Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise

Security Affairs

The international live-fire cyber defence exercise Locked Shields 2019 (LS19) took place on April 8-12 in Tallinn, Estonia, and the figures behind this important competition are important.

Laying the Path for a Successful IT Modernization Exercise

Micro Focus

Today, most businesses don’t need to be convinced about the need to modernize their IT landscape. Nevertheless, any big transformation can have a wide-ranging impact on the organization. So, it needs to be well thought out. Primarily, enterprises are looking to modernize for two main reasons. One, they are keen to futureproof their business by. View Article. Application Modernization and Connectivity COBOL Core Systems Disruptive technologies Enterprise Applications Mainframe Modernization

In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. According to CCDCOE, the exercise is running from 23 to 27 April.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first exercise that is going to test the “blackstart” cranking paths that were excluded from previous simulations.

Real Pen Work and Exercises for Flourishing

Archives Blogs

There are handwriting exercises as well as exercises for flourishing, the latter of which sounds suspiciously like something one would find on a clean eating and wellness blog.

Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise

Hunton Privacy

On March 21, 2017, Hunton & Williams is pleased to host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. Drawing from deep experience in their respective fields, the panel members will discuss the implications of the EU General Data Protection Regulation’s breach notification obligations in the context of a state-of-the-art cyber attack simulation.

68% of Companies Say Red Teaming Beats Blue Teaming

Dark Reading

The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

How to Prepare for the Brazil Data Protection Law


Undertaking a data-mapping exercise can help filter out the data that is not subject to the law’s requirements, such as B2B data.

B2B 52

Strava Fitness App Shares Secret Army Base Locations

Dark Reading

The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty

Fact Checking: Sizing Up Facebook's Efforts

Data Breach Today

Is the social media giant merely conducting a public relations exercise A Former Fact Checker Shares Her Experience Facebook's effort to stem the flow of fake news globally has been ineffective, allege some fact checkers who have collaborated with the social media giant to identify and debunk false stories.

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Digital transformation threats and opportunities in travel and transportation

DXC Technology

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. They consider their job done when passengers are delivered safely to their appointed destination for their segment.

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way


Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at ©2005-2009. ©2005-2009.

G-7 authorities to war game cyber attack on bank for first time

Information Management Resources

Financial watchdogs are preparing one of the broadest war-gaming exercises to test the effect of a cyber attack that disables a large international bank for days.

The Privacy Rules Changed in 2018 – What Does that Mean Going Forward?


Between GDPR in the EU, similar legislation in other countries, the controversy surrounding the way social networks handle personal information and the ongoing drumbeat of breaches and data theft, the issue of how organizations should exercise responsible care of personal information was one of the biggest stories of 2018.

Editorial Judgement

OpenText Information Management

In a BBC article, editing was described as “an exercise in selection and judgement: what to put in and – just as important – what to leave out.” For anyone who writes, an editor helps make the final product better.

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

Intelligent Information Management - Learning from CHOCOLATE?!


One of the exercises I developed was called "The Taxonomy of Salad". on them, I'd switch that exercise out for a much sweeter one focused on developing a taxonomy of chocolate. But we mixed in discussions, exercises, and activities to help liven up the subject matter.

Man Behind Fatal ‘Swatting’ Gets 20 Years

Krebs on Security

Tyler Barriss , a 26-year-old California man who admitted making a phony emergency call to police in late 2017 that led to the shooting death of an innocent Kansas resident, has been sentenced to 20 years in federal prison. Tyler Barriss, in an undated selfie.

Thinking Through the WP Engine Acquisition of StudioPress


As a fun thought exercise I decided to think through the WP Engine and Studio Press acquisition. Specifically, what I would do, and think they will do, with the new. Read More. The post Thinking Through the WP Engine Acquisition of StudioPress appeared first on PerezBox. Business Business Tools And Resources Strategic Thinking

Manage Your Privacy Journey: GDPR, CCPA and Beyond


Organizations need to stay current on how they are collecting and managing requests made by individuals to exercise their data subject rights to assess, delete and rectify concerns over their personal data. I love adventures!


Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

For now, people who suspect they have been targeted by identity thieves should contact the Identity Theft Resource Center , and exercise as much caution as possible with their finances and when visiting government websites.

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

How to prepare for the California Consumer Privacy Act

Thales eSecurity

Also, entities under the CCPA must post a “Do Not Sell My Personal Information” link on their websites allowing consumers to easily exercise their right of opting-out. (4) 5) The right of Californians to equal service and price, even if they exercise their privacy rights.

GDPR Data Subject Access Requests: How to Respond

IT Governance

Recital 63 of the GDPR states that: … a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing.

Science Fiction Writers Helping Imagine Future Threats

Schneier on Security

I discounted the exercise at the time, calling it "embarrassing." The French army is going to put together a team of science fiction writers to help imagine future threats.

Key Skills for Records Managers: How RIM Professionals Can Best Work With CPOs


Using role reversal exercises , records managers and CPOs can briefly assume the other’s position to understand one another better. Exercise likable leadership. If you can be kind and genuine, exercise humility, and listen to your CPO, your relationship and your work should progress. Key skills for records managers include the ability to foster good relations with Chief Privacy Officers (CPOs) in support of the company’s privacy program.

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week. Everybody worries about hacked voting machines.

Username (and password) free login with security keys

Imperial Violet

In practical terms, web sites exercise this capability via WebAuthn , the same API that handles the traditional security key flow. Thus the pertinent resident credentials would have to be discoverable and exercisable given only physical presence.

Fitness apps: Good for your health, not so much for military security

The Security Ledger

That after researchers in the Netherlands discovered that data from the Polar fitness app revealed the homes and habits of those exercising in clandestine locations around the world, including intelligence agencies, military bases, nuclear. Fitness apps are proving to be a lot less beneficial to military security than they are for military fitness.

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

So we’ve boiled the NIST framework down into a very focused workshop exercise. We bring together 150 or so people into a room for morning and just work through exercises. The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training.

Nature and Nurture in Threat Modeling

Adam Shostack

What I normally say to this is I don’t think I’m naturally good at finding replay attacks in network protocols — my farming ancestors got no chance to exercise such talents, and so it’s a skill I acquired.