3D Electric powerlines over sunrise
Countries could launch damaging attacks against gas pipelines and electricity grid, says assessment.
Source: Cyber attacks: China and Russia can disrupt US power networks warns intelligence report | ZDNet
Jan 29 2019
Cyber attacks: China and Russia can disrupt US power networks warns intelligence report | ZDNet
Jan 29 2019
Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool
The Hawkeye Scanner CLI is a project security, vulnerability and general risk highlighting tool. It is meant to be integrated into your pre-commit hooks
Source: Scanner CLI : A Project Security/Vulnerability/Risk Scanning Tool
Jan 28 2019
Attackers used a LinkedIn job ad and Skype call to breach bank’s defences
A Chilean Senator has taken to Twitter with alarming news – the company running the country’s ATM network suffered a serious cyberattack.
Source: Attackers used a LinkedIn job ad and Skype call to breach bank’s defences
Jan 27 2019
How WhatsApp Merger With Facebook Messenger Puts Your Privacy At Risk
Facebook Messenger, Instagram and WhatsApp are to be integrated under the hood so that messages will travel across a unified communications platform. So, what are the implications on privacy for users of these services?
Source: How WhatsApp Merger With Facebook Messenger Puts Your Privacy At Risk
Jan 25 2019
How a Security Vendor Tricked Social Media Phishers
UK-based Fidus Information Security was targeted by angler phishing
Source: How a Security Vendor Tricked Social Media Phishers
Subscribe to DISC InfoSec blog by Email
Jan 25 2019
Windows 7 migration warning: Plan now to avoid security worries later | ZDNet
Malware can spread much more easily on obsolete platforms, warns security body. With less than a year until the end of Windows 7 support, don’t get caught out.
Source: Windows 7 migration warning: Plan now to avoid security worries later | ZDNet
Subscribe to DISC InfoSec blog by Email
Jan 24 2019
Google Creates Online Phishing Quiz
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
Source: Google Creates Online Phishing Quiz
Subscribe to DISC InfoSec blog by Email
Jan 24 2019
Security is the no. 1 IT barrier to cloud and SaaS adoption
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
Source: Security is the no. 1 IT barrier to cloud and SaaS adoption
Jan 23 2019
Center for Internet Security releases Microsoft 365 benchmarks
Follow the guidance in this CIS document to configure Microsoft 365 security settings to the level that suits your organization.
Source: Center for Internet Security releases Microsoft 365 benchmarks
Jan 23 2019
Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
Here we have great news for all iPhone Jailbreak lovers and concerning one for the rest of iPhone users.
A Chinese cybersecurity researcher has today revealed technical details of critical vulnerabilities in Apple Safari web browser and iOS that could allow a remote attacker to jailbreak and compromise victims’ iPhoneX running iOS 12.1.2 and before versions.
Source: Chinese Hacker Publishes PoC for Remote iOS 12 Jailbreak On iPhone X
Jan 22 2019
Did you win at online casinos? Your data might have had exposed online
Data belonging to online casinos found exposed online on unprotected Elastic search instance, it includes info on 108 million bets and user details
Source: Did you win at online casinos? Your data might have had exposed online
Jan 22 2019
Businesses can safely delay patching most vulnerabilities
Patching vulnerabilities is often seen as a key element of keeping systems secure. But a new report suggests businesses could be ‘smarter’ in their patching regimes and prioritize the i…
Source: Businesses can safely delay patching most vulnerabilities
🔒 securing the business 🔒
DISC InfoSec
Jan 21 2019
New Rocke Group Malware Turns off Your Cloud Security Tools
A new Rocke Group malware sample “captured” and analysed by Palo Alto Networks Unit 42 has adopted code to uninstall five cloud security protection products
Source: New Rocke Group Malware Turns off Your Cloud Security Tools
🔒 securing the business 🔒
DISC InfoSec
Jan 21 2019
Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch
A micropatch is now available for a zero-day vulnerability in Windows that allows unauthorized read access with the highest privileges to any file on the operating system.
Source: Windows Zero-Day Bug That Lets Attackers Read Any File Gets Micropatch
Jan 21 2019
Iranian developer advertised BlackRouter Ransom-as-a-Service
An Iranian developer is promoting on a Telegram hacking channel the BlackRouter ransomware through a Ransomware-as-a-Service model.
Source: Iranian developer advertised BlackRouter Ransom-as-a-Service
Jan 20 2019
8 Tips for Monitoring Cloud Security
Cloud security experts weigh in with the practices and tools they prefer to monitor and measure security metrics in the cloud.
Source: 8 Tips for Monitoring Cloud Security
🔒 securing the business 🔒
DISC InfoSec
Jan 19 2019
3 Compelling Reasons To Invest In Cyber Security – Part 3
Cyber security is among the essential subjects to boards, alongside business strategy and leadership. Your compelling case to gain an investment is now here!
Source: 3 Compelling Reasons To Invest In Cyber Security – Part 3
🔒 securing the business 🔒
DISC InfoSec
Sep 25 2018
Privacy notice under the GDPR
A privacy notice is a public statement of how your organisation applies data protection principles to processing data
Articles 12, 13 and 14 of the GDPR outline
The GDPR says that the information you provide must be:
- Concise, transparent, intelligible and easily accessible;
- Written in clear and plain language, particularly if addressed to a child; and
- Free of charge.
Help with creating a privacy notice template
The privacy notice should address the following to sufficiently inform the data subject:
- Who is collecting the data?
- What data is being collected?
- What is the legal basis for processing the data?
- Will the data be shared with any third parties?
- How will the information be used?
- How long will the data be stored for?
- What rights does the data subject have?
- How can the data subject raise a complaint?
Below is an example of a customisable privacy notice template, available from IT Governance here.
Example of the privacy notice template available to purchase from IT Governance
If you are looking for a complete set of GDPR templates to help with your compliance project, you may be interested in the market-leading EU GDPR Documentation Toolkit. This toolkit is designed and developed by expert GDPR practitioners
- A complete set of easy-to-use and customisable documentation templates, which will save you time and money and ensure GDPR compliance;
- Helpful dashboards and project tools to ensure complete GDPR coverage;
- Direction and guidance from expert GDPR practitioners
; and
- Two licences for the GDPR Staff Awareness E-learning Course.
Sep 24 2018
Why your organisation should consider outsourcing its DPO
Why your organisation should consider outsourcing its DPO
By Laura Downes
Since the EU’s GDPR (General Data Protection Regulation) came into effect in May 2018, demand for DPOs (data protection officers) has increased. The Regulation stipulates that certain organisations must appoint a DPO to support their GDPR compliance
Your organisation will need to appoint a DPO
- Is a public authority or body;
- Regularly and systematically monitors data subjects; or
- Processes special categories of data on a large scale.
The GDPR does not stipulate the level of experience a DPO must have, meaning some organisations might appoint an internal team member who does not have the experience or qualifications required, leaving them wide open to error.
Why you should consider outsourcing your DPO
Suitably skilled and experienced DPO candidates are hard to find. Outsourcing the role not only satisfies the requirements of the GDPR but also ensures your organisation is employing proper data handling and privacy policies. Furthermore, there is no conflict of interest between the DPO and other business activities.
An external DPO can work for your organisation on a fixed-fee or a per-hour basis. Signing up to a DPO service
DPO as a service (GDPR)
IT Governance’s annual subscription DPO service offers you hands-on support from one of our qualified DPOs, who will serve as independent data protection
- Review and advise on policies, procedures and documentation relating to the processing of personal data
;
- Oversee the establishment and maintenance of the personal data processing register;
- Advise on the necessity of DPIAs (data protection impact assessments
) and the manner of their implementation and outcomes;
- Provide guidance on data breach monitoring, management and reporting;
- Serve as the contact point for data protection authorities
for all data protection issues
;
- Provide advice and guidance on responses to privacy rights requests from individuals; and
- Monitor compliance with the GDPR
.
Find out more >>
« Previous Page — Next Page »
