Jan 27 2021

ISO Self Assessment Tools

Category: ISO 27k,Security ToolsDISC @ 3:49 pm

ISO Self assessment tools list includes but not limited to Privacy, ISO 27001, ISO 9001 and ISO 14001 & ISO/IEC 27701 2019 Standard and Toolkit

Tags: CPRA, Gap assessment tool, Information Privacy, ISO 14001, iso 27001, ISO 27001 2013 Gap Assessment, ISO 27701 Gap Analysis Tool, iso 9001, iso assessment, Security Risk Assessment


Nov 03 2020

Privacy-focused Brave browser grew over 130% in the past year

Category: Information Privacy,Web SecurityDISC @ 1:07 pm

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its ‘Stable’ version.

Source: Privacy-focused Brave browser grew over 130% in the past year



Brave Browser Review 2020: Should you make the switch?
httpv://www.youtube.com/watch?v=cQuTwpUFIXU&ab_channel=dottotech



Why you should download Brave Browser NOW!




Tags: data privacy, Information Privacy, loss of privacy


Apr 11 2019

Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi

Category: Wi-Fi SecurityDISC @ 2:06 pm

Public Wi-Fi is rife with security risks, and cybersecurity professionals aren’t taking any chances, according to a Lastline report.

Source: Half of security pros would rather walk barefoot in a public restroom than use public Wi-Fi

05 public wifi wi-fi


Enter your email address:

Delivered by FeedBurner




Tags: Information Privacy, PII security, Wi-Fi, wireless network security


Nov 15 2016

Encryption keeps you safe from malware

Category: data securityDISC @ 1:02 pm

 

Cryptographically secure pseudorandom number g...

Cryptographically secure pseudorandom number generator (Photo credit: Wikipedia)

The Electronic Frontier Foundation aims to protect Web traffic by encrypting the entire Internet using HTTPS. Chrome now puts a little warning marker in the Address Bar next to any non-secure HTTP address. Encryption is important, and not only for Web surfing. If you encrypt all of the sensitive documents on your desktop or laptop, a hacker or laptop thief won’t be able to steal your identity, or takeover your bank account, or perhaps steal your credit card information. To help you select an encryption product that’s right for your situation, we’ve rounded up a collection of current products.

 

Available Encryption Software to protect your information assets:

 

Folder Lock can lock access to files for quick, easy protection, and also keep them in encrypted lockers for serious protection. It combines a wide range of features with a bright, easy-to-use interface. Read the full review ››

 

Cypherix PC creates encrypted volumes for storing your sensitive files. Lock the volume and nobody can access the files. It does the job, though it lacks secure deletion. Read the full review ››

 

Cypherix SecureIT  handles the basic task of encrypting and decrypting files and folders in a workmanlike fashion, but it lacks advanced features offered by the competition.  Read the full review ››

 





Tags: data encryption, disk encryption and file encryption, encryption, Identity Theft, Information Privacy, privacy


Jul 21 2010

Data Breach and Legislation: What’s Coming Your Way?

Category: Information SecurityDISC @ 11:34 am
From wired: data breaches
Image by Agathe B via Flickr

Prepare now to prevent a ‘security breach’: 45 states and the District of Columbia have laws spelling out procedures when personal information has been … article from: New Hampshire Business Review

By David Scott

It’s rather interesting to monitor what’s happening in the UK right now. Data protection legislation is moving forward. And… business there supports data protection legislation.

A survey of 1200 businesses indicates that those businesses are concerned about the strength of laws: Nearly 50% feel that laws are weak and require revision, and 87% believe that organizations should be required to divulge breaches of sensitive content where information about the public is involved. [Source: Sophos].

Here in the U.S., I rather doubt business is keen on more legislative oversight. Generally speaking, I’m wary of new legislation – new laws must be thoroughly reviewed so as to guard against unintended – and negative – consequences, particularly where business is concerned. In today’s economy, we don’t want to impinge businesses’ opportunities for hearty conduct and growth.

However, I do like the breach notification idea. It serves a couple purposes that come readily to mind:

– Stakeholders (the public, customers, allied agencies…) are entitled to know about breaches that affect them, or ones that just have the potential to affect the general well-being of the business.

– Also, healthy exposure and just that potential help to motivate businesses in the currency of their ongoing security measures.

Particularly for small/medium business, and smaller government agencies such as those at county/municipality level: Do you have in-house security professionals who cast the horizon for new threats, with attendant posture of proactivity? And, do you have strong security partners in the form of advisors, vendors and allied security products?

How do readers of the Exchange feel about it? Would you welcome new legislation? Are you confident regarding data security in your organization?




Tags: Data, data breach, data security, Information Privacy, security legislation


Apr 02 2009

Cloud computing and security

Category: Cloud computingDISC @ 5:55 pm
File:Cloud comp architettura.png

https://commons.wikimedia.org/wiki/File:Cloud_comp_architettura.png

Cloud computing provide common business applications online that run from web browser and is comprised of virtual servers located over the internet. Main concern for security and privacy of user is who has access to their data at various cloud computing locations and what will happen if their data is exposed to an unauthorized user. Perhaps the bigger question is; can end user trust the service provider with their confidential and private data.

“Customers must demand transparency, avoiding vendors that refuse to provide detailed information on security programs. Ask questions related to the qualifications of policy makers, architects, coders and operators; risk-control processes and technical mechanisms; and the level of testing that’s been done to verify that service and control processes are functioning as intended, and that vendors can identify unanticipated vulnerabilities.”

Three categories of cloud computing technologies:

  • Infrastructure as a Service (IaaS)
  • Platform as a Service (PaaS)
  • Software as a Service (SaaS)

Cloud computing is offering lots of new services which increase the exposure and add new risk factors. Of course it depends on applications vulnerabilities which end up exposing data and cloud computing service provider transparent policies spelling out responsibilities which will increase end user trust. Cloud computing will eventually be used by criminals to gain their objectives. The transparent policies will help to sort out legal compliance issues and to decide if the responsibility of security breach lies on end user or service provider shoulders.

Complexities of cloud computing will introduce new risks and complexity is the enemy of security. The organizations and end users should be mindful of this security principle before introducing this new variable into their risk equation. As a consumer you need to watch out and research your potential risks before buying this service and consider getting a comprehensive security assessment from a neutral third party before committing to a cloud vendor.

Possible risks involved in cloud computing
Complete data segregation
Complete mediation
Separation of duties
Regulatory compliance (SOX, HIPAA, NIST, PCI)
User Access
Physical Location of data
Availability of data
Recovery of data
Investigative & forensic support
Viability and longevity of the provider
Economy of mechanism

Continue reading “Cloud computing and security”




Tags: Cloud computing, cloudcomputing, compliance, Computer security, iaas, IBM, Information Privacy, Infrastructure as a service, paas, Platform as a service, Policy, privacy, saas, Security, security assessment, Security Breach, Services