A Rash Of #InfoSec #Analogettes

Data Protection, Security, and the GDPR: Myths and misconceptions #2

30 Aug

Welcome back! This is a shamefully delayed sequel to my first instalment of security themed GDPR thoughts: Data Protection, Security, and the GDPR: A fraught and fuzzy relationship. Here I look back again over my pre-privacy IT and InfoSec career to spot things likely...

Where and to whom does the GDPR apply?

26 Apr

Yeah, I doubted my sanity going at this one too, but here I am, because working out whether or not the GDPR would apply in different practical and geographical circumstances is proving harder than it really should...for everyone. This regulation has been my almost...

Facebook and Cambridge Analytica – It’s Pandora’s box, it’s open, but it’s been open for a while

23 Mar

Anyone with any knowledge of the goings on in digital advertising, political campaign management, or (for that matter) military information operations, will have been utterly unsurprised by the news over the last few days. It's Pandora's box, it's open, but it's been...

Data Protection, Security, and the GDPR: A fuzzy and fraught relationship

7 Jan

There can be no security without data protection There can be no data protection without security Of course neither is true. These kind of click-baity absolutist positions are a pervasive internet blight designed to divert attention from critical detail to exploit and...

GDPR – You’ve analysed the gaps, but can you close them?

13 Oct

There is a critical gap for most firms: An inability to interpret and leverage gap analysis, data discovery, and mapping output to actually implement technical data processing change. This article is about the challenges most large firms are facing when trying...

GDPR – The Compliance Conundrum

28 Jul

There is one question related to the General Data Protection Regulation that will arguably cause more ulcers than any other: How much is enough? In some portions of the GDPR 'good' is straightforward. In many others we are asked to respect principles of fairness and...

Opinion: The role of automated data discovery in a GDPR programme

15 Jun

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you...

Cybersecurity to Privacy via the GDPR: A personal and professional journey

13 Oct

I’ve been lucky enough to have a pretty successful security career and gain a modest following for my writing. Mainly stuff about Information and Cybersecurity GRC (Governance, Risk, and Compliance). Gratifyingly, my Infospectives blog also received a fair few award...

Blockchains: Embedding Integrity (a.k.a Blockchain for beginners with an InfoSec twist)

5 Jan

Blockchains are tackling the 'I' in the holy InfoSec CIA trinity (Confidentiality, Integrity, and Availability, not the government agency), more simply and robustly than anything that's gone before. However they are also a source of banker panic,...

Women In InfoSec – GRCers more than hackers? If so, so what? Plus bigger cultural questions

9 Nov

Maria Korolov, writing for CIO Online, summarised key findings from (ISC)2's recent report on Women In Security. A report informed by the their 2015 Global Information Security Workforce Study. The standout figure? Only 10% of information security professionals are...

When Business Culture Eats Cybersecurity For Breakfast – Part One

30 Jul

A four-part story of budget cuts, blamestorming, breaches and massive bumps in the road to mature security. Wild Speculation & IT Transformation Do you remember Nick Leeson? On February 23rd 1995 he sent a fax telling bosses at Barings Bank he was ill and wanted...

Cyber Insurers Dictating Cybersecurity Standards?

2 Apr

A run down of the key challenges with choosing and using cyber insurance called out in the last few months. It looks entirely possible you will have 'adequate' security dictated by your insurers, so it is your job to understand the risk based yardstick they're using...

There Is No Such Thing As Information Security Risk

10 Oct

Having worked in IT and Information Security for 13 years, I've come to the conclusion that there is no such thing as information security risk. There are just business risks that have one or more security or IT related causes. There is a fundamental and persistent...

Harvesting Data From Social Media – A Can Of Data Protection & Privacy Worms?

20 Aug

NOTE: This is a previously unpublished draft. I had completely forgotten about it. I can only assume I felt jumpy for years about depth of some of my data protection knowledge, but it does rather make my subsequent specialisation in data protection less surprising....

We welcome the Children’s Commissioner report “Who knows what about me?” which shows how children’s data is routinely collected online. The report points out that children are among the first to be ‘datafied’ from birth, including policy and practice in schools, and comments on the datafication of children in the education sector; school databases, classroom…read the full article on the Defend Digital Me blog

Children’s Comissioner on concerning use of school children’s data

13 Nov

We welcome the Children’s Commissioner report "Who knows what about me?" which shows how children’s data is routinely collected online. The report points out that children are among the first to be ‘datafied’ from birth, including policy and practice in schools, and...

The IT Asset Disposal Vicious Cycle

26 Sep

Most retired equipment is ground up for minimal financial and recycling return... ...that model is financially, environmentally, and socially unsustainable. The way we all do business is changing. Increasing numbers of staff work flexibly and use their own kit....

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Home | About | Contact

A Rash Of #InfoSec #Analogettes

A tech-centric InfoSec strategy is like…

Collecting SIEM / Threat / Vulnerability data without business risk relevant analysis is like…

Breaches are like colds…

Incident response with no plan is like…

Most pentest reports are like…