Definition, Security and Workshop - Information Management Today

FTC Release Staff Recap of Informational Injury Workshop

HL Chronicle of Data Protection

NOVEMBER 19, 2018

The Federal Trade Commission (FTC) recently published a paper recapping its December 2017 Informational Injury Workshop. The paper noted that several important points emerged from the workshop: Informational Injuries: Examples and Harms. Should the Definition of Injury Include Risk of Injury? How will the information be used?

Privacy

Privacy Paper Data breaches Risk

TsuNAME flaw exposes DNS servers to DDoS attacks

Security Affairs

MAY 9, 2021

NS records define authoritative servers used to resolve a domain, but when a cyclic dependency occurs, the two authoritative servers cannot definitively resolve the domain. The post TsuNAME flaw exposes DNS servers to DDoS attacks appeared first on Security Affairs. queries/s).” queries/s).” Pierluigi Paganini.

Paper

Paper Access Security IT

FTC Releases Staff Perspective on Informational Injuries

Hunton Privacy

OCTOBER 22, 2018

In light of these risks, the workshop participants agreed on three factors that governments should consider in determining whether and when to intervene and address these injuries: the sensitivity of the data at issue; how the data at issue will be used; and. whether the data at issue is anonymized or identifiable.

Paper

Paper Privacy Big data Data breaches

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Data Enrichment, People Data Labs and Another 622M Email Addresses

Troy Hunt

NOVEMBER 22, 2019

i speak at conferences around the world and run workshops on how to build more secure software within organisations. i'm a pluralsight author, microsoft regional director and most valued professional (mvp) specialising in online security and cloud development.

Data breaches

Data breaches e-Delivery Cloud Information Security

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

Security Affairs

AUGUST 8, 2020

In December 2019, the carmaker announced a partnership with the 360 Group to strengthen car IT security for the industry. We analyze the security of Mercedes-Benz cars. The experts initially collected relevant information from the target devices, such as network topology, pin definitions, chip model, and enable signals in the car.

Paper

Paper Access Authentication Passwords

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

Now for the big challenge - security. The "s" in IoT is for Security Ok, so the joke is a stupid oldie, but a hard truth lies within it: there have been some shocking instances of security lapses in IoT devices. But there are also some quick wins, especially in the realm of "using your common sense". Let's dive into it.

IoT

IoT Security Risk Cloud

FTC Seeks Comment on COPPA Rule

Hunton Privacy

JULY 19, 2019

The Commission seeks specific feedback on the Rule’s definitions, privacy policy requirements, methods of seeking verifiable parental consent, security requirements, parental rights and safe harbor provisions. The FTC will hold a public workshop to review the COPPA Rule on October 7, 2019.

Education

Education Privacy IT Security

Developing IoT Policy from California to Washington, D.C.

Data Matters

SEPTEMBER 26, 2018

Although the FTC is the primary security regulator for consumer IoT devices, there are no comprehensive regulations or laws specific to the unique challenges of the IoT market. To help offer consistent guidance regarding the privacy and security of IoT devices, the U.S. NIST initiatives in IoT.

IoT

IoT Privacy Manufacturing Authentication

NIST Plans To Examine Internet of Things (IoT) For Its Cybersecurity Framework

Privacy and Cybersecurity Law

MAY 17, 2017

The National Institute of Standards and Technology (NIST) is holding a Cybersecurity Framework Workshop this week at its headquarters in Gaithersburg, Maryland. The purpose of the workshop is to discuss issues related to its widely used Cybersecurity Framework.

IoT

IoT Cybersecurity IT Manufacturing

Going greener together

CILIP

JULY 7, 2023

Three tiers (standard bronze, silver and gold) have been outlined so that each library can measure its own ‘green’ credentials and have a definitive rubric to guide future progress. Eco plant pots workshops. Many of Gloucestershire’s libraries hold creative crafting or upcycling events that, between them, cover all age ranges.

Libraries

Libraries IT Access Security

Keeping up with Quantum Technology | Quantum Computing

Everteam

APRIL 4, 2019

.” Superposition is essentially the ability of a quantum system to be in multiple states at the same time, a Qubit can be in any proportion of both states at once and you can’t predict which one will be, but the minute you measure it, it collapses into one of the definite states. Major Quantum Changes.

Computer and Electronics

Computer and Electronics Artificial Intelligence Digital transformation ECM

The Quality Coach, Developer’s Friend, Product Owner’s Helper and All-Round Great Quality Engineer

AIIM

MAY 13, 2019

As a project sponsor or agile project manager, you should definitely be on the lookout for this person, because if you can find them and secure them for your team, you will have given yourself a much-needed advantage in ensuring you ship a quality product. The Connected, Inspired, Hands-on Project Sponsor – Leading the Digital Charge.

IoT

IoT IT Risk Security

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Troy Hunt

SEPTEMBER 17, 2019

CommBank will give you 16 characters: All the nonsense with @Citibank yesterday reminded me that my main bank @CommBank also has its own password security stupidity which is limiting password lengths to 16 characters. Banks like ING will give you your money bank: Hi Owen, your online banking is safe and secure with ING. Any thoughts?

Passwords

Passwords Authentication Security IT

Life at ForAllSecure: Alex Brewer, Technical Solutions Engineer

ForAllSecure

MARCH 15, 2023

I do a lot of presentations on Mayhem, as well as security education in general. For example, I was at API World last year doing a talk about API security, and I deliver a lot of the hackathons we’ve been doing at universities in our Mayhem Heroes program. A lot of what universities teach about software security is policy.

Education

Education IT Security Government

EDRM Releases the Final Version of its TAR Guidelines: eDiscovery Best Practices

eDiscovery Daily

FEBRUARY 7, 2019

During last year’s EDRM Spring Workshop, I discussed on this blog that EDRM had released the preliminary draft of its Technology Assisted Review (TAR) Guidelines for public comment. We avoided taking a position on which variation of TAR is more effective, because that very much depends on facts specific to each case.

IT

IT Education Marketing Risk

AI governance is rapidly evolving — Here’s how government agencies must prepare

IBM Big Data Hub

APRIL 11, 2024

The groundwork for effectively operationalizing governance is human-centered, and includes securing funded mandates, identifying accountable leaders, developing agency-wide AI literacy and centers of excellence and incorporating insights from academia, non-profits and private industry.

Government

Government Education Artificial Intelligence Risk

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Hunton Privacy

JANUARY 20, 2023

On January 20, 2023, The Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth published “Digital Assets and Privacy,” a discussion paper compiling insights from workshops with CIPL member companies that explored the intersection of privacy and digital assets, with a particular focus on blockchain technology.

Paper

Paper Blockchain Privacy Financial Services

Data Protection Regime in Turkey Takes Shape

Data Protection Report

DECEMBER 6, 2017

The Board has been active since its establishment, working on draft regulations, seeking opinions and comments from public and private institutions on those drafts, publishing user-friendly manuals, and organizing meetings, conferences and workshops to hold discussions. Definitions. The Regulation is a product of such efforts.

Personal data

Personal data Paper Encryption Cloud

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

ARMA International

DECEMBER 26, 2019

Just 59% of surveyed RIM professionals are included in their company’s IT strategic planning, including activities such as requirements definition and vendor selection – down from 67% in 2017. The top objection to using the cloud for digital records continues to be potential privacy or security concerns – no change from 2017.

Content services

Content services Cloud Records Management Privacy

What the future holds ? the student view

CILIP

SEPTEMBER 10, 2018

The role of the library professional has definitely changed over the last 10 years with the evolution of technology. For example, who would have thought that public librarians would be running workshops on coding, stop motion, and 3D printing 10 years ago? but was unable to secure a position. Another said: ? one said, ?but

Libraries

Libraries Education Communications Marketing

CIPL Releases Outcomes Report of First GDPR Implementation Project Workshop in Amsterdam

Hunton Privacy

MAY 9, 2016

On March 16, 2016, the Centre for Information Policy Leadership (“CIPL”) at Hunton & Williams LLP co-hosted a one-day workshop in Amsterdam, Netherlands, together with the Dutch Ministry of Security and Justice, to kick off CIPL’s new long-term project on the implementation of the EU General Data Protection Regulation (“GDPR”).

GDPR

GDPR Compliance Privacy Risk

The Hacker Mind: Hacking Aerospace

ForAllSecure

MARCH 14, 2022

In fact, I remember starting a new job by flying to Auburn Hills, Michigan for the very first meeting of the Featherstone Group, a collection of automotive OEM executive and security professionals. Steve Grobman, CTO with Intel’s security group had this to say: CNBC: Yeah, so I think that nothing is ever impossible.

Computer and Electronics

Computer and Electronics Government Communications Cybersecurity

Proposed Changes to FDA Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: What you Should Know

HL Chronicle of Data Protection

OCTOBER 25, 2018

Department of Homeland Security (DHS) earlier this month. FDA also provided a definition of “patient harm” for purposes of this guidance, which is defined as “physical injury or damage to the health of patients, including death. Consistent with the U.S. Cybersecurity exploits (e.g.,

Cybersecurity

Cybersecurity Manufacturing Risk Communications

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Troy Hunt

JANUARY 10, 2018

Both during this week and over previous years, there's been various headlines calling the security posture of Aadhaar into question and the Indian government has been vehemently refuting any suggestion that the system isn't top notch. But claiming the service is "hack-proof", that's something I definitely have an issue with.

Security

Security Government Encryption Risk

Threat Model Thursday: Data Flow Diagrams

Adam Shostack

APRIL 23, 2020

This week’s threat model Thursday looks at an academic paper, Security Threat Modeling: Are Data Flow Diagrams Enough? I take issue with the framing of ‘enough’, as if there’s a single definition of enough that’s enough for all of us, but that’s the authors’ choice.

Paper

Paper Encryption Cybersecurity Security

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Welcome to the hacker mind and original podcast from for all secure, it's about challenging our expectations about the people who hack for a living. I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security.

Cybersecurity

Cybersecurity Information Security IT Security

The Hacker Mind Podcast: Hacking Diversity

ForAllSecure

APRIL 7, 2021

Welcome to the hacker mind and original podcast from for all secure, it's about challenging our expectations about the people who hack for a living. I've got a lot of industry certifications, but having all those paper degrees proved to be a poor equivalent to having actual hands on experience in information security.

Cybersecurity

Cybersecurity Information Security IT Security

The Hacker Mind Podcast: Surviving Stalkerware

ForAllSecure

SEPTEMBER 21, 2021

What role might the security industry have in identifying or even stopping it? Welcome to the hacker mind, in original podcast from for all security. I'm a principal on the security team at Cybereason, and I'm also a digital forensics instructor at the SANS Institute, Grooten: Martijn Grooten. So I hope you'll stick around.

Passwords

Passwords Access IoT IT

Data Governance Framework: Three Steps to Successful & Sustainable Implementation

erwin

APRIL 4, 2019

In most cases, a new data governance framework requires people – those in IT and across the business, including risk management and information security – to change how they work. You can encourage feedback through surveys, workshops and open dialog. Any concerns they raise or recommendations they make should be considered.

Government

Government Metadata Risk Information Security

The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

IT Governance

JANUARY 3, 2024

billion records The security researcher Jeremiah Fowler discovered an unprotected database exposing more than 1.5 Fowler contacted the company, which secured the database. The security researcher Bob Diachenko identified the leak in September and contacted TuneFab, which fixed the misconfiguration within 24 hours.

Data Privacy

Data Privacy Insurance Manufacturing Retail

International Women’s Day 2022: How to Forge an Inclusive Work Culture

Thales Cloud Protection & Licensing

MARCH 7, 2022

Thales asked six women in the cybersecurity industry to provide their opinions on how business can build an inclusive work culture and what this means for security leaders around the world. Winnie Wong , APAC Regional & Channel Marketing for Data Security products at Thales. “An Let’s hear what they have to say.

Marketing

Marketing Mining Cybersecurity Education

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Last Watchdog

FEBRUARY 28, 2021

Regardless of how familiar you are with Information Security, you’ve probably come across the term ‘malware’ countless times. Related: Companies must bear a broad security burden. Security warnings keep popping up, urging you to take immediate action or install a particular security product. Less common types.

Computer and Electronics

Computer and Electronics Phishing Ransomware Encryption

The Hacker Mind Podcast: Beyond MITRE ATT&CK

ForAllSecure

AUGUST 16, 2022

Frank, now the chief innovation officer and co founder of Tidal Security, returns to The Hacker Mind to discuss the ATT&CK, only this time from the perspective of his new company. He talks about the community platform that Tidal Security launched at Black Hat USA 2022. Vamosi: I just returned from Hacker Summer Camp 2022.

Analytics

Analytics IT Security Compliance

Promiscuous Cookies and Their Impending Death via the SameSite Policy

Troy Hunt

JANUARY 3, 2020

NewPassword: passw0rd ConfirmPassword: passw0rd This is a real request from my Hack Yourself First website I use as part of the workshops Scott Helme and I run. Any cookie that requests SameSite=None but is not marked Secure will be rejected. Imagine this request: POST [link] Cookie: AuthCookie=EF29.

Passwords

Passwords Security IT Risk

How Long is Long Enough? Minimum Password Lengths by the World's Top Sites

Troy Hunt

FEBRUARY 6, 2018

Here we have this absolute cornerstone of security - a paradigm that every single person with an online account understands - yet we see fundamentally different approaches to how services handle them. When I run my Hack Yourself First workshop , that's one of the first questions I ask - "what's the correct minimum password length?"

Passwords

Passwords Authentication Access Security

The Hacker Mind Podcast: How To Become A 1337 Hacker

ForAllSecure

SEPTEMBER 14, 2022

Yeah, I think there's definitely a well-established Jeopardy style like flavor and style of capture the flag. Vamosi: The Computer Science Annual Workshop or CSAW is a well-established CTF competition in New York. It's designed by the security experts at Carnegie Mellon University, so it's kind of like a win-win for the world.

Military

Military IT Education Cybersecurity

Beg Bounties

Troy Hunt

NOVEMBER 8, 2021

Here's the attachment (shout out to Mr Robot): He's sent it to the email address I have published in my security.txt file which I put out there because I genuinely want to know if someone finds a security vulnerability in any of my things. Just look at a Twitter search for me asking for security contacts at a company.

Data breaches

Data breaches IT Security Libraries

Extended Validation Certificates are Dead

Troy Hunt

SEPTEMBER 17, 2018

Obviously Apple have already killed it off, but even for many people on Chrome, the Comodo website actually looks very different: So it turns out that 3 different machines in my workshop today are part of the Chrome experiment to remove the EV indicator from the browser. You know what makes people think the website is "secure"?

Marketing

Marketing Phishing Encryption IT

10 Personal Finance Lessons for Technology Professionals

Troy Hunt

DECEMBER 30, 2018

That was the single best financial decision we ever made and it happened well before my life as people know it today; there was no Pluralsight, no workshops, no speaking events or Have I Been Pwned or blog sponsorship - nothing. Try a Google search for life savings lost in investment scheme and you'll understand why this is so important.

Education

Education Marketing IT Insurance

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

Krebs on Security

OCTOBER 5, 2018

From time to time, there emerge cybersecurity stories of such potential impact that they have the effect of making all other security concerns seem minuscule and trifling by comparison. Yesterday was one of those times. Bloomberg Businessweek on Thursday published a bombshell investigation alleging that Chinese cyber spies had used a U.S.-based

Computer and Electronics

Computer and Electronics IT Security IoT

GDPR: lawful bases for processing, with examples

IT Governance

JUNE 15, 2018

On the other, the definition is unhelpfully vague, and the burden is on you to determine whether or not your interests in processing the personal data really are legitimate. Data Protection Impact Assessment Workshop. On the one hand, this gives you a lot of room for interpretation.

GDPR

GDPR Personal data Compliance Privacy

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

The Hacker Mind: MITRE ATT&CK Evaluations

ForAllSecure

MAY 4, 2021

In this episode, Frank Duff, Director of ATT&CK Evaluations for MITRE Engenuity, talks about how both red and blue teams can directly benefit from ATT&CK, and how organizations -- and even some security vendors -- are now evaluating their solutions against it. government agencies. government agencies. Yeah, great but what does it do?

Government

Government IT Access Analytics

FTC Release Staff Recap of Informational Injury Workshop

TsuNAME flaw exposes DNS servers to DDoS attacks

Webinars

Trending Sources

FTC Releases Staff Perspective on Informational Injuries

Webinars

Data Enrichment, People Data Labs and Another 622M Email Addresses

Remotely hack a Mercedes-Benz E-Class is possible, experts demonstrated

IoT Unravelled Part 3: Security

FTC Seeks Comment on COPPA Rule

Developing IoT Policy from California to Washington, D.C.

NIST Plans To Examine Internet of Things (IoT) For Its Cybersecurity Framework

Going greener together

Keeping up with Quantum Technology | Quantum Computing

The Quality Coach, Developer’s Friend, Product Owner’s Helper and All-Round Great Quality Engineer

Banks, Arbitrary Password Restrictions and Why They Don't Matter

Life at ForAllSecure: Alex Brewer, Technical Solutions Engineer

EDRM Releases the Final Version of its TAR Guidelines: eDiscovery Best Practices

AI governance is rapidly evolving — Here’s how government agencies must prepare

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Data Protection Regime in Turkey Takes Shape

Cloud, Intelligent Content Services, and Digital Fragility: What’s on the RIM Horizon for 2020

What the future holds ? the student view

CIPL Releases Outcomes Report of First GDPR Implementation Project Workshop in Amsterdam

The Hacker Mind: Hacking Aerospace

Proposed Changes to FDA Guidance for the Content of Premarket Submissions for Management of Cybersecurity in Medical Devices: What you Should Know

Is India's Aadhaar System Really "Hack-Proof"? Assessing a Publicly Observable Security Posture

Threat Model Thursday: Data Flow Diagrams

The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Hacking Diversity

The Hacker Mind Podcast: Surviving Stalkerware

Data Governance Framework: Three Steps to Successful & Sustainable Implementation

The Weeks in Cyber Security and Data Privacy: 18 – 31 December 2023

International Women’s Day 2022: How to Forge an Inclusive Work Culture

GUEST ESSAY. Everyone should grasp these facts about cyber threats that plague digital commerce

The Hacker Mind Podcast: Beyond MITRE ATT&CK

Promiscuous Cookies and Their Impending Death via the SameSite Policy

How Long is Long Enough? Minimum Password Lengths by the World's Top Sites

The Hacker Mind Podcast: How To Become A 1337 Hacker

Beg Bounties

Extended Validation Certificates are Dead

10 Personal Finance Lessons for Technology Professionals

Supply Chain Security is the Whole Enchilada, But Who’s Willing to Pay for It?

GDPR: lawful bases for processing, with examples

The Hacker Mind: MITRE ATT&CK Evaluations

The Hacker Mind: MITRE ATT&CK Evaluations

Stay Connected