Invite to discuss

Want posts & news about #governance on your wall?

Sign Up

governance

Posts
185
Experts
76
Views
57.5K
Shares
409
Upvotes
2.2K

Posts

Bally Kehal

The Cloud Security Landscape

This post is oriented towards BDMs, not security experts- like most of you, to help them choose and create the best possible agreement with CSP(s). (Just to give a little context.) The Cloud Security Landscape At this point, you’ve definitely heard of the cloud. Everyone, especially businesses, is talking about moving to the cloud, and their concerns about the cloud security landscape. Yo… Read more
1
1
Join the discussion...
Anthony Noblett CISSP, CISA, CGEIT, CRISC, CCSK
Good backgrounder on Cloud Security, the devil is in the details and articles on the details seem to be in short supply.

InfoGraphic: Cybersecurity Defined

InfoGraphic: Cybersecurity Defined Information Security Defined (for context and scoping clarification) The protection of Enterprise data, information, knowledge and wisdom (DIKW) in all formats, (audio, visual, digital, physical), at rest, during processing or transmission from the loss of confidentiality, integrity, and availability leading to unauthorized access, modification, destruction, denRead more
2
Start the discussion...
LukeAhmed

If You’re Studying For The CISSP, Watch These Movies

This is the full link: https://www.studynotesandtheory.com/single-post/If-You%E2%80%99re-Studying-For-The-CISSP-Watch-These-Movies I knew if I wanted to pass the CISSP the first time, I’d need to eat, sleep, dream, breathe the CISSP. Studying for the CISSP became a strong part of my everyday thinking. I’d wake up thinking about DRP/BCP, and I’d go to sleep thinking abo… Read more
5
8
Join the discussion...
Mark Stafford
The original U.K. version of the Italian Job where they hack into a traffic control system.
1
Liston Johnson MSc(Lon), MBCS, CISSP, GCFA, CIPM
Windtalkers for cryptography.
1
Sarah Clarke

OPINION: The role of automated data discovery in a GDPR programme

Do you have any online profiles or posts featuring those 4 magic characters: G D P R? If so, whether you are a business decision maker, IT body, security body, charity boss, employed data protection pro, or job seeking data protection pro (less and less likely), you are almost certainly drowning in a flood of golden bullety vendor pitches. BUT, underneath that increasing frustration, you are almo… Read more
2
2
Join the discussion...
Carlos García Ruiz
Moreover, Ms. Clarke post is excellent and put the stress on the nowadays need to reorder the processes controlling the acquisition of information, something daily and almost feverish in the world of big data. Congrats
Carlos García Ruiz
My mind is that it is quite strange that an organization didn't yet know which ones were personal data files had before the arrival of GDPR. From 90's all operating companies in Europe are compliant (or must be) with Privacy law and EU Directives. Then, the GDPR compliant effort would be focused on other issues more important than Article 30 requirements. In fact, the record of processi… Read more
Graham Joseph Penrose

Does legislation stifle innovation?

Does legislation stifle innovation? No. Why? Because it legislates in "catch up mode" mostly and on those rare occasions when the legislators do see something coming in advance (examples? I don't have any actually) - then they fail to implement the legislation or put in place checks and balances to monitor compliance. Legislators are better at legislating for the abuse of datRead more
3
5
Join the discussion...
mesbernard@gmail.com
When you consider the fact that legislation usually is created to control risks associated with a "leap frog" innovation event then the obvious answer is "YES!". Legislation goes on to stifle the ongoing creative process that led to the immediate evolution. A follow up question might be, "could legislation be designed to encourage future innovation?" … Read more
1
David Froud
My cynicism goes nowhere near as deep as yours, perhaps because I see this from an information security perspective, not so much a privacy/human right one, but I absolutely agree with "catch-up mode". What choice do they have? Vendors create something new and amazing, everyone want it, and by then it's too late to take it away. Governments regulate after the fact, and can onl… Read more
mesbernard@gmail.com

Information Risk Management 101 for Cybersecurity

Information Risk Management 101 for Cybersecurity Table of ContentsContents1.Purpose2.Scope3.Responsibility4.Definitions5.Description of Activity5.1. Work Tasks5.2. Sub-processes5.3. Workflow Waterfall processes5.4. Additional tasks5.5. Risk Assessment Worksheet5.6. Work Steps for completing the Risk Assessment Worksheet5.6.1. Identify Assets in Scope5.6.2. Identify Threat5.6.3. Identify Busines… Read more
9
15
Join the discussion...
Anthony Brooking
We need as an industry to get better at predicting cyber risk event likelihood and impact based on real world incident metrics like the insurance companies use for their products such as car and home insurance.
1
1
David T. Klein
In your experience, do you see risk/threat identification primarily arising out of risk management, INFOSEC, regulation, news headlines, CFO/COO, external auditors, process owners, process operators, red cell analysis, pre-mortem analysis, or some other place? Or is it typically a combination of these sources?
1