “not something just bad guys do.” Brumley, a professor and director of the CyLab Institute at Carnegie Mellon University will discuss the important science behind hacking at Carnegie Science Center’s next Café Scientifique on Monday, Oct. 5, from 7 – 9 pm. Brumley and his team at Carnegie Mellon’s CyLab (cyber security lab) envision a world in which software is automatically checked for exploitable bugs, giving people the ability to trust their computers. The demand for cybersecurity professionals is growing, and Carnegie Mellon University is working to train students interested in the field. Brumley is an associate professor who focuses on software security, with appointments in the Electrical and Computer Engineering Department and the Computer Science Department. He is the faculty mentor for the CMU Hacking Team Plaid Parliament of Pwning (PPP), which is ranked internationally as one of the top teams in the world. Brumley’s honors include a 2010 NSF CAREER award, a 2010 United States Presidential Early Career Award for Scientists and Engineers (PECASE) from President Obama, the highest award in the U.S. for early career scientists, and a 2013 Sloan Foundation award. Brumley is the 2015 winner of the Carnegie Science Award in the University/Post-Secondary Educator category. He was lauded for recognizing the need for novel approaches to STEM education, leading him to spearhead picoCTF, a national cyber security game and contest targeted at exciting young minds about computer security. Brumley attended the University of Northern Colorado for his bachelor’s degree in mathematics, Stanford University for his master’s degree in computer science, and, most recently, CMU for his PhD in computer science. At Stanford, he worked as a computer security officer, solving thousands of computer security incidents in a four-year span.   Recorded on Monday, October 5, 2015 at Carnegie Science Center in Pittsburgh, PA.

While designing computer systems and their underlying protocols, architects impose functionality, security, and privacy requirements or policies with which the designed systems and protocols should comply with. These requirements and policies are generally written in natural language and more often than not they are not complied with in the implementations due to ambiguity, misinterpretation of the requirements, or developer errors. Non-compliance with the requirements can not only have security, privacy, and utility consequences but also can have safety implications. One possible solution is to express the requirements in some formal language. In addition to eliminating ambiguities and misinterpretations of the requirements, this also enables application of formal verification techniques to check for compliance of the implementation against the desired requirements or the policies. Formal verification techniques can be applied for checking compliance in potentially three different settings. In the first setting,compliance checking is performed statically before a system or a protocol is deployed. In the second setting, a runtime monitor can be deployed alongside the system or the protocol, and the monitor provably disallows the system or the protocol to take non-compliant actions. Finally, compliance can be be checked in a post-hoc fashion by capturing all the relevant runtime events in an audit log which can then be scrutinized for non-compliance. In this talk, I will present demonstrative examples of using formal verification techniques for compliance checking in each of these settings. About the speaker: Omar Chowdhury is a Post-Doctoral Research Associate at the Department of Computer Science at Purdue University. Before joining Purdue, he was a Post-doctoral Research Associate at Cylab, Carnegie Mellon University. He received his Ph.D. in Computer Science from the University of Texas at San Antonio. His research interest broadly lies in the field of Computer Security and Privacy. He is specifically interested in applying formal verification techniques for developing efficient compliance checking mechanism for computer information systems with respect to applicable privacy regulations like HIPAA and GLBA. He has won the best paper award The ACM Symposium on Access Control Models and Technologies (SACMAT). He has also served as a program committee member in ACM SACMAT and ACM CCS.

Individuals have the privacy expectation that organizations (e.g., bank, hospital) that collect personal information from them will not share these personal information with mischievous parties. To prevent unauthorized disclosure of personal information by organizations, US federal government has put forward privacy legislation like HIPAA and GLBA. Violation of these privacy regulations can bring down heavy financial penalties for the organization. To maintain compliance with all the relevant privacy regulations, organizations collect day-to-day privacy events in an audit log which is periodically checked for compliance. The audit logs capturing the privacy sensitive events tend to be large and due to the cost-effectiveness of cloud infrastructures, outsourcing the audit log storage to a third party cloud service provider is now a viable option for organizations. As the audit logs can possibly contain customers' sensitive personal information, protecting confidentiality of the audit log data from the cloud service provider and other malicious parties should be a major objective for the organization. One possibility is to encrypt the audit logs before uploading it in the cloud storage. However, encrypting the audit log with any semantically secure encryption scheme might prohibit the organization from automatically check compliance of the audit log. Theoretical solutions like fully homomorphic encryption is not practically viable in this scenario. In this talk, I will present two very simple audit log encryption schemes that reveal enough information so that the organization can run an automatic compliance checking algorithm over the encrypted log. With empirical evaluation we demonstrate that, our enhanced compliance checking algorithm incurs low to moderate overheads for our cryptographic schemes, relative to a baseline without encryption. About the speaker: Omar Chowdhury is a Post-Doctoral Research Associate in the Department of Computer Science at Purdue University. Prior to joining Purdue University, he was a Post-Doctoral Research Associate in Cylab, Carnegie Mellon University. He received his B.Sc. in Computer Science & Engineering from Bangladesh University of Engineering & Technology and his Ph.D. in Computer Science in the University of Texas at San Antonio. His research interest lies in investigating fundamental issues in Computer Security and Privacy. He is interested in developing novel access control features and technologies. His current research focuses on using formal verification techniques to design efficient security and privacy policy analysis and enforcement mechanisms. Specifically, he is interested in developing efficient algorithms for checking compliance of practical privacy policies like HIPAA and GLBA. He has won the best paper award The ACM Symposium on Access Control Models and Technologies (SACMAT). He has also served as a program committee member in The ACM Symposium on Access Control Models and Technologies (SACMAT).

Cyberage Radio 01.27.2013 : C-LEKKTOR / CYLAB /THE AZOIC / V/A -DIFFERENT PARTS 13/ YOUR BUNNY ROT / SKINNY PUPPY / MESH /

Starting Over After A Lost Decade, In Search of a Bold New Vision for Cyber Security: It is not enough to develop a comprehensive cyber security program that exists in isolation from the world beyond the cloud and the cables. We have to understand the political, economic and social environments that impact our ability to deliver security, as well as our own organizational cultures. We cannot wage a 21st Century struggle for hearts and minds with a 20th Century world-view anymore than we can wage a 21st Century struggle to secure information and systems with 20th Century technology. A bold new vision is needed, one that is holistic and evolves out of transformative metaphors that reframe our concepts about security. About the speaker: Richard Power, an internationally recognized authority on Security, Intelligence and Risk, has conducted executive briefings and led professional training in over forty countries, and been widely quoted in the world news media. Power is the author of five books, including Secrets Stolen, Fortunes Lost: Preventing Economic Espionage & Intellectual Property Theft in the 21st Century and Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. He is also writes a regular column for CSO Magazine. Prior to CyLab, Power was Director of Security Intelligence for Deloitte and Editorial Director of Computer Security Institute.

Dr. Lawrence A. Ponemon is the Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy risk management and the development of the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for information ethics and privacy at Carnegie Mellon University's CIO Institute and is faculty of CyLab. He serves on the Unisys Corporation?s Security Leadership Institute Board and the IBM Privacy Management Council. Dr. Ponemon is a member of the National Board of Advisors of the Eller College of Business and Public Administration, University of Arizona. He serves on the Government Policy Advisory Committee and Co-Chair of the Internet Task Force for the Council of American Survey and Research Organizations (CASRO). Dr. Ponemon earned his Ph.D. at Union College in Schenectady, New York. He has a Master?s degree from Harvard University, Cambridge, Massachusetts, and attended the doctoral program in system sciences at Carnegie Mellon University, Pittsburgh, Pennsylvania. Dr. Ponemon earned his Bachelors with Highest Distinction from the University of Arizona, Tucson, Arizona. Please visit Dr. Ponemon's web site: www.ponemon.org Susan Jayson Susan Jayson is executive director and co-founder of Ponemon Institute, LLC. In this role, Susan is responsible for managing the Institute's operations, including research on privacy and information management issues. Susan's background includes marketing, investor relations and corporate communications for such leading organizations as KPMG Peat Marwick, Arthur Andersen and the Financial Relations Board.

As cyber security has evolved in the new world of distributedcomputingthere have been dramatic changes to the nature of our security needs. Mr.Schmidt will talk about issues that affect large enterprises, small andmedium business and end users. He will talk about common threats, and thepossibility of frameworks which would protect ourselves, our civil rightsand our privacy while ensuring improved security. About the speaker: Howard A. Schmidt has had a long distinguished career in defense, law enforcement and corporate security spanning almost 40 years. He has served as Vice President and Chief Information Security Officer and Chief Security Strategist for online auction giant eBay. He most recently served in the position of Chief Security Strategist for the US CERT Partners Program for the National Cyber Security Division, Department of Homeland Security.He retired from the White House after 31 years of public service in local and federal government. He was appointed by President Bush as the Vice Chair of the President's Critical Infrastructure Protection Board and as the Special Adviser for Cyberspace Security for the White House in December 2001. He assumed the role as the Chair in January 2003 until his retirement in May 2003.Prior to the White House, Howard was chief security officer for Microsoft Corp., where his duties included CISO, CSO and forming and directing the Trustworthy Computing Security Strategies Group.Before Microsoft, Mr. Schmidt was a supervisory special agent and director of the Air Force Office of Special Investigations (AFOSI) Computer Forensic Lab and Computer Crime and Information Warfare Division. While there, he established the first dedicated computer forensic lab in the government.Before AFOSI, Mr. Schmidt was with the FBI at the National Drug Intelligence Center, where he headed the Computer Exploitation Team. He is recognized as one of the pioneers in the field of computer forensics and computer evidence collection. Before working at the FBI, Mr. Schmidt was a city police officer from 1983 to 1994 for the Chandler Police Department in Arizona.Mr. Schmidt served with the U.S. Air Force in various roles from 1967 to 1983, both in active duty and in the civil service. He had served in the Arizona Air National Guard from 1989 until 1998 when he transferred to the U.S. Army Reserves as a Special Agent, Criminal Investigation Division where he continues to serve. He has testified as an expert witness in federal and military courts in the areas of computer crime, computer forensics and Internet crime.Mr. Schmidt also serves as the international president of the Information Systems Security Association (ISSA) and was the first president of the Information Technology Information Sharing and Analysis Center (IT-ISAC). He is a former executive board member of the International Organization of Computer Evidence, and served as the co-chairman of the Federal Computer Investigations Committee. He is a member of the American Academy of Forensic Scientists. He had served as a board member for the CyberCrime Advisory Board of the National White Collar Crime Center, and was a distinguished special lecturer at the University of New Haven, Conn., teaching a graduate certificate course in forensic computing.He served as an augmented member to the President's Committee of Advisors on Science and Technology in the formation of an Institute for Information Infrastructure Protection. He has testified before congressional committees on computer security and cyber crime, and has been instrumental in the creation of public and private partnerships and information-sharing initiatives. He is regularly featured on CNN, CNBC, Fox TV as well as a number of local media outlets talking about cyber-security. He is a co-author of the Black Book on Corporate Security and author of "Patrolling CyberSpace, Lessons Learned from a Lifetime in Data Security".Mr. Schmidt has been appointed to the Information Security Privacy Advisory Board (ISPAB) to advise the National Institute of Standards and Technology (NIST), the Secretary of Commerce and the Director of the Office of Management and Budget on information security and privacy issues pertaining to Federal Government information systems.Howard holds board positions on a number of corporate boards in both an advisory and director positions and recently has assumed the role as Chairman of the Board for Electronics Lifestyle Integration (ELI).Mr. Schmidt holds a bachelor's degree in business administration (BSBA) and a master's degree in organizational management (MAOM) from the University of Phoenix. He also holds an Honorary Doctorate degree in Humane Letters. Howard is a Professor of Practice at GA Tech, GTISC, Professor of Research at Idaho State University and Adjunct Senior Fellow with Carnegie Mellon's CyLab.

Dr. Lawrence A. Ponemon is the Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy risk management and the development of the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for information ethics and privacy at Carnegie Mellon University's CIO Institute and is faculty of CyLab. He serves on the Unisys Corporation?s Security Leadership Institute Board and the IBM Privacy Management Council. Dr. Ponemon is a member of the National Board of Advisors of the Eller College of Business and Public Administration, University of Arizona. He serves on the Government Policy Advisory Committee and Co-Chair of the Internet Task Force for the Council of American Survey and Research Organizations (CASRO).

Dr. Lawrence A. Ponemon is the Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy risk management and the development of the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in a various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for information ethics and privacy at Carnegie Mellon University's CIO Institute and is faculty of CyLab. He serves on the Unisys Corporation?s Security Leadership Institute Board and the IBM Privacy Management Council. This interview focuses on recent surveys of Americans' perceptions of surveillance, outsourcing, and workplace privacy.