Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. According to CCDCOE, the exercise is running from 23 to 27 April.

DNC Incident Was a Phishing Exercise

Dark Reading

False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack

Real Pen Work and Exercises for Flourishing

Archives Blogs

There are handwriting exercises as well as exercises for flourishing, the latter of which sounds suspiciously like something one would find on a clean eating and wellness blog.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first exercise that is going to test the “blackstart” cranking paths that were excluded from previous simulations.

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

Strava Fitness App Shares Secret Army Base Locations

Dark Reading

The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty

The Privacy Rules Changed in 2018 – What Does that Mean Going Forward?

InfoGoTo

Between GDPR in the EU, similar legislation in other countries, the controversy surrounding the way social networks handle personal information and the ongoing drumbeat of breaches and data theft, the issue of how organizations should exercise responsible care of personal information was one of the biggest stories of 2018.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way

ChiefTech

Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

Manage Your Privacy Journey: GDPR, CCPA and Beyond

InfoGoTo

Organizations need to stay current on how they are collecting and managing requests made by individuals to exercise their data subject rights to assess, delete and rectify concerns over their personal data. I love adventures!

GDPR 60

Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

For now, people who suspect they have been targeted by identity thieves should contact the Identity Theft Resource Center , and exercise as much caution as possible with their finances and when visiting government websites.

Destroying Barriers to Destruction

InfoGoTo

Going through a downsizing exercise at home has heightened my awareness of how difficult it is to let go of items. So it didn’t come as much of a surprise that the 2015 and 2017 Cohasset/ARMA IG Benchmark reports saw virtually no decline in the number of organizations (76%) that maintain a “keep everything culture,” and don’t have a formal secure destruction plan.

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

Thinking Through the WP Engine Acquisition of StudioPress

PerezBox

As a fun thought exercise I decided to think through the WP Engine and Studio Press acquisition. Specifically, what I would do, and think they will do, with the new. Read More. The post Thinking Through the WP Engine Acquisition of StudioPress appeared first on PerezBox. Business Business Tools And Resources Strategic Thinking

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

[Podcast] Preparing for a Lean, Mean, 2019

AIIM

This exercise is often done both on a personal level in our daily lives as well as with our employers in our business lives.

ECM 52

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week. Everybody worries about hacked voting machines.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

So we’ve boiled the NIST framework down into a very focused workshop exercise. We bring together 150 or so people into a room for morning and just work through exercises. The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training.

Key Skills for Records Managers: How RIM Professionals Can Best Work With CPOs

InfoGoTo

Using role reversal exercises , records managers and CPOs can briefly assume the other’s position to understand one another better. Exercise likable leadership. If you can be kind and genuine, exercise humility, and listen to your CPO, your relationship and your work should progress. Key skills for records managers include the ability to foster good relations with Chief Privacy Officers (CPOs) in support of the company’s privacy program.

MY TAKE: Michigan’s cybersecurity readiness initiatives provide roadmap others should follow

The Last Watchdog

It can host training, such as capture the flag exercises, demonstrate how known hacks play out, test defensive responses and be utilized for software security testing. Participants competed in exercises to detect improvised explosive devises targeting semi-trucks and military vehicles. Michigan is known as the Wolverine State in deference to the ornery quadruped that roams its wild country.

Speed bump for messaging

InfoGovNuggets

Maybe to avoid new Indian legislation that would exercise more control over the app, which would be Governance and Compliance. “Facebook’s WhatsApp Fights Fake News by Curbing Message Forwarding,” The Wall Street Journal , January 22, 2019. After problems with the spread of fake news and rumors that may have led to violence in India, WhatsApp will now reduce the number of individuals (including groups) you can forward a message to, from 20 to 5.

Fitness apps: Good for your health, not so much for military security

The Security Ledger

That after researchers in the Netherlands discovered that data from the Polar fitness app revealed the homes and habits of those exercising in clandestine locations around the world, including intelligence agencies, military bases, nuclear. Fitness apps are proving to be a lot less beneficial to military security than they are for military fitness.

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Hunton Privacy

The CNIL guidance states that individuals may exercise their right to object either directly by contacting the partner, or by contacting the organization who first collected the data. On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist

AIIM

GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information.

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. We have 480 days to go before the General Data Protection Regulation is “in force”. And then what?

GDPR 170

CECPQ2

Imperial Violet

another concern is that if we don't exercise this ability now we might find it extremely difficult to deploy any eventual design. But by starting the deployment now it can hopefully make that replacement viable by exercising things like larger TLS messages. CECPQ1 was the experiment in post-quantum confidentiality that my colleague, Matt Braithwaite, and I ran in 2016. It's about time for CECPQ2.

Communicating About Cybersecurity in Plain English

Lenny Zeltser

I’m not suggesting that the resulting statement should replace the original text; instead, I suspect this exercise will train you to write more plainly and succinctly.

FRANCE: Facebook could face a 100 million euros class action suit for violating GDPR

DLA Piper Privacy Matters

Not providing users with a mechanism to exercise their right of objection to the processing of personal data. By Denise Lebeau-Marianna and Caroline Chancé. On 8 November 2018, French NGO Internet Society France sent Facebook a formal notice listing seven areas where it has allegedly infringed GDPR. The social network has 4 months to respond. Failing that, the Internet Society France could launch the first class action suit for compensation since the entry into application of GDPR.

GDPR 80

Apollo – they can’t still be up to their old tricks?

Data Protector

Meeting the with senior partner was a great boost to my confidence as after a few questions and computer exercises (over the two meetings) I feel like I could head up NASA and solve world peace on the side.

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

military carry out training exercises for real life cyber warfare. Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.

Which is the tail and which is the dog?

InfoGovNuggets

Board tries to reduce the control exercised by an 80% shareholder. “CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge

New broom sweeping

InfoGovNuggets

It’s unclear from this article whether this is just a normal change (therefore just a Governance issue, with the new CEO exercising his authority in the early days) or is somehow connected to the corruption scandal (and therefore somehow a consequence of some Compliance failure). “Goldman Shakes Up Top Ranks In Asia,” The Wall Street Journal , October 22, 2018 B3.

The GDPR and the right to be forgotten

IT Governance

For the establishment, exercise or defence of legal claims. Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”.

GDPR 69

What are the Data Subject Rights under the GDPR?

IT Governance

Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Updated 15 November 2018. This blog was originally published before the GDPR took effect in May 2018.

GDPR 55

Check Your Fax: Hackers Find New Entry to Networks

Adam Levin

It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory.