Incident Response: Why a Tabletop Exercise Is Essential

Data Breach Today

Attorney Ronald Raether on Building a Cybersecurity Culture Tabletop exercises are a critical way to make sure an organization's incident response plan is effective and everyone knows their roles, says Ronald Raether of the law firm Troutman Sanders

Laying the Path for a Successful IT Modernization Exercise

Micro Focus

Today, most businesses don’t need to be convinced about the need to modernize their IT landscape. Nevertheless, any big transformation can have a wide-ranging impact on the organization. So, it needs to be well thought out. Primarily, enterprises are looking to modernize for two main reasons. One, they are keen to futureproof their business by. View Article. Application Modernization and Connectivity COBOL Core Systems Disruptive technologies Enterprise Applications Mainframe Modernization

In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first exercise that is going to test the “blackstart” cranking paths that were excluded from previous simulations.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. According to CCDCOE, the exercise is running from 23 to 27 April.

DNC Incident Was a Phishing Exercise

Dark Reading

False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack

Cybersecurity Panel Discussion: A Live Cyber Attack Tabletop Exercise

Hunton Privacy

On March 21, 2017, Hunton & Williams is pleased to host an in-person seminar in its London office featuring seasoned cybersecurity practitioners. Drawing from deep experience in their respective fields, the panel members will discuss the implications of the EU General Data Protection Regulation’s breach notification obligations in the context of a state-of-the-art cyber attack simulation.

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

Fact Checking: Sizing Up Facebook's Efforts

Data Breach Today

Is the social media giant merely conducting a public relations exercise A Former Fact Checker Shares Her Experience Facebook's effort to stem the flow of fake news globally has been ineffective, allege some fact checkers who have collaborated with the social media giant to identify and debunk false stories.

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

NATO Group Catfished Soldiers to Prove a Point About Privacy

WIRED Threat Level

With $60 and a few fake Facebook accounts, researchers were able to identify service members in a military exercise, track their movement, and even persuade them to disobey orders. Security

Strava Fitness App Shares Secret Army Base Locations

Dark Reading

The exercise tracker published a data visualization map containing exercise routes shared by soldiers on active duty

The Privacy Rules Changed in 2018 – What Does that Mean Going Forward?


Between GDPR in the EU, similar legislation in other countries, the controversy surrounding the way social networks handle personal information and the ongoing drumbeat of breaches and data theft, the issue of how organizations should exercise responsible care of personal information was one of the biggest stories of 2018.

Attacking Soldiers on Social Media

Schneier on Security

A research group at NATO's Strategic Communications Center of Excellence catfished soldiers involved in an European military exercise -- we don't know what country they were from -- to demonstrate the power of the attack technique.

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way


Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at ©2005-2009. ©2005-2009.

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

Manage Your Privacy Journey: GDPR, CCPA and Beyond


Organizations need to stay current on how they are collecting and managing requests made by individuals to exercise their data subject rights to assess, delete and rectify concerns over their personal data. I love adventures!


Government Shutdown Leaves Americans More Vulnerable to Identity Theft, Scams

Adam Levin

For now, people who suspect they have been targeted by identity thieves should contact the Identity Theft Resource Center , and exercise as much caution as possible with their finances and when visiting government websites.



By exercising any control over the content on the Facebook platform, does Facebook take on some additional obligations? One of the exceptions to freedom of speech is falsely shouting fire in a crowded theater. Actually, the case in which Justice Holmes used this term may have been overturned or, as the lawyers say, distinguished.). “Facebook Cracks Down on Vaccine Misinformation,” The Wall Street Journal , March 8, 2019.

Thinking Through the WP Engine Acquisition of StudioPress


As a fun thought exercise I decided to think through the WP Engine and Studio Press acquisition. Specifically, what I would do, and think they will do, with the new. Read More. The post Thinking Through the WP Engine Acquisition of StudioPress appeared first on PerezBox. Business Business Tools And Resources Strategic Thinking

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

US-CERT warns of New Zealand mosque shooting scams and malware campaigns

Security Affairs

“Users should exercise caution in handling emails related to the shooting, even if they appear to originate from trusted sources.” In the wake of the New Zealand mosque shooting, the CISA recommends users to remain vigilant on possible scams and malware attacks.

Video 87

Nature and Nurture in Threat Modeling

Adam Shostack

What I normally say to this is I don’t think I’m naturally good at finding replay attacks in network protocols — my farming ancestors got no chance to exercise such talents, and so it’s a skill I acquired.

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week. Everybody worries about hacked voting machines.

Key Skills for Records Managers: How RIM Professionals Can Best Work With CPOs


Using role reversal exercises , records managers and CPOs can briefly assume the other’s position to understand one another better. Exercise likable leadership. If you can be kind and genuine, exercise humility, and listen to your CPO, your relationship and your work should progress. Key skills for records managers include the ability to foster good relations with Chief Privacy Officers (CPOs) in support of the company’s privacy program.

Destroying Barriers to Destruction


Going through a downsizing exercise at home has heightened my awareness of how difficult it is to let go of items. So it didn’t come as much of a surprise that the 2015 and 2017 Cohasset/ARMA IG Benchmark reports saw virtually no decline in the number of organizations (76%) that maintain a “keep everything culture,” and don’t have a formal secure destruction plan.

EU: European Court confirms journalism exception for citizen-journalists, but not in France?

DLA Piper Privacy Matters

Balancing exercise. French law qualifies professional journalists as those who exercise, in a professional capacity, the activity of a journalist, in compliance with the ethical rules of this profession. This interpretation was extended by the French Supreme Court, 25 September 2013) to individuals who exercise their professional activity in press companies that enjoy editorial independence. By Patrick Van Eecke, Denise Lebeau-Marianna and Laetitia Mouton.

Fitness apps: Good for your health, not so much for military security

The Security Ledger

That after researchers in the Netherlands discovered that data from the Polar fitness app revealed the homes and habits of those exercising in clandestine locations around the world, including intelligence agencies, military bases, nuclear. Fitness apps are proving to be a lot less beneficial to military security than they are for military fitness.

Cleaning house before the New Year


Europe exercises similar control, with the right to be forgotten. “China’s Internet Watchdog Closes Hundreds of Websites, Criticizes Tencent App,” The Wall Street Journal , January 24, 2019. China removes harmful, lewd, and vulgar information from the web, just weeks before Chinese New Year. Interesting interplay of Governance (who’s in charge?) and Compliance, all with Information in the background. The US couldn’t do this (could they?),

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. We have 480 days to go before the General Data Protection Regulation is “in force”. And then what?

GDPR 170

[Podcast] Preparing for a Lean, Mean, 2019


This exercise is often done both on a personal level in our daily lives as well as with our employers in our business lives.

ECM 52

CNIL Publishes Guidance on Data Sharing with Business Partners or Data Brokers

Hunton Privacy

The CNIL guidance states that individuals may exercise their right to object either directly by contacting the partner, or by contacting the organization who first collected the data. On December 28, 2018, the French Data Protection Authority (the “CNIL”) published guidance regarding the conditions to be met by organizations in order to lawfully share personal data with business partners or other third parties, such as data brokers.

MY TAKE: ‘Bashe’ attack theorizes a $200 billion ransomware raid using NSA-class cyber weapons

The Last Watchdog

The exercise was commissioned by Lloyd’s of London, the Cambridge Centre for Risk Studies and the Nanyang Technological University in Singapore, among others. A report co-sponsored by Lloyd’s of London paints a chilling scenario for how a worldwide cyberattack could trigger economic losses of some $200 billion for companies and government agencies ill-equipped to deflect a very plausible ransomware attack designed to sweep across the globe. Related: U.S.

Which is the tail and which is the dog?


Board tries to reduce the control exercised by an 80% shareholder. “CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge

The GDPR and the right to be forgotten

IT Governance

For the establishment, exercise or defence of legal claims. Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”.


Apollo – they can’t still be up to their old tricks?

Data Protector

Meeting the with senior partner was a great boost to my confidence as after a few questions and computer exercises (over the two meetings) I feel like I could head up NASA and solve world peace on the side.

The Tension between GDPR and Blockchain: Are they Polar Opposites or Can they Co-exist


GDPR on the other hand is designed to primarily enable data subjects to exercise greater degree of control over the processing of their personal information.