In Boston Exercise, Election Hackers Bypass Voting Machines

The Security Ledger

At an exercise in Boston that imagined a cyber attack designed to disrupt an important election in a “swing state,” voting machines were not an issue.

Dept. of Energy announced the Liberty Eclipse exercise to test electrical grid against cyber attacks

Security Affairs

DoE announced the Liberty Eclipse exercise to test the electrical grid ‘s ability to recover from a blackout caused by cyberattacks. This is the first exercise that is going to test the “blackstart” cranking paths that were excluded from previous simulations.

Weekly podcast: TSB, hotel locks and NATO exercise

IT Governance

This week, we discuss TSB’s chaotic system upgrade, a security flaw in electronic hotel locks and a major NATO cyber security exercise. According to CCDCOE, the exercise is running from 23 to 27 April.

DNC Incident Was a Phishing Exercise

Dark Reading

False alarm sent Democratic National Committee into high alert this week amid concerns of a new cyberattack

Real Pen Work and Exercises for Flourishing

Archives Blogs

There are handwriting exercises as well as exercises for flourishing, the latter of which sounds suspiciously like something one would find on a clean eating and wellness blog.

False Alarm: Phishing Attack Against DNC Was Just a Test

Data Breach Today

Unannounced Exercise Stoked Voter Database Hacking Fears A website that appeared to be part of a phishing campaign designed to gain access to the Democratic National Committee's voter database has turned out to be part of an uncoordinated security exercise.

Mozilla's Guide to Privacy-Aware Christmas Shopping

Schneier on Security

Mozilla reviews the privacy practices of Internet-connected toys, home accessories, exercise equipment, and more

How Facebook and Google dodge EU data rules

Information Management Resources

The government-funded Norwegian Consumer Council issued a report showing that the tech companies’ rely on 'dark patterns' to discourage users from exercising their privacy rights. Data privacy Customer data Facebook Google

Calif. Man Pleads Guilty in Fatal Swatting Case, Faces 20+ Years in Prison

Krebs on Security

But it would also be nice if more police forces around the country received additional training on exercising restraint in the use of deadly force, particularly in responding to hostage or bomb threat scenarios that have hallmarks of a swatting hoax.

This is the old ChiefTech blog.: BEA's annual enterprise portal report and the 4th way

ChiefTech

Saturday, 10 November 2007 BEA's annual enterprise portal report and the 4th way Ok, its a marketing exercise by BEA so its going to be a little biased but their annual report on the state of the enterprise portal market is still worth a look. This is the old ChiefTech blog. Nice of you to drop in and visit. However, you need to come over and see my new blog at chieftech.com.au. ©2005-2009. ©2005-2009.

CNIL Details Rules On Audience and Traffic Measuring In Publicly Accessible Areas

Hunton Privacy

Since the data is anonymized, individuals cannot exercise their rights of access to and rectification of their personal data, and restriction to the processing of their data. These mechanisms should be accessible, functional, easy to use and realistic; Set up procedures to allow individuals to exercise their rights of access, rectification and objection after data has been collected; and. Individuals should also be able to exercise all the other GDPR data protection rights.

Weekly podcast: Bank of England, the OPM, Patch Tuesday and Japanese minister

IT Governance

This week, we discuss a Bank of England cyber resilience exercise, the latest cyber security news from the US Office of Personnel Management, the highlights of this month’s Patch Tuesday, and a surprising admission by a Japanese cyber security minister.

Key Skills for Records Managers: How RIM Professionals Can Best Work With CPOs

InfoGoTo

Using role reversal exercises , records managers and CPOs can briefly assume the other’s position to understand one another better. Exercise likable leadership. If you can be kind and genuine, exercise humility, and listen to your CPO, your relationship and your work should progress. Key skills for records managers include the ability to foster good relations with Chief Privacy Officers (CPOs) in support of the company’s privacy program.

Thinking Through the WP Engine Acquisition of StudioPress

PerezBox

As a fun thought exercise I decided to think through the WP Engine and Studio Press acquisition. Specifically, what I would do, and think they will do, with the new. Read More. The post Thinking Through the WP Engine Acquisition of StudioPress appeared first on PerezBox. Business Business Tools And Resources Strategic Thinking

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

Who Will Get the First Big GDPR Fine and How to Avoid It?

HL Chronicle of Data Protection

In July, Eduardo Ustaran spoke at Privacy Laws & Business’ International Conference in Cambridge about the sort of activities likely to prompt regulators into exercising their increased fining powers under the EU GDPR.

Podcast Episode 113: SAP CSO Justin Somaini and Election Hacks – No Voting Machines Required!

The Security Ledger

But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. But an exercise in Boston last week showed how hackers can compromise the vote without ever touching an election system. That’s the scenario of an exercise that took place high above Boston last week. Everybody worries about hacked voting machines.

National Cybersecurity Alliance advocates ‘shared responsibility’ for securing the Internet

The Last Watchdog

So we’ve boiled the NIST framework down into a very focused workshop exercise. We bring together 150 or so people into a room for morning and just work through exercises. The targeting of Sen. Claire McCaskill by Russian intelligency agency hackers, as she runs for re-election, underscores the need for each individual and organization to take online privacy and security as a core part of our everyday lives. Related: Using ‘gamification’ for security training.

What are the Data Subject Rights under the GDPR?

IT Governance

Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Updated 15 November 2018. This blog was originally published before the GDPR took effect in May 2018.

GDPR 55

Fitness apps: Good for your health, not so much for military security

The Security Ledger

That after researchers in the Netherlands discovered that data from the Polar fitness app revealed the homes and habits of those exercising in clandestine locations around the world, including intelligence agencies, military bases, nuclear. Fitness apps are proving to be a lot less beneficial to military security than they are for military fitness.

New broom sweeping

InfoGovNuggets

It’s unclear from this article whether this is just a normal change (therefore just a Governance issue, with the new CEO exercising his authority in the early days) or is somehow connected to the corruption scandal (and therefore somehow a consequence of some Compliance failure). “Goldman Shakes Up Top Ranks In Asia,” The Wall Street Journal , October 22, 2018 B3.

ICO Issues First Enforcement Action Under the GDPR

Hunton Privacy

AIQ is challenging the ICO’s decision and has exercised its right of appeal to the First-tier Tribunal, under section 162(1)(c) of DPA. The Information Commissioner’s Office (“ICO”) in the UK has issued the first formal enforcement action under the EU General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (the “DPA”) on Canadian data analytics firm AggregateIQ Data Services Ltd. (“AIQ”). AIQ”).

MY TAKE: Here’s how diversity can strengthen cybersecurity — at many levels

The Last Watchdog

military carry out training exercises for real life cyber warfare. Of the many cybersecurity executives I’ve interviewed, Keenan Skelly’s career path may be the most distinctive. Skelly started out as a U.S. Army Explosive Ordnance Disposal (EOD) Technician. “I I was on the EOD team that was actually assigned to the White House during 9/11, so I got to see our national response framework from a very high level,” she says.

What (currently ignored) privacy area might result in early enforcement action when the GDPR is in force?

Data Protector

And also, what standard of evidence is necessary to be generated, just in case privacy regulators exercise their Article 30(4) right to request it. We have 480 days to go before the General Data Protection Regulation is “in force”. And then what?

Communicating About Cybersecurity in Plain English

Lenny Zeltser

I’m not suggesting that the resulting statement should replace the original text; instead, I suspect this exercise will train you to write more plainly and succinctly.

Which is the tail and which is the dog?

InfoGovNuggets

Board tries to reduce the control exercised by an 80% shareholder. “CBS Board Defies Shari Redstone,” The Wall Street Journal , May 18, 2018 B1. This is going to be fun to watch (if you’re not one of the other shareholders). Interesting question on what the controlling shareholder (and the Board) can and cannot do. Board Controls Corporation Directors Duty Governance Internal controls Investor relations Oversight Shareholders Who is in charge

The GDPR and the right to be forgotten

IT Governance

For the establishment, exercise or defence of legal claims. Something that’s drawn a lot of attention in the lead up to the General Data Protection Regulation (GDPR) compliance deadline is “the right to erasure”, also known as the “right to be forgotten”.

GDPR 69

Check Your Fax: Hackers Find New Entry to Networks

Adam Levin

It’s long been known that organizations need to exercise extreme caution when jettisoning old office equipment, especially if it has built-in memory—and that it’s even more crucial to bear in mind that hackers can utilize digital or carbon-based memory.

Apollo – they can’t still be up to their old tricks?

Data Protector

Meeting the with senior partner was a great boost to my confidence as after a few questions and computer exercises (over the two meetings) I feel like I could head up NASA and solve world peace on the side.

What is ‘privacy by design’?

IT Governance

Organisations can often process significantly more data than they realise, so it is vital that they perform mapping exercises to keep track of them all.

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. For example, beyond the immediate benefit of assessing risks and identifying legal obligations, a data mapping exercise can promote organizational hygiene, identify problematic practices and security risks, and uncover operational inefficiencies.

The (discrete) search for the new Information Commissioner

Data Protector

In determining how precisely how laws will be enforced, the Commissioner currently exercises his own judgment (supported, presumably, by the ICO Board and his Executive Committee).

Artificial Intelligence: 6 Step Solution Decomposition Process

Bill Schmarzo - Dell EMC

We will use this “increase customer retention/reduce customer attrition” business initiative for the rest of this exercise. To support the data brainstorming exercise, we would simply add the phrase “and what data might I need to make that prediction?” The results of this exercise might look like Figure 7. It’s simple.

CNIL Publishes Initial Assessment on Blockchain and GDPR

Hunton Privacy

In addition, the CNIL examined solutions to enable data subjects to exercise their data protection rights. How to Ensure that Data Subjects Can Effectively Exercise Their Data Protection Rights.

Expert disclosed an unpatched zero-day flaw in all supported versions of Microsoft Windows

Security Affairs

In the absence of a patch, the only salient mitigation strategy is to exercise caution and not open files from untrusted sources.” . A security researcher from Trend Micro Security Research team disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows.

Trends 101

The Customer Journey Digital Transformation Workbook

Bill Schmarzo - Dell EMC

To support this training, we created a methodology that guided the students through a digital transformation exercise. What Does “Taking a Vacation” Success Look or Feel Like (a surprisingly interesting and effective exercise). For our classroom exercise, we came up with the following “Taking a Vacation” stages: Plan Vacation. In a future blog, I will share the results of that exercise. Digital Transformation is becoming a business mandate.

All companies need to be more transparent – it’s in everyone’s interest

Privacy Surgeon

Of course companies conduct polling exercises continuously, and most were never intended for public release. By Simon Davies. I predict it’s only a matter of time before corporations feel the heat of public expectation to release more data about their operations.

Next-gen exercise bike startup Peloton using MakerBot 3D printers to race ahead of the pack

3ders

New York City-based Peloton, a startup that produces next-generation exercise bikes with touchscreen consoles and WiFi connectivity, is using MakerBot 3D printers to prototype new designs. Up-and-coming exercise specialist Peloton is changing the way people approach keeping fit.

IT 0

What are the Data Subject Rights under the GDPR?

IT Governance

Organisations must let individuals know how they can exercise these rights, and meet requests promptly. Even though the EU General Data Protection Regulation (GDPR) is now in effect, many organisations are still working towards compliance.

GDPR 55

Subject Access Requests in Scotland: Do you know what data is held about you?

IT Governance

Recital 63 of the GDPR states: “a data subject should have the right of access to personal data which have been collected concerning him or her, and to exercise that right easily and at reasonable intervals, in order to be aware of, and verify, the lawfulness of the processing”.

Department of Commerce Updates Privacy Shield FAQs

Hunton Privacy

When responding to individuals seeking to exercise their rights under the Privacy Shield Principles, the FAQs state that a processor should respond pursuant to the instructions of the EU data controller. Recently, the Department of Commerce updated its frequently asked questions (“FAQs”) on the EU-U.S. and Swiss-U.S.

California Consumer Privacy Act: The Challenge Ahead — Data Mapping and the CCPA

HL Chronicle of Data Protection

As part of our ongoing series on the CCPA and its implications, this post sets out key issues and questions to consider when contemplating a data mapping exercise. This is the third installment in Hogan Lovells’ series on the California Consumer Privacy Act.

GDPR Italian Implementing Decree Has Been Published

HL Chronicle of Data Protection

However, the Decree introduces the possibility to prohibit the exercise of such rights, only with regard to the direct offer of information society services, with a written statement (which can be withdrawn at any time). On 4 September, the Legislative Decree no.