March 2015 – Virtual Shadows

See Your Company Through the Eyes of a Hacker

25 March 2015

13:15

Leave a comment on See Your Company Through the Eyes of a Hacker

A rather interesting article. What I like is the description it provides of the attackers potential landscape in today’s global, verbose connected world. It does give some recommendations which I’ve summarised below:

1. Focus your efforts on those assets that could ‘ruin’ your company following a successful attack. This way the real attacks are not lost in the noise of monitoring of all systems.

2. Make your information/communication assets dynamic. Each asset should report to a real-time inventory system. Make it graphically intuitive, so ‘alien’ systems are quick to alert.

3. Obviously to be proactive rather than reactive. Although I would say that this is more with having an InfoSec program that is trained in forensics and understands the law when it comes to ‘nailing’ down attacked coming from the ‘inside’.

PII Collection – Purpose Limitation & Proportionality

by Karen

19 March 2015

21:07

Leave a comment on PII Collection – Purpose Limitation & Proportionality

Sweden

Personuppgiftslagen, PuL

I’ve been publishing on the subject of personal privacy since 2007, and finally, now, in 2015 I decided to take my CIPP/E. The CIPP credential says you know privacy laws and regulations and how to apply them according to the International Association of Privacy Professionals (IAPP).

Why did I take this certification? After all I have a Masters Degree in Information Security in supposedly the most famous (in this subject) globally, with the Royal Holloway University of London (RHUL). I also have an MBA with Henley Management School (University of Reading). On top of 20 years of rich experience in IT and IS, it looks as though I am in the league of ‘over-qualified’ and then ‘what next?’. Or am I?

No! I am driven by a desire to ‘fix the Swedish ID promiscuity problem’. (There is more on this in my blog, lots of posts.) I took CIPP/E to get a toolkit that I could use to stop, my and your Swedish ID, being publicly sold online without my or your consent! So now I finally understand what the problem is, and I believe I can solve this, to finally squash this conflict between ‘freedom of information’ laws and ‘PuL’. Watch this space…..

Google taking action….

by Karen

17 March 2015

20:22

Leave a comment on Google taking action….

U.S.

Google, Google take action

Apparently they are, even beyond prioritising encrypted communications in their search results. Google take action, and they are encouraging you to be a part of this.

Glen Greenwald’s keynote at IAPP

by Karen

17 March 2015

20:16

Leave a comment on Glen Greenwald’s keynote at IAPP

IAPP

edward snowden, Glen Greenwald

I was there and it was energising!

IAPP Global Privacy Summit 2015 – Washington DC

by Karen

6 March 2015

04:46

Leave a comment on IAPP Global Privacy Summit 2015 – Washington DC

IAPP

Key takeaways for are:

1. Surveillance (and/or sousveillance) irrespective of the the details, e.g. tracking, storecards, whether you care or not, ultimately causes human beings to change their behaviour. The act of observing, the consequences have a severe impact on innovation and thinking doing things that are not conforming to society norms.

2. Do what is right, what you believe in, not what others want/expect you to do. Social media is a median to cause you to not act as is natural, but what you think others will be pleased with.

3. Surprisingly for a European, I have discovered that there is a strong privacy movement in the US, and in many ways they are ahead of the EU, which is rather odd, and I’m still trying to get my head around this!

M	T	W	T	F	S	S
						1
2	3	4	5	6	7	8
9	10	11	12	13	14	15
16	17	18	19	20	21	22
23	24	25	26	27	28	29
30	31