Mon.Dec 03, 2018

Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Jared, Kay Jewelers Parent Fixes Data Leak

Krebs on Security

The parent firm of bling retailers Jared and Kay Jewelers has fixed a bug in the Web sites of both companies that exposed the order information for all of their online customers.

Data 209

Marriott Mega-Breach: Will GDPR Apply?

Data Breach Today

Legal Experts Suspect So, But Investigation Could Take a Year or More Will Marriott be the first organization that lost control of Europeans' personal data to feel the full force of the EU's General Protection Regulation? With GDPR in full effect since May, organizations with data security practices face the potential of massive fines

GDPR 195

MY TAKE: Massive Marriott breach continues seemingly endless run of successful hacks

The Last Watchdog

I have a Yahoo email account, I’ve shopped at Home Depot and Target , my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management , I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco. Related: Uber hack shows DevOps risk. The common demonitor: All of those organizations have now disclosed massive data breaches over a span of the past five years.

Embedded BI and Analytics: Best Practices to Monetize Your Data

Speaker: Azmat Tanauli, Senior Director of Product Strategy at Birst

By creating innovative analytics products and expanding into new markets, more and more companies are discovering new potential revenue streams. Join Azmat Tanauli, Senior Director of Product Strategy at Birst, as he walks you through how data that you're likely already collecting can be transformed into revenue!

Security Woes at Arizona Medicaid MCOs: Tip of the Iceberg?

Data Breach Today

Report: Medicaid Data and Systems Could Also Be at Risk at Other Medicaid MCOs A security review of two Medicaid managed care organizations in Arizona revealed several significant access control and configuration vulnerabilities, raising concerns about whether other MCOs face similar challenges

Tips 182

More Trending

Marriott's Mega-Breach: Many Concerns, But Few Answers

Data Breach Today

Massive Breach Prompts Calls for New Data Security and Minimization Laws Marriott's mega-breach underscores the challenges companies face in securing systems that come from acquisitions as well as simply storing too much consumer data for too long, computer security experts say. Meanwhile, the hotel giant has yet to answer many pressing data breach questions

Have I Been Pwned - The Sticker

Troy Hunt

So today is Have I Been Pwned's (HIBP's) 5th birthday.

The DoJ's Secret Legal Arguments to Break Cryptography

Schneier on Security

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public. aclu cryptowars cryptography nationalsecuritypolicy

Russia-linked APT Sofacy leverages BREXIT lures in recent attacks

Security Affairs

Russia-linked cyber-espionage group Sofacy , (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) use BREXIT lures in recent attacks.

Top 10 industries for monetizing data: Is yours one of them?

Find out which industries, use cases, and business applications are the best opportunities for data monetization. Understand what data is being monetized, who wants it, and why. Use data you already own to create new revenue sources. Download the eBook today!

114 Million US Citizens and Companies Found Unprotected Online

Adam Levin

The data of 114 million businesses and individuals has been discovered in an unprotected database.

How Lush could have protected its till system

IT Governance

In November, Lush – the high-street store known for its fragrant, eco-friendly beauty products – temporarily lost the ability to take card transactions after a member of the IT team “ deleted the till system by accident ”.

New Scam Apps Take Advantage of iPhone Touch ID

WIRED Threat Level

Touch ID is seamless, which makes it great for unlocking your phone—and for App Store scammers. Security

IT 76

The GDPR: What do I need to do?

IT Governance

Although the EU General Data Protection Regulation (GDPR) has come into effect, a large number of organisations are not yet compliant. A Ponemon Institute survey found that almost half of companies would not meet the 25 May 2018 deadline.

GDPR 73

The Key to Strategic HR: Process Automation

Do you want to automate your HR processes, but don’t know where to start? In this eBook, PeopleDoc explores which processes benefit the most from automation, and how an HR Service Delivery platform can help get things off the ground.

Better together – Digital media collaboration made simple

OpenText Information Management

Marketers, we feel your pain. You’re constantly juggling multiple projects and deadlines, working with multiple people across different departments or external agencies, and navigating complex approval processes, all while needing to deliver new creative content.

5 trends that will drive machine learning projects in 2019

Information Management Resources

Machine learning adoption has been growing at a rapid pace, and there is no end in sight. Recent forecasts say pilots and implementations, as well as investments, will increase 400 percent by 2021. Machine learning Artificial intelligence Data strategy

What is an ISO 27001 risk assessment methodology?

IT Governance

The ISO 27001 implementation and review processes revolve around risk assessments. This is where organisations identify the threats to their information security and outline which of the Standard’s controls they must implement.

Risk 64

Improve the employee experience with OpenText People Center Release 16 EP5

OpenText Information Management

Today’s employees are, like everyone else, sophisticated consumers of information. Whether a private sector executive or a public sector staffer, employees expect the same ease of use in searching for information at work as they do when shopping online.

Blog 62

New Zealand Security Bureau halts Spark from using Huawei 5G equipment

Security Affairs

New Zealand intelligence agency asked mobile company Spark to avoid using Huawei equipment for 5G infrastructure. According to New Zealand’s Government Communications Security Bureau, Huawei equipment for 5G infrastructure poses a “significant network security risk,” for this reason, it asked mobile company Spark to avoid using the equipment of the Chinese company.

The hidden message in reams of text

OpenText Information Management

Excellence may be its own reward, but we consider recognition by one of the world’s most authoritative reviewers high praise indeed.

Blog 56

Marriott's $13.6B Starwood deal bought even bigger security risk

Information Management Resources

The Marriott purchase of Starwood Hotel & Resorts was a bet that its popular loyalty program would bring more travelers to its Courtyards and Residence Inns. It turns out Marriott was also buying a massive security risk. Data breaches Cyber security Data security

Risk 78

Filling the Cybersecurity Jobs Gap - Now and in the Future

Dark Reading

Employers must start broadening their search for experienced security professionals to include people with the right traits rather than the right skills

iOS Fitness Apps Robbing Money From Apple Victims

Threatpost

The two apps, “Fitness Balance App” and “Calories Tracker app,” were tricking users into payments of $120. Mobile Security Web Security App Store apple fitness app ios malicious app scam

A New Product Helps You Get “Context” on Judge’s Opinions and Expert Witnesses: eDiscovery Trends

eDiscovery Daily

A legal analytics product being launched last week by LexisNexis analyzes the language of specific judges’ opinions to identify the cases and arguments each judge finds persuasive as well as analytics on expert witnesses. And, we remember one judge who, sadly, passed away over the weekend.

Trusted Customer Engagement with Data Governance and Privacy by Design

Informatica

Customers today have high expectations. They expect organizations to provide relevant, timely and personalized offerings. These expectations have been shaped by the emergence of broad-scale customer-engagement transformation in recent years.

Association Governance: Why Transparency Matters

IG Guru

My purpose in writing this is to call for greater transparency in the governance of Information Governance related associations to which many of us belong.

Cloud investments should be to boost agility, not cut costs

Information Management Resources

Beyond the hype and stats, there are real stories and scenarios where businesses are achieving significant business (not IT) returns on their cloud investments. Cloud computing Data strategy Cloud hosting

Cloud 69

Microsoft, Mastercard Aim to Change Identity Management

Dark Reading

A new partnership wants to improve how people use and manage the virtual identities that govern their lives online

CNIL Launches Public Consultation on Draft Standards on Data Processing for Managing Business Activities and Unpaid Invoices

Hunton Privacy

On November 29, 2018, the French Data Protection Authority (the “CNIL”) launched an online public consultation regarding two new CNIL draft standards (“Referentials”) concerning the processing of personal data to manage (1) business activities and (2) unpaid invoices. . Background.

GDPR 68

How Would NYC's Anti-AirDrop Dick Pic Law Even Work?

WIRED Threat Level

The bill's sponsors want cyber flashers to face the same consequences as their offline counterparts, but there are technical and legal hurdles. Security

Harnessing Analytical Insights and Illuminating the Physical Realm of Dark Data – An Interview with Markus Lindelow of Iron Mountain

Information Governance Perspectives

Markus Lindelow leads the IG and Content Classification Practice Group at Iron Mountain, the world's largest information management company, where he’s been pioneering breakthrough analytic techniques for over decade. I interviewed him this November to discuss his thoughts on the evolution of metadata, content classification, AI, and how companies are using the new pillars of data science to break down their silos, help customers get lean and discover the hidden values in their big data sets.

Privacy Legislation Could Provide Common Ground for the Newly Divided Congress

Data Matters

*This article first appeared in the Hill.com on November 19, 2018. With the House having now flipped, policy consensus in Congress is not likely to get any easier. But there is one subject around which countries, companies, consumers and, yes, even Congress is increasingly converging. That issue is privacy.