On the face of it organisations were just made liable for nefarious data doings of any nasty individual they might have had the misfortune to employ…or nice employees who just mess up. […]
Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back […]
Confirm whether you are in or out of scope of the #GDPR and ask yourself why that’s important.
Anyone with any knowledge of the goings on in digital advertising, political campaign management, or (for that matter) military information operations, will have been utterly unsurprised by the news over the last […]
There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight […]
So you’ve found, sorted and mapped data, but can you implement required processing controls? #GDPR
There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR ‘good’ is […]
Automated Data Discovery – What’s the real #GDPR value-add? And have you got what it takes to realise it?
Lessons learned along the way and plans to help you avoid FUD provoked GDPR investment
Part of the Infospectives Diary Of An InfoSec Kid series. Originally written about the Kiddicare hack, but now 117 Million LinkedIn usernames and passwords have been found for sale on the darknet […]
Blockchains are tackling the ‘I’ in the holy InfoSec CIA trinity more simply and robustly than anything that’s gone before, but can we grasp this well enough to avoid expensive purchasing and security mistakes?
Maria Korolov, writing for CIO Online, summarised key findings from (ISC)2’s recent report on Women In Security. A report informed by the their 2015 Global Information Security Workforce Study. The standout figure? […]
Wild Speculation & IT Transformation – A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security.
It looks entirely possible you will have ‘adequate’ security dictated by your insurers, so it is your job to understand the risk based yardstick they’re using to define that
There is no such thing as Information Security risk. There are just business risks that have one or more security or IT related causes.
Mystifying online privacy policies, frenzied Facebook data harvests and the ‘right to be forgotten’. Can they work together and how easy is it for users and businesses to find the right side of the law?
We welcome the Children’s Commissioner report “Who knows what about me?” which shows how children’s data is routinely collected online. The report points out that children are among the first to be […]
I originally published this as a protected post because it needed a peer review and I wasn’t sure how widely I wanted to share. Replacing that with an inaugural podcast because so […]
Most retired equipment is ground up for minimal financial and recycling return… …that model is financially, environmentally, and socially unsustainable. The way we all do business is changing. Increasing numbers of staff […]
Dan Raywood kindly invited me to participate in an Infosecurity Magazine webinar on the eve of GDPR Day. Like most of the data protection and privacy crew who were on the radio, […]