Link to the Powerpoint file:
Dearly beloved, we are gathered here today to discuss Information Security.
Join me around the campfire and let’s start…
Mandatory "who's this guy and what's all of this about" slides.
I decided to make the presentation available to the audience beforehand to allow every participant to follow the presentation at his own pace.
Also, please note the LEGAL DISCLAIMER as I was expressing my own opinions and not the ones of my employer.
Heard in 2002: “If you’re not paying for it, you’re the product” but what does it mean?
Link to Wall Street Journal article:
https://www.wsj.com/graphics/how-pizza-night-can-cost-more-in-data-than-dollars/
It all starts it a text message “Wanna come for pizza and a movie?”
Consider the Data provided vs. Data collected.
Just some highlights:
So… what can we do about it?...
Let’s take a step back….
"Passwords are like underwear: change them often and don’t show them in public."
I have a friend that ends up losing a credit card every 3 months or less J
The downside: she has to send new credit card data for every new actions, for every product ordered, for Netflix, for Android Pay, for Parking payments.
The upside: she gets a new card every 3 months which reduces the chances of exploit
But... does this make any sense?!
It’s pretty much the same we’re asking:
"Change often, has to be complex, 12 chars, 4 symbols, a drop of blood from your firstborn child and a tear of a unicorn."
And then we blame the user when things go wrong!
And if we’re really smart, really into these SECURITY stuff, we all know we should use 2 factor authentication.
Because SAFETY!!! Yes, at its all about safety, that will keep us safe, right?
Well, no, not really…
We have been nagging users about password for the last 20 years…
But it’s never the user password to be blamed for any significant data security breaches.
We must solve this:
The consequence is personal data abuse and society being controlled by The Others (Brexit, Trump, Bolsonaro)
Lets talk about management systems
Everyone can bake a cake at home
We can handle interruptions. We can handle supply issues. Most of the time it’s a one off. We are the client, no need to meet needs or expectations.
Very small IT footprint, maybe a computer running ERP / CRM / Excel / minimal website.
You now have procedures to handle raw materials when they arrive, laws to abide, periodic maintenance on machines, financial goals.
You’re working with a context, with shareholders, suppliers, clients, employees, neighbour, authorities…
You have to meet the needs and expectations of interested parties if you want to survive.
So we make plans.
Suddenly…
Your supplier changes, Your target clientele changes, Your raw materials are no longer available, You have to abide to different regulations, You want to move into a different market, Your country foolishly decides to leave the EU, Your employees die, You die.
Allow me to introduce you to some nice friends…
Deming and a lovely lady.
The PDCA/CI cycle.
Management systems: Not the hero we call for, but the hero we need.
That means, defining processes, monitoring, keeping tabs on what went wrong and what went right.
But its pays off every time.
Risk is positive and negative that can and will happen.
Is all about figuring out what can change, its impact and whether we wish to mitigate or reap the benefits.
The future, as we can see it
Robotized Cake Factory, very few people.
Confidentiality, Integrity, Availability
Access (physical/ user access management)
Operations (backup pentest, scan, logs)
Network protection
Secure software development (lifecycle) (plug the holes NIST OWASP framework libraries)
Well, no, not really.
We’ll look into a real world scenario… but first…
The ability to wing it, sometimes referred as one of the greatest Portuguese assets only provides a short term, sub-standard solution.
It will kill you in the long run.
Up until now, fines limited to 500k
Data breaches before and after GDPR
GDPR comes with a very loooong enforcing stick. Giving people’s rights even before they realise they have them.
Huge impact on data subjects rights. Humongous!
If you lose a dead hard disk stored in a drawer for the last 3 years, that’s a data breach
If tapes go up in flames, that’s a data breach.
You have to determine a justifiable data retention policy. And then abide by it.
When the user asks for the data back you must provide it. If you lost it (and didn’t report), you’re in trouble.
If you decide on a loan, your client has the right to know your profiling algorithms.
Scope: An American company creating a user account for a Japanese guy is within the scope of GDPR (because he’s in Slovenia)
Data minimisation. Collect only the information you need. GDPR killed the big data star.
Privacy by design. Look at your software development lifecycle and include GDPR compliancy on the earliest of stages.
When things go wrong you’re in trouble. YOU MUST ABIDE BY THESE RULES!
I’m just the messenger. You don’t have to agree we me. You can even say it’s just #ProjectFear…
But in the end, “Talk to the hand, because the judge is not listening.”
January 2019
"You can not say Information Security and Android in the same sentence with a straight face."
Who agrees with this? … It’s OK if you don’t agree with me.
The real world example with an iOS app:
Can you spot "Informed consent" on this picture?
Let’s look at the same app, developed in Xamarin, a cross platform environment...
HOUSE RULE: If you have the latest version you can shut up now and the reason is twofold: You’re still irrelevant (belong to the 3%) and that didn’t addressed the root cause.
This was a company very conscious on data privacy, they handle personal identifiable information and personal health information and have been managing for the last decades and have a quite impressive system.
What went wrong?
Requesting consent while installing, not when required.
Either you accept all of these or you don’t use the app.
Even Microsoft Office apps on Android ask for access to your phone call log, SMS content, information on machines on your corporate network. And these are high profile apps. What about low-grade, dodgy looking junk apps. Everyone’s guess.
Access to data without even hacking is the Android de facto standard.
Low visibility on what it really means
Low granularity. Fixed on the latest version? Yeah right…
Average age of operating system version is… 3.5 years and that includes 80% of devices.
By 2022 you’ll still have +30% of devices built upon a GDPR non-complaint philoshopy.
Explanation on “CONSENT” was buried on the Terms & Conditions….
.... on the Terms & Conditions….
.... on the Terms & Conditions….
.... on the Terms & Conditions….
We must fix this...
… "with a great power comes a great responsibility."
This is one of the most important blogs home security
ReplyDeletethat I have seen, keep it up!
Great Article
Deleteinformation security projects
Project Centers in Chennai
JavaScript Training in Chennai
Network Security Projects
JavaScript Training in Chennai
When i benefit your existing document. It might be top notch to examine everyone reveal with text throughout the coronary heart in conjunction with lucidity due to this vital difficulty may very well be easily viewed. idm crack
ReplyDeleteGreat slideshow, data backup solutions for small business are one of the major applications for information security policies.
ReplyDeleteThe accumulated onto your blog site despite the fact paying off acceptance just many tid little submits. Gratifying strategy for honest, I will be bookmarking before you start acquire merchandise realization spgs right in place. windows 8.1 activator
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteIm no expert, but I believe you just made an excellent point. You certainly fully understand what youre speaking about, and I can truly get behind that. keyword: idm crack
ReplyDeleteThis comment has been removed by the author.
ReplyDeleteThis is my first time i visit here. I found so many interesting stuff in your blog especially its discussion. From the tons of comments on your articles, I guess I am not the only one having all the enjoyment here keep up the good work idm crack
ReplyDeleteYes i am totally agreed with this article and i just want say that this article is very nice and very informative article.I will make sure to be reading your blog more. You made a good point but I can't help but wonder, what about the other side? !!!!!!Thanks latest pakistani news
ReplyDeleteHello! I simply would like to give you a huge thumbs up for your great information you have got here on this post. If you are facing cash app down problems then visit our website cash app customer service
ReplyDeleteHello My self fernando Halstead and i am from United states. If you have any problem with Garmin express visit our website and solve your problem. call us at - +1 844-902-0609
ReplyDeleteGarmin login
ReplyDeleteThanks for such a great post and the review, I am totally impressed! Keep stuff like this coming. Security Consulting
ReplyDeleteHey there! I simply would like to give you a big thumbs up for your great info you've got right here on this post. I'll be coming back to your web site for more soon.
ReplyDeleteLyrics of all the Hindi songs from movies and albums. In addition, we have the translations for these songs.
List are Here:
Song Lyrics
bollywood song lyrics
bhojpuri song lyrics
hindi song lyrics
haryanvi song lyrics
punjabi song lyrics
english song lyrics
ReplyDeleteI’m impressed, I have to admit. Rarely do I encounter a blog that’s both equally educative and amusing, and without a doubt, you have hit the nail on the head. Garmin express not working mac
The tone is so powerful and conceivable.
ReplyDeletenuclear explosion
Your style is very unique in comparison to other folks I've read stuff from. Thanks for posting when you've got the opportunity, Guess I will just book mark this blog. Roadrunner Email Settings
ReplyDeleteI am impressed. I don't think Ive met anyone who knows as much about this subject as you do. You are truly well informed and very intelligent. You wrote something that people could understand and made the subject intriguing for everyone. Really, great blog you have got here.
ReplyDeleteThankyou for sharing the data which is beneficial for me and others likewise to see. Aegean College
ReplyDeleteGreat survey, I'm sure you're getting a great response. cctv camera
ReplyDeleteThank you so much for this informative post. Roadrunner email problems
ReplyDeleteYour good knowledge and kindness in playing with all the pieces were very useful. I don’t know what I would have done if I had not encountered such a step like this.
ReplyDeleteCRM with Invoicing
If you as of now have contacts to showcase your new security monitor organization then you are on top of things.Retail Security guard
ReplyDeleteNo doubt this is an excellent post I got a lot of knowledge after reading good luck. Theme of blog is excellent there is almost everything to read, Brilliant post. online chatting websites
ReplyDeletebreach the security You make so many great points here that I read your article a couple of times. Your views are in accordance with my own for the most part. This is great content for your readers.
ReplyDeleteWhen your roof is in need of replacement you need to hire a pro. Our roofers are experienced in the process from the removal of the roof to the finish ensuring your home is clean and free of all debris roof repair greenville sc
ReplyDeleteA wave of our all-natural Lelu Soaps and bath products, treat yourself with your body submerged in our rich combinations of natural oils and butters. They are beneficial to the skin; revitalize your energy and help you achieve mental serenity. Made with all natural ingredients and 100% pure and natural additives and essential oils to soak into your skin and exfoliate and leave your skin feeling amazing!
ReplyDeletenatural handmade soap , natural soap bar , Vegan Bath Bomb , Lelu Bath Fizz Collection , clean beauty products , organic skincare
Prayer Unleashed is a ministry that focuses on the power of prayer
ReplyDeleteIntercessory prayer , Intercessor , breakthrough prayer
holistic health , Covid 19 prayer
spirituality vs religion , prayer for sickness , Prophetic prayer , healing prayer
Even though the average security guard in the USA makes a salary of less than $12.00 per hour (some much less), www.24response.com when a business adds up the total hours and all associated costs, the total cost of security officers can easily be one of the biggest security expenditures.
ReplyDeletearea 51 iptv
ReplyDeleteThe face of television has changed over the years. For decades, people had to deal with cable providers to deliver content to their TV sets. However, this model has been replaced by modern technology innovations. The game-changing services like Area 51 IPTV have entered the entertainment market to disrupt the traditional model once and for all.
Thank you very much for sharing this site here.
ReplyDeleteOutput Portal VST Crack
Adobe XD CC Crack
ijicrack
kore trak watch makes it easy to understand and monitor your health. A quick glance at your wrist and you will be able to track all your key vitals such as heart rate, steps taken, and calories burned.
ReplyDeleteThe no-fuss interface also allows you quickly to set up your workout with less planning so you can just focus on achieving your goals.
Keep the ball rolling you have done the great job here.
ReplyDeleteother
Bitcoin permits you to make exchanges without uncovering your character. However the framework works in plain general visibility. Anybody can see these exchanges which are recorded on the web. This straightforwardness can drive another trust in the economy. bitcoin mixer
ReplyDeleteidgod
ReplyDeleteOur product designs are high quality, effective, and combined with fast delivery and top-notch production system, make sure get your order faster. If you want get a high quality ID, IDGOD is trustworthy. We have over 50 Fake IDs.IDGOD has been the best fake id maker in the market for over 15 years. Order yours today!
We're Hollywoods elites best kept secret for spray tanning . Many popular celebrities have been spray tanned where the spray tan artists use our spray tan formulas. Our formulations or spray tan solutions and products are known to produce the most natural looking spray tans for over the last decade. We use the highest grade DHA in our products along with the finest skin care ingredients most being natural or organic. All of our products are safe for all skin types, not tested on animals and paraben free. We have trained over 300 professional spray tan artists most from USA but many have flown from other countries too to get VIP certified.
ReplyDeletefake tan ,
sunless tanning ,
sunless tan ,
self tanner ,
best self tanner ,
self tanning mousse ,
spray tan machines ,
maximist ,
norvell sunless
best online payment gatewayIPS allows businesses to accept payments in multiple ways, typically we provide debit or credit card machines. We are providing in-store and online payment solutions, Countertop terminals (debit machines), Long/Short Range Terminal, POS systems, ATM and Thermal paper rolls for debit machines and Credit Card Machines & Printers.
ReplyDeletecebanqq1.vip
ReplyDeletecebanqq merupakan situs judi online qq, poker online, dominoqq terpercaya
This Divi theme review for 2020 was written by a professional web design agency with 15 years of experience. Divi is a popular Wordpress theme with the best page builder available for Wordpress.
ReplyDeleteThe most important equipment a private investigator has available during the course of conducting surveillance is his mind and its esoteric components.
ReplyDeletelook here
find a job you love on Lensa! Search millions of jobs online and find companies who are hiring now on our new job board.
ReplyDeleteThe result of a game, competition or an uncertain event is called gambling. Gambling risk and profit prospects are very uncertain. The rules by which gambling games are played sometimes allow some players to manipulate the game to serve their own interests. So, it is important to have knowledge about the game.
ReplyDelete먹튀검증
사설토토
Legal problems can be incredibly stressful. During this challenging time, a dedicated and reliable attorney can make a significant difference in the outcome of your matter. If you're seeking legal guidance, I have the expertise that you need. Ferguson Law Group, LLC is focused solely on the needs of my clients. I provide professional and effective representation.
ReplyDeleteCar Accident Attorney Ferguson Law Group
Positive site, where did u come up with the information on this posting? I'm pleased I discovered it though, ill be checking back soon to find out what additional posts you include. فناوری اطلاعات
ReplyDeleteAwesome blog. I enjoyed reading your articles. This is truly a great read for me. I have bookmarked it and I am looking forward to reading new articles. Keep up the good work! https://pitchnotecreative.com/home-security-camera-computer-monitoring-technology-allows-you-to-remotely-check-your-property/
ReplyDeleteAdditionally, the electronic interface permits internet business dealers to watch that a request is inside reliable and that the request, receipt, and receipt coordinate. Through web based business, firms can move quite a bit of their client care on line with the goal that clients can get to information bases or manuals legitimately.Alfresco Training
ReplyDeleteCooking
ReplyDelete먹튀검증완벽한사이트저희먹튀커머스는 2016년 5월부터지금까지먹튀커머스를믿고방문해주시는유저분들을위해더이상먹튀없는공정한배팅문화를만들기위해서항상노력하고유저분들에소리에귀를기울리는 NO.1 먹튀검증커뮤니티입니다. 또한먹튀커머스에서는무분별한배팅사이트들을일방적으로추천하지않고철저한검수작업을토대로사전에먹튀사고가발생안되게끔유저분들에게추천하는만큼저희측에등록되어있는배팅사이트내에서혹여먹튀가발생한다면오로지그책임은저희먹튀커머스에있음을알려드립니다.먹튀검증
ReplyDelete안녕하세요먹튀잡고입니다먹튀, 먹튀검증의모든정보를제공하고있습니다항상저희먹튀잡고에방문해주시는배터여러분들에게감사드립니다. 저희먹튀잡고에서는배터여러분들에게다양한정보및소식들을드리고자항상최선을다하고있습니다혹여다른토토사이트이용하시기전에저희먹튀잡고에서진행하는인증업체를방문해주신다면 대단히감사하겠습니다. 저희먹튀잡고에서는추후발생할수도있는토토먹튀 에대해서 모든책임을지고있습니다. 요즘들어먹튀사이트가많이생겨나는 추세에배터님들자신의자산을안전히지키시길바라겠습니다. 이번에말씀드릴내용은해외에서운영하는사이트들과현지에서운영하는사이트들에대해서말씀드리고자합니다. 먹튀
ReplyDeleteDear Romanians,
ReplyDeleteThe Romanian Embassy in the United Kingdom of Great Britain and Northern Ireland reminds Romanian citizens who want to obtain resident status in this country that they have only one year left for registration.To date, over 3.6 million citizens of the European conomic Area have applied for SETTLED or PRE-SETTLED status and over 3.3 million citizens have received the new resident status. Don't forget to apply in the next period to protect your current right to live, work and study in the UK, without restrictions, if you want to stay in the UK and after 30 June 2021. Visit for more information
romani in uk
how to buy fake degree online, where to buy fake diploma? Can I get a fake diploma in USA.
ReplyDeletePurchase fake certificate online,
buy degree |fake degree| buy diploma|online degree|university transcript|fake diploma| provide MBA diploma, PHD diploma.with
Full color Ink Emblem, Embossed gold emblem, flat gold foil emblem,Raised putty ink actual state emblem, hologram.
buy fake degree from AUS university,buy bachelor degree,where to buy fake degree,Buy fake degree online from UK
buy fake diploma & degree & certificate, plz contact us
how to buy fake diploma online, where to buy fake diploma, purchase fake diploma,
obtain fake degree, order fake diploma online.
how to buy a fake degree online
Professional partner to improve and boost your Alexa or Google rank.
ReplyDeleteprofessional seo services
The yield delivered by PC security cameras varies relying on the camera. Security camera installation
ReplyDeleteHi there! Nice material, do keep me posted when you post something like this again! I will visit this blog leaps and bounds for more quality posts like it. Thanks... empresa de seguridad
ReplyDeleteAt RPD Limousine we are committed to delivering the best in class, taste, and distinction, all while making sure to take special care of you and leave you safe and satisfied. Whether you need to be taken home from the airport, get your guests to your wedding reception, have a night out with your closest friends, or you just want to get to where you’re going in style and comfort, we’re here to offer the BEST service, the very varied selection of transportation at the best possible, affordable prices.
ReplyDeleteRPD Limo Somerset County New Jersey NJ
Modest security cameras don't have these choices. Low-evaluated security cameras are the most ideal route for mortgage holders to shield their property without purchasing to significant security organizations. security camera tech support
ReplyDeleteGrammar is a writing assistant. Get clear, constructive writing advice wherever you work. We provide clear, constructive writing advice that works where you work, enabling better understanding between people. Our products can help you with grammar, spelling, punctuation, brevity, clarity, readability and much more. Improve any text easily. Fix punctuation errors. Quickly find and add sources. Exclude grammar errors.
ReplyDeletebest app for writers
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon. Big thanks for the useful info. ip camera
ReplyDeleteThis is also a very good post which I really enjoyed reading. It is not every day that I have the possibility to see something like this.. 먹튀검증
ReplyDeleteExcellent article. Very interesting to read.Thanks!
ReplyDeleteAt Budget Boat Things we stock and ship a wide variety of boat parts, electronics, and accessories from the United States. We stock trusted known brands and ship directly from our 2 warehouses in the USA. We strive to always keep our prices low and affordable. We pride ourselves on our competitive prices and excellent customer service. In this blog, we will answer some frequently asked questions and supply you with a list of things you need to look for when buying a used boat; this list will give you a good idea of red flags to look out for.
best quality boats parts