• Skip to content
  • Skip to menu

DISC InfoSec blog

InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise! 

Rss 2.0

  • Home
  • About
  • Contact
  • InfoSec Books
  • InfoSec Threats
  • InfoSec webinars & blogs

Sep 06 2024

9 data governance strategies that will unlock the potential of your business data

Category: data security,IT Governance,Metadata — disc7 @ 7:46 am

The article from IBM emphasizes the critical role of data governance in ensuring high-quality, secure, and accessible data, which is vital for organizations aiming to leverage emerging technologies like AI, ML, and automation.

Effective data governance acts like air traffic control, managing the flow of data to ensure integrity and prevent misuse. Without proper governance, organizations risk basing decisions on inaccurate data or suffering breaches that can lead to financial losses and erode trust. Data governance also ensures organizations have access to real-time, high-quality data, enabling them to make better business decisions, optimize operations, and maintain compliance with regulations.

Establishing an effective data governance framework requires a long-term commitment, collaboration across departments, and thoughtful implementation. Organizations should start small, define roles and responsibilities, secure stakeholder buy-in, and select the right tools to manage data. Continuous monitoring, improvement, and alignment with broader business strategies are essential for sustained success. Strong data security practices, adherence to privacy regulations, and the use of maturity models help organizations build a dynamic governance ecosystem that evolves alongside the business, fostering a culture that views data as a strategic asset.

Details of 9 data governance strategies

The Data Governance Imperative

Data Governance: How to Design, Deploy, and Sustain an Effective Data Governance Program

InfoSec services | InfoSec books | Follow our blog | DISC llc is listed on The vCISO Directory | ISO 27k Chat bot

Tags: Data Governance

Comments (0)


Apr 23 2021

TikTok sued over its use of children’s personal data

Category: data security,Metadata — DISC @ 10:31 am
TikTok sued over its use of children’s personal data

TikTok is again being accused of illegally processing children’s personal data.

The latest claim has been brought by Anne Longfield, the former children’s commissioner for England, who is suing the video-sharing app on behalf of 3.5 million children in the UK.

She alleges that TikTok is violating the GDPR (General Data Protection Regulation) by collecting excessive data and failing to explain what it’s used for.

Children’s data is subject to special protections under the GDPR, including the requirement that privacy policies must be written in a way that’s understandable to the service’s target audience.

Today I’m launching a legal claim against @tiktok_uk on behalf of millions of children whose data was illegally taken and transferred to unknown third parties for profit. Learn more about our fight to protect children's privacy @TikTokClaimUK for updates https://t.co/eSCxj4Jwql pic.twitter.com/LBvNHq7Oth

— Anne Longfield (@annelongfield) April 21, 2021

Tags: children’s personal data

Comments (0)


Mar 23 2021

Best Practices for Data Hygiene

Category: data security,Information Security,Metadata — DISC @ 2:28 pm
5 Data Hygiene Best Practices To Keep Your Data Reliable - Winpure

Data hygiene consists of actions that organizations can, and should, take as a matter of following not only compliance requirements, but also as part of basic risk management program practices. Consistent, risk-specific data hygiene practices supports not only a very wide range and number of data protection compliance requirements, but performing data hygiene activities also demonstrably improves an organization’s data security effectiveness without significantly increasing IT or information security costs. Most of these actions involve people performing activities that all personnel within an enterprise can take. No specialized tools are typically needed—just some training and ongoing awareness reminders, or periodic use of data management tools.

These actions serve to:

  • limit the amount of data collected to only that which is necessary to support the purposes of the data collection
  • keep data from being modified in unauthorized ways, or accidentally
  • destroy/delete data when it is no longer needed to support the purpose(s) for which it was collected and to meet legal retention requirements
  • prevent access to data to only those entities (devices, individuals, accounts, etc.) that have a business/validated need to access the data
  • not share data with others unless necessary and with the consent of those about whom the data applies, as applicable
  • keep your own personal and business data from being used and posted in ways for which you did not consent or is not necessary to support the purposes for which you originally allowed the data to be collected or derived
  • keep unauthorized entities from accessing data

Source: Best Practices for Data Hygiene

Tags: Data Hygiene

Comments (0)


Mar 15 2021

Metadata Left in Security Agency PDFs

Category: Metadata — DISC @ 10:33 am
Metadata Left in Security Agency PDFs

Really interesting research:

“Exploitation and Sanitization of Hidden Data in PDF Files”

Abstract: Organizations publish and share more and more electronic documents like PDF files. Unfortunately, most organizations are unaware that these documents can compromise sensitive information like authors names, details on the information system and architecture. All these information can be exploited easily by attackers to footprint and later attack an organization. In this paper, we analyze hidden data found in the PDF files published by an organization. We gathered a corpus of 39664 PDF files published by 75 security agencies from 47 countries. We have been able to measure the quality and quantity of information exposed in these PDF files. It can be effectively used to find weak links in an organization: employees who are running outdated software. We have also measured the adoption of PDF files sanitization by security agencies. We identified only 7 security agencies which sanitize few of their PDF files before publishing. Unfortunately, we were still able to find sensitive information within 65% of these sanitized PDF files. Some agencies are using weak sanitization techniques: it requires to remove all the hidden sensitive information from the file and not just to remove the data at the surface. Security agencies need to change their sanitization methods.

Metadata (The MIT Press Essential Knowledge series)

Tags: Metadata Left in Security

Comments (0)



  • Click below to Follow DISC InfoSec blog
      👇           👇           👇

    Follow DISC InfoSec blog

    Get new posts by email:
    Powered by follow.it
  • DISC InfoSec Services

    👉 Download a Virtual CISO (#vCISO) and Security Advisory Fact Sheet & Cybersecurity Cheat Sheet
  • Get a Cyber Aware Cheat Sheet now!
  • DISC InfoSec Store

    DISC online store for recommended InfoSec products

  • DISC InfoSec Online Services
    DISC InoSec Services
  • Download ISO27k Standards

    vCISO as a service



  • Search DISC InfoSec blog
  • Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
  • Blogroll
    • (ISC)2 blog
    • Aylward blog
    • CERT Podcast
    • Gartner
    • Get Safe Online
    • IdentityTheft.org.uk
    • Krebs on security
    • MicroSoftTechNet
    • Noticebored blog
    • SANS Internet Storm Center
    • Schneier blog
  • Archives
  • Categories
  • Tags
    API Security Business Chief Information Security Officer CISA CISO Cloud computing cloud security Computer security Credit card cyberwarfare dark web data breach data privacy data security facebook gdpr Google Hacking Identity Theft Information Security Information Security Management System International Organization for Standardization isms ISO/IEC 27001 iso 27001 ISO 27001 2022 iso 27001 certification iso 27002 Log4shell Malware Microsoft MITRE ATT&CK Open source pci dss Pegasus spyware phishing privacy Ransomware Protection Playbook Risk Assessment Risk management Security Security Risk Assessment Spyware United States vCISO
  • For an InfoSec and Compliance question
    Contact us

  • Best Sellers Books in Computer Security

    New Releases in Computer Security

top

Powered by WordPress and Stardust

Created by Tommaso Baldovino