čtvrtek 16. listopadu 2017

Why your printer could be your GDPR blindspot

Na portálu "itpro.co.uk" byl publikován článek na téma "Why your printer could be your GDPR blindspot".
Plné znění článku najdete na adrese: http://tinyurl.com/y74anzjm

Cituji vybrané části textu:
"Industries of all types have already started shoring up their defences and reshaping the way they handle data, yet all that hard work is likely to be undone by something as seemingly innocuous as a printer."
"Print security obligations under GDPR remain one of the most misunderstood areas of the new regulations, potentially creating a blind spot that could not only lead to a data breach, but also substantial fines for non-compliance."
"As with any device that's connected to the internet, MFPs are susceptible to unwanted snooping. Without effective security protocols, unauthorised users are able to gain access to a printing network and any document that has been sent to a machine. What's more, most machines also make use of facilities such as scan to email, scan to cloud, or scan to internal storage, which could all be compromised to either steal sensitive data in bulk, or reroute future correspondence to external addresses."
"Maintaining the security of an MFP network is a daunting task. The sheer number of potential weak spots on your system, not to mention the various differences that exist between printer brands, makes performing regular manual checks for vulnerabilities unfeasible."
"As with other IoT devices, there are tools available that provide a complete overview of your system, and cut down on a lot of the hard work."

středa 15. listopadu 2017

Will AI Change the Role of Cybersecurity?

Tami Casey vystavil na portálu "IMPERVA" článek s názvem "Will AI Change the Role of Cybersecurity?
Plné znění článku najdete na adrese:
https://www.imperva.com/blog/2017/11/will-ai-change-the-role-of-cybersecurity/
Cituji vybrané části textu:
"Mention artificial intelligence (AI) and security and a lot of people think of Skynet from The Terminator movies. Sure enough, at a recent Bay Area Cyber Security Meetup group panel on AI and machine learning, it was moderator Alan Zeichick – technology analyst, journalist and speaker – who first brought it up. But that wasn’t the only lively discussion during the panel, which focused on AI and cybersecurity."
"I found two areas of discussion particularly interesting, which drew varying opinions from the panelists. One, around the topic of AI eliminating jobs and thoughts on how AI may change a security practitioner’s job, and two, about the possibility that AI could be misused or perhaps used by malicious actors with unintended negative consequences."
Dvě kapitoly:
- Artificial Intelligence Eliminating Jobs?
- AI and Malicious Misuse
Cituji závěr článku:
"The difference between a good data scientist and an awesome data scientist is orders of magnitude different in terms of where they can take this technology.  But not to fear, humans will be highly involved in the development of these systems for quite some time."

úterý 14. listopadu 2017

CCTV, the GDPR and the third wave of Data Privacy Regulation

Andrew Charlesworth, Reader in IT Law, University of Bristol, opublikoval na portálu "Cloudview", White Paper 2017:
"CCTV, the GDPR and the third wave of Data Privacy Regulation"
Článek najdete na adrese:
http://www.cloudview.co/whitepapers/watchingthewatchers
A Cloudview white paper 2017: "Watching Watchers"
CCTV, the GDPR and the third wave of Data Privacy Regulation
Cituji úvod článku:

"The CCTV industry has, almost from its inception, been portrayed in popular culture as the unoffcial face of unaccountable surveillance overreach and invasion of privacy.This position has been cemented by a popular perception of a lack of transparency and public engagement on the part of its users. More recently, it has become the unwilling poster child for the hazards of engaging with the Internet of ThingsThe General Data Protection Regulation (GDPR) thus provides a welcome opportunity for the CCTV industry and its users to tackle this negative image head-on."

CCTV Users at 'Risk of Breaching GDPR'

Michael Hill, Deputy Editor , vystavil na portálu "Infosecurity-magazine" článek: "CCTV Users at 'Risk of Breaching GDPR".
Plné znění najdete na adrese:
https://www.infosecurity-magazine.com/news/cctv-users-at-risk-of-breaching/
Cituji vybrané části textu:
"Organizations that use CCTV systems could be putting themselves at risk of breaching GDPR data protection and privacy requirements by failing to understand how the forthcoming regulations cover the collection of visual data."...
" ...the fact that because there has been little regulation governing CCTV systems (until now) there is a danger that users will fall short in their obligations to ensure safe usage under GDPR, which comes into force in just six months." ....
“The good news is that the GDPR gives CCTV users an opportunity to tackle what is often a negative image and take the lead in demonstrating accountability and privacy protection. They can also use new technologies such as cloud, which enables them to meet the new regulations while improving data accessibility and security.”

neděle 12. listopadu 2017

Do You Know Where Your Data Is?

Na portálu "infoworld.com", na stránce: http://tinyurl.com/y8v35wk4
najdete odkaz na eBook, věnovaný tématu z titulku ( viz níže ).
Cituji z úvodní stránky:
"Do You Know Where Your Data Is? Three Common Data Management Problems & How to Fix Them"
"Knowing the location of your data plays a crucial role with keeping it secure. When you find yourself jumping through hoops in order to protect, monitor, or report on your data, then you're not getting the most out of your IT infrastructure. Is your current IT infrastructure helping you--or hurting you?"
Po registraci se dostanete na stránku eBooku od firmy "Globalscape".
Cituji:
"In this eBook from Globalscape, you will learn:
- Three common IT infrastructure challenges that can interfere with data management
- The consequences of these common obstacles
- Strategies and tools to put security, compliance, and efficiency at the forefront."
Přímá adresa eBooku je:
http://dynamic.globalscape.com/files/data-management-strategies.pdf
Cituji z Whitepaperu:
"Your IT infrastructure can be severely weakened when core IT requirements
are not being met. If you don’t know where your data is at all times, then your
IT infrastructure is getting in your way. An agile, efficient, secure, and
compliant IT infrastructure provides operational visibility, control, and governance." 
"Legacy or homegrown systems, disparate applications and systems, and shadow IT interf"Is your current IT infrastructure helping you—or hurting you? "
eres with the secure and efficient management of your data and IT infrastructure."
"Three common IT infrastructures that lack the optimal level of data management and can adversely affect your security, compliance, and efficiency goals include the following: 
1. Legacy and homegrown data exchange systems
When an old or homegrown data exchange system slows down your business growth

2. Disparate applications and systems
When you have multiple systems or applications moving your data, leaving you lacking a single platform to manage, protect, and track your data movement 
3. Shadow IT
When employees use unsanctioned applications and tools that limit IT control or governance, and in turn expose an organization to security vulnerabilities."
"Getting ahead of these common IT infrastructure challenges will require a proactive data management strategy that enables full operational visibility, control, and governance over your data exchange environment. With the right data management strategy and tools in place, security, compliance and efficiency will always be at the forefront. "
"How to Get Out of Your Own Way with a Data Management Strategy
Three Common IT Infrastructure Challenges that Get in the Way..."
"How Can You Prevent the Increased Shadow IT Costs?
Four Signs that Shadow IT is a Problem. What are the Red Flags? ....".
"How to Get Ahead of Shadow IT:
- Evaluate Existing Processes
- Communicate with Employees
- Keep it Simple
Další text se věnuje dílčím tématům:
- The Ultimate Data Transfer Headache
- Failed Data Transfers Interfere with Daily Business Operations
- What Happens When Data Transfers Fail
- data loss
- data transfer interseption
- Missed SLAs
- Lost Revenue 
- Data Corruption
- Fines Due to Non-Compliance."
MFT to the Rescue
The managed file transfer (MFT) technology enables organizations to securely and efficiently move data within the IT infrastructure and between systems. More robust than the insecure FTP server, MFT is a powerful and secure solution that can move a high volume of data and a complex set of workflows. 
- Overcome Data
Transfer Challenges with a MFT Solution 
The challenges that follow legacy or homegrown file transfer systems, disparate systems and applications, and shadow IT require an advanced data management solution that is inherent in a MFT technology."
Na závěr eBooku je zařazena informace o sw produktu, který výše uvedené aktivity podporuje.
"Enhanced File Transfer™ (EFT™) is Globalscape’s award-winning MFT platform that was designed to manage data transparently, efficiently, and within the parameters of control and accessibility that you require. 
EFT provides enterprise-level security for collaboration with business partners, customers, and employees, while automating the integration of back-end systems."

The Evolution of Managed Security Services

Článek na dané téma byl publikován firmou "Tata Communications".
Plné znění článku s odkazem na PDF verzi Whitepaperu:
http://tinyurl.com/ydb8lo6k
Cituji z článku:

"Managed security services initially came into the market under the garb of consulting and started taking off because it helped organizations bring in some measurability, says Avinash Prasad, vice president and head of the managed security services business at Tata Communications.
"The on-premises model was the norm and MSSPs were sought after for cost saving and service visibility," he says.
But the objectives with the emerging security-as-a-service model are different, Prasad says. The model, for example, helps distributed organizations, formed through mergers and acquisitions, scale to meet their growing needs.
Read this whitepaper to learn about:
The early days of managed security services;
Traction and challenges for the security-as-a-service model;
How security-as-a-service could be as important to security as the cloud was to IT operations.
Prasad heads the business area of managed security services globally for Tata Communications. He has a multi-functional focus on customer management, practice and solution development, business development, innovation and partnership. He previously served in leadership roles at Wipro and Infosys."
Odkaz na Whitepaperhttp://tinyurl.com/ybcbnk3n
Název: THE EVOLUTION OF MANAGED SECURITY SERVICES
"Insights from Tata Communications’ Avinash Prasad on where he sees the security-as-a-service market heading from a global perspective."

sobota 11. listopadu 2017

Protecting Web Applications in the World of GDPR

Článek na téma "Protecting Web Applications in the World of GDPR" je vystaven na portálu "SolarWinds MSP", konkrétně na adrese:
https://www.solarwindsmsp.com/blog/protecting-web-applications-world-gdpr
Cituji vybrané části textu:
"Businesses have embraced both the creation and use of web services and web applications at an astronomical rate. But as many companies—most recently Equifax®—have found out, protecting web services and web applications is serious business. In the case of Equifax, the failure to patch a known vulnerability in the Apache® Struts Framework led to a major data breach. If the Global Data Protection Regulation (GDPR) was already in effect, they could have faced severe repercussions for not notifying both the regulatory authorities and the data subjects within the 72-hour deadline.
It’s not unreasonable to suggest that web services are the weakest technological link in the struggle against cybercriminals. Web applications and web services are vulnerable to customer account compromise from poor user behaviour or even complete compromise due to technical flaws or weak administrative passwords. Given the mandates of GDPR to protect data subjects’ personal data, a webserver hosted by a business could present a clear and present danger of a data breach. What follows is an analysis of how website owners are responding to the danger of presenting an open portal of personal data to the internet. And if your business develops web applications, you may want to implement some of these techniques."
"To improve your application security, try building logic into your authentication process that answers the following questions: 
- Is the browser connecting up to date?
- Where is the connection coming from?
- Has the IP address connected before?
- Has the device connecting accessed the service before?
- Has the account been compromised?
- Has the account been hijacked?
- Has the user enabled multifactor or two-factor authentication (MFA, 2FA)?
Protecting Customer Data within Your Web Applications
Due to the rising threat of account compromises via web services, many website owners are building systems to ensure legitimate users and administrative users are protected. And with the increased responsibilities of organizations under GDPR, the stakes are even higher when it comes to web application security. As a website owner, you must do your best to safeguard your customers from fraudulent logins if you want to avoid a potentially severe data breach and penalties under the GDPR (and to make your sure your customers are safe).

Aktuální, doplněná a upravená verze GDPR

General Data Protection Regulation – Final legal text of the EU GDPR. The official PDF and its recitals as a neatly arranged website.
Aktuální, doplněná a upravená verze GDPR je vystavena ve speciální formě na adrese: https://gdpr-info.eu
Text je uveden slovy:
"Welcome to gdpr-info.eu. Here you can find the official PDF of the Regulation (EU) 2016/679 (General Data Protection Regulation) as a neatly arranged website. All Articles of the GDPR are linked with suitable recitals. The European Data Protection Regulation will be applicable as of May 25th, 2018 in all member states to harmonize data privacy laws across Europe. If you find the page useful, feel free to support us by sharing the project."

čtvrtek 9. listopadu 2017

GDPR příručka HKČR

Hospodářská komora ČR vydala příručku ke GDPR.
Najdete ji ke stažení na adrese:
https://www.komora.cz/wp-content/uploads/2017/06/PriruckaGDPR_final.pdf

Eurokomisařka Jourová slíbila podnikatelům podporu při zavádění GDPR

O příslibu podpory informovali "Parlamentní listy" 9. 11. 2017.
Úplný text najdete na adrese: http://tinyurl.com/ydxq64uo
Cituji z textu zprávy:
"Informační kampaň Hospodářské komory zvyšující povědomí podnikatelů o nových povinnostech v oblasti ochrany osobních údajů, které zavádí evropské nařízení GDPR, podpoří také eurokomisařka Věra Jourová. Uvedl to dnes prezident Hospodářské komory Vladimír Dlouhý po jejich společném jednání na půdě Evropské komise."
"Dlouhý uvedl, že ani příručky ale nenahradí školení, která musí podnikatelé a jejich zaměstnanci pracující s osobními údaji absolvovat, aby novému nařízení vyhověli."
"Hospodářská komora rovněž usiluje o to, aby dozorový orgán Úřad pro ochranu osobních údajů při kontrolách postupoval zdrženlivě. Podle Hospodářské komory by úřad alespoň ze začátku měl na možné pochybení při zpracování osobních údajů podnikatele jen upozorňovat, než rovnou sankcionovat."

středa 8. listopadu 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017

Critical Capabilities for Enterprise Data Loss Prevention 2017
Gartner 2017 Critical Capabilities Report
Published: 10 April 2017 - Brian Reed, Deborah Kish
Odkaz na Report je na portálu Forcepoint.com na adrese: http://tinyurl.com/ycqlo884
Original Repport: je na adrese:
https://www.gartner.com/doc/reprints?id=1-3XN7WNP&ct=170410&st=sb

INDUSTRY ANALYST REPORT
According to Gartner: “Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities." *
Cituji z textu Reportu:
"Summary
Security and risk management leaders deploy enterprise DLP for three major use cases: regulatory compliance, intellectual property protection and visibility into how users handle sensitive data. This research evaluates DLP products for the three use cases, derived from nine critical capabilities."
"Key Findings
- Enterprise data loss prevention (DLP) has become a key piece of a broader data life cycle process supported by technology, as opposed to DLP simply being another technology buying decision."
- Any regulatory compliance requirements beyond the most basic of use cases are better addressed through the unified workflow of enterprise DLP products.
- Enterprise DLP is typically adopted for intellectual property protection, particularly in large multinational organizations.
- Data visibility and monitoring observed by enterprise DLP products alone do not convey who the riskiest users are in an organization."
Recommendations
- Security and risk management leaders responsible for data security must:
- Engage and involve business units and data owners to improve the odds of success of a DLP deployment.
- Start with data in use at the endpoint for DLP initiatives driven by intellectual property (IP) protection, then implement advanced detection features, such as image analysis, machine-learning and other data-matching techniques.
- Deploy data in motion (such as network DLP on outbound email) for DLP initiatives driven by regulatory compliance to meet the requirements for the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA) and other compliance standards.
- Select DLP vendors with strong integrations with complementary data security technologies, such as data classification, user and entity behavior analytics, cloud access security brokers, and incident response and forensics products, to fill in technology gaps."

úterý 7. listopadu 2017

6 impacts of GDPR on organizations that store data in the cloud

6 impacts of GDPR on organizations that store data in the cloud
By Cristopher Burge - a cloud computing enthusiast and content editor at CloudStorageAdvice.
Published 02. 11. 2017, information-management.com
Článek najdete na adrese: http://tinyurl.com/y7fqoqcp
Cituji z textu článku:
"The General Data Protection Regulation refers to a platform where the European Parliament, European Commission, and Council of the European Union intend to unify and strengthen data protection for persons within the European Union. It addresses the transfer of personal information outside the EU".

"The GDPR aims at bringing together the EU regulation to simplify the governing environment for international business. It also gives residents control over their data."
"Companies that store data in the cloud will experience stronger restrictions relating to how they access and use information under the new regulation. EU residents, on the other hand, will gain several rights concerning personal data. Outlined below are six GDPR changes:
1. Personal Data Definition is Stricter
2. Data Minimization Principles
3. Enhanced Individuals’ Rights
4. Data Breach Notification
5. Increased Accountability
6. Stricter Consent Procedures
"All questions from a company to an individual asking them to grant the organization permission to collect, process, and store personal details ought to be presented clearly. "
"The new regulation applies to every entity that monitors or processes personal information of EU citizens across the universe."


pondělí 6. listopadu 2017

Konference: CyberSecurity 2017

Konference: CyberSecurity 2017
Termín konference: 14. 11. 2017 
Místo konání: Praha 4, Konferenční centrum City
Webová adresa konference:
https://eventworld.cz/akce/cyber-security-2017-II-116/pozvanka-cyber-security-2017-II
Odborná konference pod záštitou ministra obrany MgA. Martina Stropnického, zaměřená na kybernetickou bezpečnost v době legislativních změn, cloudu a IoT. Je určena IT profesionálům pracujícím ve firemním sektoru, státní správě nebo samosprávě, specialistům z oblasti finančnictví, průmyslu a všem, kteří chtějí získat rozšířenou představu o aktuálních bezpečnostních problémech a rizicích v IT spolu s možnostmi efektivní cesty ke snížení těchto rizik.
Témata
- Dopady legislativních změn na ochranu dat v českých organizací a jejich spolupráci s externími dodavateli a poskytovateli služeb.
- Aktuální kybernetické hrozby na českém trhu – poučte management a upozorněte na rizika ty, kdo ponesou následky.
- Nástup digitální transformace: tlak cloudu, mobility a IoT na zabezpečení sítě i koncových bodů. Je větší bezpečnostní riziko zaměstnanec nebo útočník?
- Až na vás přijde řada: Je důležitější prevence útoku nebo reakce na incident? Monitoring a SIEM v hlavní roli.
- Všechna témata doplní vybrané bezpečnostní technologie, které se umí přizpůsobit měnícím se požadavkům organizací i stavu jejich IT infrastruktury.

sobota 4. listopadu 2017

GDPR: The role of technology in data compliance

GDPR: The role of technology in data compliance
31 Oct 17 | Author Clark Boyd | Data & Analytics Marketing Technology
Článek najdete na adrese:

https://www.clickz.com/gdpr-the-role-of-technology-in-data-compliance/113865/
Cituji vybrané části textu:- "2% of US-based multinationals see the GDPR as their top data security priority over the next 12 months with 77% of businesses planning to spend over $1 million on GDPR compliance efforts. Here we look at some of the ways in which technology can help streamline this process and explain some of the opportunities presented by getting your ducks in a row."
- "With the European Union General Data Protection Regulation (EU GDPR) due to come into full effect on 25 May 2018, the onus is on compliance efforts for businesses worldwide. Over 90% of US businesses see this as their top data security priority over the next year, and technology will be the defining factor in their attempts to abide by the new rules."
- "We should, therefore, view technology as either an enabler of transparency and compliance, when used effectively; or as a costly hindrance to progress, when used without care."
- "With so many international businesses spending significant sums to get their house in order, a new technology market has started to develop. Software providers are launching new products to help international businesses with compliance efforts, and also to validate their progress.
- Using technology to audit personal data
It is essential to understand the separate roles of data controllers and data processors if we are to get to the heart of this question.
Technology will play a key role in gaining the single view on every customer that companies will need.
- Using technology to collect personal data
- Using technology to protect personal data
- Key takeaways"
-"This begins by using technology to assess the following four areas:
Audit: Gain a clear understanding of where all of your data resides and bring this together into a single view of each customer.
Capture: Use a platform to help standardize your consent forms and capture the ensuing data in a compliant fashion.
Process: Encrypt sensitive information to ensure that in the event of a data breach, no useful data is stolen.
Monitor: Utilize a dashboard to monitor your progress and set up automated alerts so you can act quickly if there are issues.

Nařízení o ePrivacy jako doplněk k GDPR

Nařízení o ePrivacy jako doplněk k GDPR
3. 11. 2017 15:51
Článek najdete na portálu: parlamentnilisty.cz
konkrétně na adresehttp://tinyurl.com/yc2az5db
Důležitý krok k vysoké úrovni ochrany soukromí při využívání elektronických komunikací udělal Evropský parlament. Na konci října totiž schválil nařízení o respektování soukromého života a ochrany osobních údajů v elektronických komunikacích - ePrivacy.
Novinkou je podrubrika Otázky a odpovědi k GDPR, ve které Úřad zveřejnil nejčastější otázky k Obecnému nařízení, na které je dotazován. Základní příručka k GDPR, která byla upravena, pak obsahuje přehled základních pojmů a informací vztahující se k Obecnému nařízení.
„Podrubrika Otázky a odpovědi k GDPR bude nadále rozšiřována. V současné chvíli osahuje témata jako je certifikace, vydávání osvědčení, kodexy chování pro veřejnou správu, porušení zabezpečení osobních údajů, posouzení vlivu na ochranu osobních údajů, pověřenec pro ochranu osobních údajů, práva subjektu údajů, právní důvody zpracování a sociální služby,“ informoval mluvčí Úřadu Tomáš Paták.
Ostatní původní rubriky GDPR a role ÚOOÚ, Dokumenty k GDPR a Pracovní skupina WP29 zůstaly zachovány.