DuckDuckGo, the privacy-focused search engine, announced that August 2020 ended in over 2 billion total searches via its search platform.
Source: Privacy-focused search engine DuckDuckGo is growing fast
Sep 16 2020
Privacy-focused search engine DuckDuckGo is growing fast
Aug 18 2020
Privacy eLearning – Staff InfoSec & Compliance Awareness
Privacy eLearning & Staff Awareness
- Access staff awareness e-learning programs and train staff on best practice processes
- Ensure staff can spot and respond to cybersecurity and privacy risks
- Comply with data protection and information security legislation and standards
- Test learner knowledge to prove compliance for auditing purposes
- Train staff under one, manageable contract with these cost-effective annual licenses
- Developed by industry experts our programs are updated every three months to ensure the content remains relevant
- Gain access to any new content ITG release throughout your year-long contract
- Customize the courses by adding links to company documents, policies, and procedures
- Fast deployment with instant access to all of the courses
- Reinforce awareness with monthly security updates, which include the latest news and tips
1) Complete Staff Awareness E-learning Suite
2) GDPR Challenge E-learning Game
3) GDPR Staff Awareness E-learning Course
4) GDPR: Email Misuse Staff Awareness E-Learning Course
5) Information Security & ISO 27001 Staff Awareness E-Learning Course
6) PCI DSS Staff Awareness E-Learning Course
7) Information Security Staff Awareness E-Learning Course
8) Phishing Staff Awareness E-Learning Course
9) Data Protection Awareness Posters
10) Phishing Awareness Posters
11) The ISMS Card Game
Aug 11 2020
WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google
TikTok skirted a privacy safeguard in Google’s Android operating system to collect unique identifiers from millions of mobile devices, data that allows the app to track users online without allowing them to opt out, a Wall Street Journal analysis has found.
The tactic, which experts in mobile-phone security said was concealed through an unusual added layer of encryption, appears to have violated Google policies limiting how apps track people and wasn’t disclosed to TikTok users. TikTok ended the practice in November, the Journal’s testing showed.
The identifiers collected by TikTok, called MAC addresses, are most commonly used for advertising purposes. The White House has said it is worried that users’ data could be obtained by the Chinese government and used to build detailed dossiers on individuals for blackmail or espionage.
Source: WSJ News Exclusive | TikTok Tracked User Data Using Tactic Banned by Google
Cyber Espionage
Download a Security Risk Assessment Steps paper!
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Subscribe to DISC InfoSec blog by Email
👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
Jul 17 2020
Twitter stepped up search to fill top security job ahead of hack
Search for a chief information security officer
Twitter Inc had stepped up its search for a chief information security officer in recent weeks, two people familiar with the effort told Reuters, before the breach of high-profile accounts on Wednesday raised alarms about the platform’s security. Twitter said hackers had targeted employees with access to its internal systems and “used this access to take control of many highly-visible (including verified) accounts.”
The second and third rounds of hijacked accounts tweeted out messages telling users to send bitcoin to a given address in order to get more back. Publicly available blockchain records show the apparent scammers received more than $100,000 worth of cryptocurrency.
The U.S. House Intelligence Committee was in touch with Twitter regarding the hack, according to a committee official who did not wish to be named.
Source: Twitter stepped up search to fill top security job ahead of hack
Twitter says 130 accounts were targeted in hack
httpv://www.youtube.com/watch?v=4pquwx-doYg
Explore latest CISO Titles at DISC InfoSec
Download a Security Risk Assessment Steps paper!
Subscribe to DISC InfoSec blog by Email
Take an awareness quiz to test your basic cybersecurity knowledge
DISC InfoSec 🔒 securing the business 🔒 via latest InfoSec titles
Jun 14 2020
Tech firms suspend use of ‘biased’ facial recognition technology
Amazon, IBM and now Microsoft ban the sale of facial recognition technology to police departments and are urging for federal laws to regulate its use.
Source: Tech firms suspend use of ‘biased’ facial recognition technology
Download a Security Risk Assessment steps paper!
Subscribe to DISC InfoSec blog by Email
Why Cities Are Banning Facial Recognition Technology | WIRED
httpv://www.youtube.com/watch?v=sYftT5YgwVI
Facial-recognition technology: safe or scary?
httpv://www.youtube.com/watch?v=-yvxbi5GMnA
ARTIFICIAL INTELLIGENCE Dangers to Humanity: AI, U.S., China, Big Tech, Facial Recogniton, Drones, Smart Phones, IoT, 5G, Robotics, Cybernetics, & Bio-Digital Social Programming
May 31 2020
State-Based Contact Tracing Apps Could Be a Mess
With no nationwide Covid-19 notification software in sight, security and interoperability issues loom large.
Source: State-Based Contact Tracing Apps Could Be a Mess
Big Tech’s Contact-Tracing Apps Might Make Things Worse | Mashable
httpv://www.youtube.com/watch?v=ViA0xR5q_w4
Coronavirus outbreak: What are the privacy risks behind ‘contact tracing’ apps?
httpv://www.youtube.com/watch?v=FmbOxY7yBL0
Ebola virus disease contact tracing activities, lessons learned
Download a Security Risk Assessment Checklist paper!
Subscribe to DISC InfoSec blog by Email
Dec 19 2019
ISO/IEC 27701 2019 Standard and Toolkit
ISO/IEC 27701 is the international standard that serves as an extension to an ISO 27001/ ISO 27002 #ISMS (information security management system). It provides guidelines for implementing, maintaining, and continually improving a #PIMS (privacy information management system).
Develop a privacy information management system as an extension to your ISO 27001-conformant ISMS with ISO/IEC 27701. Supports GDPR compliance.
SECURITY TECHNIQUES — EXTENSION TO ISO/IEC 27001 AND ISO/IEC 27002 FOR PRIVACY INFORMATION MANAGEMENT SYSTEM #PIMS
Key features:
* The Standard includes mapping to the GDPR, ISO/IEC 29100, ISO/IEC 27018, and ISO/IEC 29151
* Integrates with other management system standards, including the information security standard, ISO/IEC 27001
* Provides PIMS-specific guidance for ISO/IEC 27002
* Specifies requirements and provides guidance for establishing, implementing, maintaining, and continually improving a PIMS
* Supports compliance with the GDPR and DPA 2018
* Provides guidance for data controllers and processors responsible for processing personal data
ISO 27701 Gap Analysis Tool
Achieve full compliance with ISO 27701:2019
The ISO 27701 Gap Analysis Tool has been created to help organizations identify whether they are meeting the requirements of the Standard and where they are falling short. Note that this tool assumes that you have a complete and functioning ISO 27001:2013 ISMS (information security management system).
It helps organizations prioritise work areas in order to expand an existing ISMS to take account of privacy. It also gives organizations direction, helping project managers identify where to start.
What does the tool do?
The tool is designed to work in any Microsoft environment. It does not need to be installed like software, and it does not depend on complex databases; it relies on human involvement.
ISO 27701 The New Privacy Extension for ISO 27001
httpv://www.youtube.com/watch?v=-NUfTDXlv30
Quick Guide to ISO/IEC 27701 – The Newest Privacy Information Standard
httpv://www.youtube.com/watch?v=ilw4UmMSlU4
General Data Protection Regulation (GDPR) | The California Consumer Privacy Act (CCPA)
Subscribe to DISC InfoSec blog by Email
Oct 06 2019
A CISO’s Guide to Bolstering Cybersecurity Posture
When It Come Down To It, Cybersecurity Is All About Understanding Risk
Risk Management Framework for Information Systems
How to choose the right cybersecurity framework
Improve Cybersecurity posture by using ISO/IEC 27032
httpv://www.youtube.com/watch?v=NX5RMGOcyBM
Cybersecurity Summit 2018: David Petraeus and Lisa Monaco on America’s cybersecurity posture
httpv://www.youtube.com/watch?v=C8WGPZwlfj8
CSET Cyber Security Evaluation Tool – ICS/OT
httpv://www.youtube.com/watch?v=KzuraQXDqMY
Subscribe to DISC InfoSec blog by Email
Aug 27 2019
What the New NIST Privacy Framework Means to You
Big news is coming when NIST takes the wraps off a new privacy framework. Thanks to the General Data Privacy Regulation (GDPR) of the European Union, which took full effect in May 2018, privacy is at center stage worldwide. Penalties are being meted out for violations, and organizations of all kinds need to understand and comply with the law. In addition, the California Consumer Privacy Act (CCPA) was enacted in June 2018, with many other states working on similar bills.
Source: What the New NIST Privacy Framework Means to You
Developing the NIST Privacy Framework – Part 1
httpv://www.youtube.com/watch?v=W-snx9jRFf4
Developing the NIST Privacy Framework – Part 2
httpv://www.youtube.com/watch?v=gZ7ED0t09zk
Developing the NIST Privacy Framework – Part 3
NIST Privacy Framework: An Enterprise Risk Management Tool
Jul 30 2019
How to become a data protection officer
As you might have expected, the GDPR (General Data Protection Regulation) has created a spike in demand for data protection and privacy experts. Organisations are desperate to hire people who can guide them towards regulatory compliance and avoid large fines. In this latest blog discover what a DPO’s tasks are and how to become one.
For many organizations, this isn’t just a wish; they are legally required to find such a person and appoint them as a DPO (data protection officer).
The demand for DPOs makes it an ideal job role for those looking to advance their career. You need plenty of experience, as well as demonstrable soft skills, but it provides an opportunity with plenty of room for growth. Let’s take a look at how you can get started.
WHAT A DPO DOES
It’s worth summarising exactly what a DPO’s tasks are because you’ll see that they are responsible for more than simply reviewing GDPR compliance.
Yes, they are broadly tasked with advising organizations on how to comply with their legal requirements concerning data protection. But that doesn’t just include things like monitoring policies and looking into the need for DPIAs (data protection impact assessments).
It also involves helping staff understand their data protection obligations and serving as a point of contact for individuals who contact the organization with data protection and privacy queries.
This means that DPOs will be regularly discussing the GDPR to people who aren’t technically minded. As such, they must have strong communication skills and be capable of explaining complex issues without using jargon.
It’s much harder to teach skills like that than to train someone on the ins and outs of the GDPR, but still eminently possible.
SPECIALIST DPO TRAINING
If you’re interested in becoming a DPO, you will benefit massively from taking a training course dedicated to the role. It will help you understand the technical requirements of the GDPR and how they apply to each part of your job role and give you practical experience of the tasks you’re responsible for.
For example, you can understand exactly what’s required when performing, say, a DPIA, but you need to be aware of your boundaries. DPOs must operate independently and without any conflict of interest. Taking too active a role in tasks like this jeopardize your status as an advisor and violate the GDPR’s requirements.
IT Governance’s Certified Data Protection Officer (C-DPO) Masterclass Training Course gives you the technical and spatial expertise you need to become a DPO.
Over four days, our expert trainers will help you hone your knowledge of the GDPR and show you how to use that knowledge appropriately while fulfilling your tasks as a DPO.
If you already have a strong understanding of the GDPR, you might prefer our Certified Data Protection Officer (C-DPO) Upgrade Training Course.
This two-day course builds on the knowledge you would have gained from passing the GDPR Practitioner exam, focusing on the practical application of the Regulation in the workplace.
Source: How to become a data protection officer
GDPR Training
  |
  |
  |
  |
Jul 26 2019
How to write a GDPR data breach notification procedure – with template example
Discover how to write a GDPR data breach notification procedure to help you with your GDPR compliance. Including a free template example. Read now
Source: How to write a GDPR data breach notification procedure – with template example – IT Governance Blog
Personal data breach notification procedures under the GDPR
Organizations must create a procedure that applies in the event of a personal data breach under Article 33 – “Notification of a personal data breach to the supervisory authority” – and Article 34 of the GDPR – “Communication of a personal data breach to the data subject”.
Help with creating a data breach notification template
The picture above is an example of what a data breach notification might look like – available from the market-leading EU GDPR Documentation Toolkit – which sets out the scope of the procedure, responsibilities and the steps that will be taken by the organization to communicate the breach from:
- Data processor to data controller;
- Data controller to supervisory authority; and
- Data controller to data subject.
May 31 2019
Secure, Share & Edit All Your Files From Anywhere | Box
Secure File Sharing – 256-bit AES encryption
Secure File Sharing: Easily and securely share files—even sensitive or confidential ones—without worry.
Source: Secure, Share & Edit All Your Files From Anywhere | Box
May 27 2019
Cyberattacks against hospitals increased over 1000% last year
Cyberattacks against hospitals increased over 1000% last year : cybersecurity IICS Delhi Ethical Hacking Digital Forensics services
Source: Cyberattacks against hospitals increased over 1000% last year
What happens when hackers attack a hospital?
 
|
 
|
May 24 2019
Maker of US border’s license-plate scanning tech ransacked by hacker, blueprints and files dumped online
Perceptics confirms intrusion and theft, stays quiet on details
Digital License Plates: Convenience or Privacy Risk?
May 21 2019
Microsoft wants a US privacy law that puts the burden on tech companies
On the first anniversary of #GDPR, Microsoft calls for a similar privacy law in the US that puts the burden on the companies that collect and use sensitive data.
Europe’s privacy law went into effect nearly a year ago. It’s time for the US to catch up, the tech giant says.
Source: Microsoft wants a US privacy law that puts the burden on tech companies
May 14 2019
California is bringing law and order to big data. It could change the internet in the U.S.
⚖️ California is bringing law and order to big data ⚖️
California Expands Consumer Privacy Protections | The California Consumer Privacy Act, or CCPA, gives residents of California the ability to request the data that businesses collect on them, demand that it be deleted, and opt out of having that data sold to third parties, among other things.
The state’s attorney general wants to avoid a troubled rollout, à la Obamacare, when the far-reaching restrictions on user data go into effect on Jan. 1.
Source: California is bringing law and order to big data. It could change the internet in the U.S.
here’s the no paywall copy of the article… https://archive.fo/NmU9E
Apr 16 2019
Google’s location history data shared routinely with police
Law enforcement officials in the US have been routinely mining Google’s location history data for criminal investigations.
Source: Google’s location history data shared routinely with police
Feb 22 2019
Discovery of cameras built into airlines’ seats sparks privacy concerns
A viral tweet prompted closer scrutiny.
Source: Discovery of cameras built into airlines’ seats sparks privacy concerns
Jan 27 2019
How WhatsApp Merger With Facebook Messenger Puts Your Privacy At Risk
Facebook Messenger, Instagram and WhatsApp are to be integrated under the hood so that messages will travel across a unified communications platform. So, what are the implications on privacy for users of these services?
Source: How WhatsApp Merger With Facebook Messenger Puts Your Privacy At Risk
Apr 03 2014
Is privacy a dependency of information security
Privacy (Photo credit: g4ll4is)
Is privacy a dependency of information security?
by Jamie Titchener
If you read the news on a regular basis, you will find that most of the cyber security or data protection articles play heavily on the fear of an individual’s privacy being compromised.
But what many people don’t seem to realize is that privacy is in fact a dependency of information or cyber security. Only by having in place adequate information or cyber security policies and procedures can an organization ensure the privacy of their stakeholders, including customers, staff, suppliers, etc.
Whilst there are some unique challenges faced in the area of privacy relating to governmental legislation such as the UK Data Protection Act, organizations can start to effectively address many of the privacy concerns that their stakeholders have by adopting an approach such as implementing an ISMS that complies with ISO/IEC 27001/2.
By combining the right mix of people, process and technology in an ISMS, organizations can effectively manage many of the privacy risks that people are concerned about.
Find out more about ISO/IEC 27001 in An Introduction to ISO/IEC 27001 2013.
Related articles
« Previous Page — Next Page »
