InfoSec and Compliance – With 20 years of blogging experience, DISC InfoSec blog is dedicated to providing trusted insights and practical solutions for professionals and organizations navigating the evolving cybersecurity landscape. From cutting-edge threats to compliance strategies, this blog is your reliable resource for staying informed and secure. Dive into the content, connect with the community, and elevate your InfoSec expertise!
Jul 29 2019
After the ICO issues $450 million of GDPR fines in a week, be sure you’re not next.
What You Need to Know about General Data Protection Regulation
DISC InfoSec – Previous articles in GDPR category
Jul 27 2019
When UK and US said it was Russia, they weren’t thinking of the litigators!
Among the victims was US food giant Mondelez – the parent firm of Oreo cookies and Cadburys chocolate – which is now suing insurance company Zurich American for denying a £76m claim filed in October 2018, a year after the NotPetya attack. According to the firm, the malware rendered 1,700 of its servers and 24,000 of its laptops permanently dysfunctional.In January, Zurich rejected the claim, simply referring to a single policy exclusion which does not cover “hostile or warlike action in time of peace or war” by “government or sovereign power; the military, naval, or air force; or agent or authority”.
What Does Cyber-Insurance Really Bring to the Table and…Are You Covered?
Cyber Insurance – an essential part of the risk mitigation strategy?
Jul 26 2019
Discover how to write a GDPR data breach notification procedure to help you with your GDPR compliance. Including a free template example. Read now
Source: How to write a GDPR data breach notification procedure – with template example – IT Governance Blog
Organizations must create a procedure that applies in the event of a personal data breach under Article 33 – “Notification of a personal data breach to the supervisory authority” – and Article 34 of the GDPR – “Communication of a personal data breach to the data subject”.
The picture above is an example of what a data breach notification might look like – available from the market-leading EU GDPR Documentation Toolkit – which sets out the scope of the procedure, responsibilities and the steps that will be taken by the organization to communicate the breach from:
Jul 25 2019
Protecting Controlled Unclassified Information
CCPA: What You Need to Know About California’s New Privacy Law
DISC helps business owners in California to meet the new 2018 requirements of the CCPA and how to implement the National Institute of Standards and Technology’s (NIST) 800-171 cybersecurity framework. The roadmap is provided specifically to the CCPA either for a business, agency or organization that is required to meet this new State Law and describes both technical and administrative measures that will attain an acceptable level of compliance for State certifying officials. Assessment will include but not limited to compliance with policies and procedures, security strategy/plan, and plan of actions & milestones. The initial assessment will determine the as-is state of your data privacy program business, legal and regulatory requirements. DISC will provide a target state (to-be) which will include tech controls, mgmt. control, and ops control to build your data privacy program based on NIST 800-171. So basically the transition plan (roadmap) will enumerate the details of how to get from as-is state to to-be state.
DISC Cybersecurity consultant support business and agencies effectively to meet the 110 security controls in NIST 800-171 which has become the de facto standard for cybersecurity compliance. It ensures that security policies and practices of the framework meet the intent of CCPA. Adequate security is defined by ”compliance” with the 110 NIST 800-171 security controls.
Jul 22 2019
Threat Intelligence At Microsoft: A Look Inside – Cyber Threat Intelligence Summit
Security Threat Tables
Live Cyber Attack Threat Map
World’s Biggest Data Breaches & Hacks
Check if you have an account that has been compromised in a data breach
Jul 21 2019
Get two risk management experts in a room, one financial and the other IT, and they will NOT be able to discuss risk.
Source: When It Come Down To It, Cybersecurity Is All About Understanding Risk
An Overview of Risk Assessment According to
ISO 27001
Jul 19 2019
The Small Business Cybersecurity Assistance Act may provide business owners with access to government-level tools to secure small business against attacks.
Source: The Problem With the Small Business Cybersecurity Assistance Act
The House passes Small Business Administration (SBA) Cyber Awareness Act (H.R. 2331), which requires the SBA to expand its ability to combat cyber threats.
Source: Small Business Cybersecurity: House Passes Key Bill – MSSP Alert
Jul 07 2019
How to Sell Cyber Security
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/07/Talking-cybersecurity-to-board.pdf” title=”Talking cybersecurity to board”]
Todd Fitzgerald’s book,
Information Security Governance Simplified:
From the Boardroom to the Keyboard, presents 15 chapters of advice and real-world experience on how to handle the roll out of an effective program …. Todd has taken the time to include for the reader some practical security considerations for managerial, technical, and operational controls. This is followed up with a discussion on how legal issues are impacting the information security program.
#TomPeltier, CISSP
Jul 05 2019
PowerShell is a valuable tool for automating Windows administration tasks, including laborious security chores
Source: 10 essential PowerShell security scripts for Windows administrators
Defending Against PowerShell Attacks
Jul 03 2019
SEIA bill, inspired by the 2015 cyber-attack on Ukraine’s power grid, passes Senate.
Source: US wants to isolate power grids with ‘retro’ technology to limit cyber-attacks | ZDNet
US power grid increasingly vulnerable to cyber threats
Jul 01 2019
Says bye bye to #BigBlue
Bruce Schneier: “Click Here to Kill Everybody” | Talks at Google
Jun 27 2019
Source: Western intelligence hacked ‘Russia’s Google’ Yandex to spy on accounts
Jun 25 2019
Over 2,000 devices have been bricked in the span of a few hours. Attacks still ongoing.
Source: New Silex malware is bricking IoT devices, has scary plans | ZDNet
How dangerous are IOT devices? | Yuval Elovici | TEDxBGU
Jun 24 2019
OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution.
Source: OpenSSH introduces a security feature to prevent Side-Channel Attacks
Jun 20 2019
Seth is a tool written in Python and Bash to MitM RDP connections by attempting to downgrade the connection in order to extract clear text credentials.
Source: Seth : Perform A MitM Attack From RDP Connections
Jun 19 2019
Researchers discovered a new JavaScript-based and modular downloader Trojan camouflaged and distributed to targets in the form of game cheats via websites owned by its developers.
Source: Hackers Disguise New JavaScript-Based Trojan as Game Cheat
Worst JavaScript Flaws That Hackers Love To Abuse
Jun 17 2019
The Cybersecurity and Infrastructure Security Agency (CISA) published an alert for Windows users to patch the critical severity Remote Desktop Services (RDS) RCE security flaw dubbed BlueKeep.
Source: U.S. Govt Achieves BlueKeep Remote Code Execution, Issues Alert
How to check if a target is vulnerable to the new RDP vulnerability (BlueKeep).
Jun 15 2019
In the report, the cybersecurity company Symantec claims that a Chinese hacker group associated with Chinese government intelligence conducted a hacking campaign using a tool that at the time was only known to be the property of the NSA.
Source: Chinese spies stole NSA hacking tools, report finds
Jun 12 2019
Researchers discovered two vulnerabilities in Alaris Gateway Workstations that are used to deliver fluid medication. One of them is critical and an attacker could leverage it to take full control of the medical devices connecting to it.
Source: Critical Bug in Infusion System Allows Changing Drug Dose in Medical Pumps
Healthcare privacy and security
