Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back […]
Confirm whether you are in or out of scope of the #GDPR and ask yourself why that’s important.
Anyone with any knowledge of the goings on in digital advertising, political campaign management, or (for that matter) military information operations, will have been utterly unsurprised by the news over the last […]
There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight […]
So you’ve found, sorted and mapped data, but can you implement required processing controls? #GDPR
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR ‘good’ is […]
Automated Data Discovery – What’s the real #GDPR value-add? And have you got what it takes to realise it?
Lessons learned along the way and plans to help you avoid FUD provoked GDPR investment
Part of the Infospectives Diary Of An InfoSec Kid series. Originally written about the Kiddicare hack, but now 117 Million LinkedIn usernames and passwords have been found for sale on the darknet […]
Blockchains are tackling the ‘I’ in the holy InfoSec CIA trinity more simply and robustly than anything that’s gone before, but can we grasp this well enough to avoid expensive purchasing and security mistakes?
Maria Korolov, writing for CIO Online, summarised key findings from (ISC)2’s recent report on Women In Security. A report informed by the their 2015 Global Information Security Workforce Study. The standout figure? […]
Wild Speculation & IT Transformation – A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security.
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.
Mystifying online privacy policies, frenzied Facebook data harvests and the ‘right to be forgotten’. Can they work together and how easy is it for users and businesses to find the right side of the law?
Dan Raywood kindly invited me to participate in an Infosecurity Magazine webinar on the eve of GDPR Day. Like most of the data protection and privacy crew who were on the radio, […]
It’s been brought to my attention today, partly by @MissIG_Geek and partly by @BekiHill of The Register, that the gdpr-info.eu site, recommended to me by a trusted associate as a searchable version […]
What if Jerry Bruckheimer and Michael Moore decided to collaborate on a data protection themed film? A tongue in cheekish post attempting to answer that question