Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Exercising Social Distancing With Online Doctor Appointments

Record Nations

The post Exercising Social Distancing With Online Doctor Appointments appeared first on Record Nations.

59

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Locked Shields 2019 – Chapeau, France wins Cyber Defence Exercise

Security Affairs

The international live-fire cyber defence exercise Locked Shields 2019 (LS19) took place on April 8-12 in Tallinn, Estonia, and the figures behind this important competition are important.

Bank of England cyber resilience exercise

Data Protection Report

BoE publish high level findings of the financial sector (“sector”) cyber simulation exercise. Exercise overview. The exercise explored the sector’s resilience to a major cyber incident impacting the UK.

HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts

Data Matters

First, as covered in an earlier posting , HHS took action to waive penalties and assure companies that it would exercise enforcement discretion with respect to the Privacy Rule’s application to telehealth services and certain limited communication activities related to COVID-19 treatment efforts. The post HHS Announces Exercise of Enforcement Discretion for Entities Engaged in COVID-19 Relief Efforts appeared first on Data Matters Privacy Blog.

DNC Incident Was a Phishing Exercise

Dark Reading

False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack

In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first exercise that is going to test the “blackstart” cranking paths that were excluded from previous simulations.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. According to CCDCOE, the exercise is running from 23 to 27 April.

To the Victor Go the Spoliation Sanctions: Eastern District of Louisiana Exercises Inherent Power to Issue Sanctions for Spoliation via JD Supra

IG Guru

” The post To the Victor Go the Spoliation Sanctions: Eastern District of Louisiana Exercises Inherent Power to Issue Sanctions for Spoliation via JD Supra appeared first on IG GURU.

IT 56

Real Pen Work and Exercises for Flourishing

Archives Blogs

There are handwriting exercises as well as exercises for flourishing, the latter of which sounds suspiciously like something one would find on a clean eating and wellness blog.

IT 26

Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise

Hunton Privacy

On March 21, 2017, Hunton & Williams is pleased to host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. Drawing from deep experience in their respective fields, the panel members will discuss the implications of the EU General Data Protection Regulation’s breach notification obligations in the context of a state-of-the-art cyber attack simulation.

Teleworking by Healthcare Employees: Security Challenges

Data Breach Today

With increasing demands on healthcare organizations to quickly accommodate a surge of teleworking employees as a result of the COVID-19 pandemic, IT and information security departments need to exercise security vigilance, says former healthcare CIO Drex DeFord

HHS Issues Limited Waiver of Certain HIPAA Privacy Rule Obligations and Exercises Enforcement Discretion with Respect to Telehealth Services In Light of COVID Public Health Emergency

Data Matters

First, effective March 15, 2020, Health and Human Services Secretary Azar exercised his statutory authority to issue a waiver of penalties and sanctions that would otherwise apply to certain hospitals for violations of specified provisions of the HIPAA Privacy Rule. This week the Department of Health and Human Services (HHS) took action to relax certain federal health information privacy restrictions under HIPAA in response to COVID-19.

68% of Companies Say Red Teaming Beats Blue Teaming

Dark Reading

The majority of organizations surveyed find red team exercises more effective than blue team testing, research shows

78

Strava Fitness App Shares Secret Army Base Locations

Dark Reading

The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty

54

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

Fact Checking: Sizing Up Facebook's Efforts

Data Breach Today

Is the social media giant merely conducting a public relations exercise A Former Fact Checker Shares Her Experience Facebook's effort to stem the flow of fake news globally has been ineffective, allege some fact checkers who have collaborated with the social media giant to identify and debunk false stories.

147
147

Facebook's Download-Your-Data Tool Is Incomplete

Schneier on Security

As a user this means you can't exercise your rights under GDPR because you don't know which companies have uploaded data to Facebook. Information provided about the advertisers is also very limited (just a name and no contact details), preventing users from effectively exercising their rights.

Nation-State Attacks: Why Healthcare Must Prepare

Data Breach Today

and Iran continue to rise, healthcare organizations need to exercise extra vigilance in shoring up their security to defend against potential Iranian cyberattacks on critical infrastructure sectors, says Errol Weiss of the Health Information Sharing and Analysis Center As tensions between the U.S.

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Beginning Fuzz Cycle Automation: Improving Testing and Fuzz Development with Coverage Analysis

ForAllSecure

This time we’ll take a look at how to write better tests in the form of harness programs (also known as fuzz drivers, programs written to exercise specific parts of the code) that we will use for fuzz testing

80

Five tips for maintaining your mental health when working from home

InfoGoTo

Make time for exercise. It’s important to make time each day for some form of exercise. Research shows that even modest amounts of exercise have a positive impact on depression, anxiety, ADHD and more. Many people have been forced to work from home as a result of COVID19.

Paper 75

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way

ChiefTech

Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

Digital transformation threats and opportunities in travel and transportation

DXC Technology

In travel and transportation most companies today don’t look at customer journeys as a collaborative exercise. They consider their job done when passengers are delivered safely to their appointed destination for their segment.

G-7 authorities to war game cyber attack on bank for first time

Information Management Resources

Financial watchdogs are preparing one of the broadest war-gaming exercises to test the effect of a cyber attack that disables a large international bank for days.

Three ways the California Consumer Privacy Act (CCPA) can help bolster your customer satisfaction

IBM Big Data Hub

This exploitation is a result of the theft or breach of data, as well as the limited controls and rights that people associated with this data can exercise.

IT 70

OCR Announces Notification of Enforcement Discretion to Allow Uses and Disclosures of Protected Health Information by Business Associates for Public Health and Health Oversight Activities During The COVID-19 Nationwide Public Health Emergency

IG Guru

Department of Health and Human Services (HHS) announced, effective immediately, that it will exercise its enforcement discretion and will not impose penalties for violations of certain provisions of the HIPAA Privacy Rule against health care providers or their business associates for the […].

CMS 56

Editorial Judgement

OpenText Information Management

In a BBC article, editing was described as “an exercise in selection and judgement: what to put in and – just as important – what to leave out.” For anyone who writes, an editor helps make the final product better.

Steps for implementing a non-invasive data governance program

Information Management Resources

Organizations need to ensure that the exercise of data governance is non-invasive and transparent so it does not seem forceful. Data governance Data quality Data management Data ownership

Contemplating the GDPR’s Right to Be Forgotten

InfoGoTo

Under the GDPR, organizations might also retain personal data when they are exercising “the right of freedom of expression and information.”

GDPR 75

3 things you need to know to pivot between projects

OpenText Information Management

Pivoting between projects and industries is key to success, but time pressures and hard deadlines can make this an intense juggling exercise. Creative work can be extremely fun and rewarding, although not without its challenges.

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

Stop spending so much on records storage! Here’s how.

TAB OnRecord

"Lifting the lid" on your company’s records storage practices can be a real eye-opening exercise. In most cases, a closer look will reveal inefficiencies that are driving up your record storage costs. While this is obviously bad news, it comes with a silver lining.

IRELAND: First GDPR fine issued in Ireland

DLA Piper Privacy Matters

The internal mapping of data flows is a key element of a strong data governance regime, and is an exercise which will highlight any potential gaps or loopholes in the flow of personal data throughout an organisation. Eilis McDonald & John Magee.

GDPR 92

Threat Modeling Training at Blackhat 2020

Adam Shostack

This is capped off with an end to end exercise that brings the skills together. At Blackhat this summer, I’ll be offering threat modeling training at Blackhat. Last year, these sold out quickly, so don’t wait!

MY TAKE: COVID-19 cements the leadership role CISOs must take to secure company networks

The Last Watchdog

Then you need to constantly train your team members using various techniques, such as breach response assessments or cyber range exercises. Chief Information Security Officers were already on the hot seat well before the COVID-19 global pandemic hit, and they are even more so today.

Sipping from the Coronavirus Domain Firehose

Krebs on Security

Security experts are poring over thousands of new Coronavirus-themed domain names registered each day, but this often manual effort struggles to keep pace with the flood of domains invoking the virus to promote malware and phishing sites, as well as non-existent healthcare products and charities.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google