Posted by:
Last time I discussed why you should consider using the NIST Privacy framework as both a foundation and methodology for managing data protection and privacy risk management.
In this article, I’d like to explain how it works in practice.
Here we bring together facts and information from disparate and sometimes rather technical documents. When I began my research into the NIST Privacy framework, I saw it described as both “
Read More →
Last time I discussed the ‘Did they really do that?!’ kind of data breach, the one where you can’t quite see how an organization could manage to have that much data exposed that openly for that long. We all laugh, but as the news clearly demonstrates, it could happen to any company of any size with seemingly any budget.
Malicious actors, however, aren’t just sitting around waiting for the latest instance of an accidental data splurge. They’re ...
Read More →
Would you be surprised if someone told you that they felt even less secure online today, compared to five years ago?
All we hear about are big companies screwing up and losing user data
Nah. Me neither. As reports Mitchell Noordyke from iapp, “state level momentum for comprehensive privacy bills is at an all time high.
One of the hot topics now is whether the United States, Like the EU, ...
Read More →
OPSEC is a pretty familiar term in this industry, but reviewing its fundamental meaning and what it implies for us today in our current threat landscape is a useful exercise.
After all, being able to secure our systems and information from prying eyes from the likes of cyber thieves, scammers, ransomers, and so on, is a key priority for most businesses today.
OPSEC is the term the industry uses to talk about operational security. ...
Read More →Posted by:
Most of us are aware that California’s new consumer privacy law- CCPA – is set to take effect next January. While that might seem like eons away, it is not.
You might be forgiven for thinking that because you have twisted and strengthened your operation to comply with the EU’s General Data Protection Act, GDPR for short, you surely must be meeting the California privacy requirements.
Sadly – you are wrong. It’s ...
Read More →
We are steaming through October’s cybersecurity awareness month. We have talked about how ignoring the everyday scams, malware and data grabs is detrimental to individuals as well as your organization’s risk posture. In fact, passwords are still the number one attack vector. Don’t think for a moment that the password problem has gone away.
In 2017, a Verizon report stated that 95% of web application attacks take advantage of weak ...
Read More →Posted by:
Earlier this year, we wrote about supply chain risk, warning organizations to be more wary, especially since GDPR has come into full effect. That said, GDPR is by no means the only privacy regulation out there (consider Massachusetts’ CMR 17.00 or California’s 2018 Consumer Privacy Act. No longer can we assume little to no liability when it comes to third party processing or handling of sensitive data.
Read More →
25
JUL
2018
It is now 12 weeks until the new EU GDPR legislation becomes a globally enforceable law. GDPR is an important new EU-mandated regulation: it provides the foundation for how organizations around the globe collate and process sensitive customer information belonging to EU residents.
Some say this is the best thing since sliced bread, in that it gives back a modicum of control to some individuals whose data is being processed willy-nilly in many organizations around the globe. ...
Read More →
In this GDPR post, we provide you with a curated checklist to assist you during your journey to compliance with the new European GDPR regulation, coming into effect in May 2018. Learn more about GDPR and its implications in our previous articles:
EU GDPR demystified: a straightforward reference guide for US firms – Part One
EU GDPR demystified: a straightforward reference guide for US firms – Part Two
Understanding whether you are impacted by GDPR is a key first step. A survey, carried out at RSA 2017 by Imperva, found that just 43% of companies are preparing for GDPR, 29% were not preparing, and 28% were unaware of any specific preparations being made.
Even if you have no base in one of the EU’s 28 countries, you can still be held accountable if you mishandle the personal data of EU residents.
MORE FROM TBG SECURITY ON ...
Read More →
