π΄ Adobe Issues Emergency Patch Following December Miss π΄
π Read
via "Dark Reading: ".
The company released an out-of-band update to head off vulnerabilities exposed in Acrobat and Reader, one of which had been patched by the company in December.π Read
via "Dark Reading: ".
Dark Reading
Adobe Issues Emergency Patch Following December Miss
The company released an out-of-band update to head off vulnerabilities exposed in Acrobat and Reader, one of which had been patched by the company in December.
π LikeWars: How business leaders can prepare for this growing threat π
π Read
via "Security on TechRepublic".
Authors of the book LikeWar detail how social media can be weaponized. Read the questions they recommend business leaders ask and answer in preparation for a LikeWar.π Read
via "Security on TechRepublic".
TechRepublic
LikeWars: How business leaders can prepare for this growing threat
Authors of the book LikeWar detail how social media can be weaponized. Read the questions they recommend business leaders ask and answer in preparation for a LikeWar.
<b>π³ Benchmarking GDPR Privacy Operations β New IAPP / TrustArc research report reveals how companies are managing compliance (DPIAs) π³</b>
<code>MediaMediaIn partnership with the IAPP, TrustArc recently completed a Survey on Privacy Program Metrics, which looked to establish some baseline metrics by which privacy programs around the world can benchmark themselves. The survey contained 27 questions, including demographic questions, and a total of 496 people took the survey.
Some sample questions we set out to answer with the survey were: How many business processes are organizations mapping? How many reports are they creating in order to comply with Article 30 of the EU General Data Protection Regulation? How many privacy or data protection impact assessments are necessary? How many incidents rise to the level of breach reporting? Are people being overwhelmed by subject access requests?
The largest group of respondents works in the U.S. (39 percent), followed by the European Union, excluding the U.K. (32 percent), the U.K. (12 percent), and Canada (8 percent). Respondents were evenly distributed throughout the range of company sizes, with organizations that employ 25,001 people or more representing 25 percent of survey respondents, followed next by organizations that employ 1-250 people (23 percent).
In this 4 part blog post series we are sharing highlights on the following key takeaways from the report:
Data inventory is becoming a standard privacy management practice Published 12/5/2018DPIAs are the most common type of privacy assessmentsIndividual rights / data subject access rights (DSAR) requests impacting most organizationsData breach notification requirements impacting larger companiesOur last post in this series discussed how data inventory is becoming a standard privacy management practice; in this post we will show that DPIAs are the most common type of privacy assessments.
MediaMany privacy regulations β and the GDPR in particular β take a risk-based approach to data protection. And, of course, risk lurks throughout the data processing life cycle.
While privacy impact assessments, often called data protection impact assessments in the EU, have long been integral parts of effective privacy programs, DPIAs are now legally required in some circumstances by the EU GDPR, which has brought focus to the spectrum of impact assessments, from initial impact assessments and targeted assessments against certain frameworks all the way to formal DPIAs delivered to EU data protection authorities.
Thus, we explored with respondents the types of privacy assessments their organizations currently conduct. A list of 11 different types of assessments, from which respondents could select multiple answers, as well as an open-ended βOtherβ answer choice, were presented.
The results showed that DPIAs were the most common privacy assessment, with 60 percent of respondents reporting that they conduct them. Privacy Impact Assessments (PIAs) were also conducted by about half (48 percent) of respondents.
For those organizations not completing DPIAs, the most common reason was because that organization felt it did not engage in high-risk processing activities.MediaSolution: TrustArc Assessment Manager
MediaAssessment Manager streamlines the end to end assessment process following the proven TrustArc methodology developed and refined through thousands of engagements. Identify gaps, record risks, manage tasks, maintain comprehensive audit trails, and produce compliance reports to meet GDPR Article 35 DPIA, Vendor Risk, International Data Transfer and other regulatory requirements.
The assessments, including the DPIA assessment, are powered by intelligent content and leverage built in logic and automated risk scoring. Skip logic functionality, as well as configurable compliance expressions, enable systematic identification of noncompliant answers and recommendations on how to remediate potential issues.
TrustArc also has a large team of expert consultantsβ¦
<code>MediaMediaIn partnership with the IAPP, TrustArc recently completed a Survey on Privacy Program Metrics, which looked to establish some baseline metrics by which privacy programs around the world can benchmark themselves. The survey contained 27 questions, including demographic questions, and a total of 496 people took the survey.
Some sample questions we set out to answer with the survey were: How many business processes are organizations mapping? How many reports are they creating in order to comply with Article 30 of the EU General Data Protection Regulation? How many privacy or data protection impact assessments are necessary? How many incidents rise to the level of breach reporting? Are people being overwhelmed by subject access requests?
The largest group of respondents works in the U.S. (39 percent), followed by the European Union, excluding the U.K. (32 percent), the U.K. (12 percent), and Canada (8 percent). Respondents were evenly distributed throughout the range of company sizes, with organizations that employ 25,001 people or more representing 25 percent of survey respondents, followed next by organizations that employ 1-250 people (23 percent).
In this 4 part blog post series we are sharing highlights on the following key takeaways from the report:
Data inventory is becoming a standard privacy management practice Published 12/5/2018DPIAs are the most common type of privacy assessmentsIndividual rights / data subject access rights (DSAR) requests impacting most organizationsData breach notification requirements impacting larger companiesOur last post in this series discussed how data inventory is becoming a standard privacy management practice; in this post we will show that DPIAs are the most common type of privacy assessments.
MediaMany privacy regulations β and the GDPR in particular β take a risk-based approach to data protection. And, of course, risk lurks throughout the data processing life cycle.
While privacy impact assessments, often called data protection impact assessments in the EU, have long been integral parts of effective privacy programs, DPIAs are now legally required in some circumstances by the EU GDPR, which has brought focus to the spectrum of impact assessments, from initial impact assessments and targeted assessments against certain frameworks all the way to formal DPIAs delivered to EU data protection authorities.
Thus, we explored with respondents the types of privacy assessments their organizations currently conduct. A list of 11 different types of assessments, from which respondents could select multiple answers, as well as an open-ended βOtherβ answer choice, were presented.
The results showed that DPIAs were the most common privacy assessment, with 60 percent of respondents reporting that they conduct them. Privacy Impact Assessments (PIAs) were also conducted by about half (48 percent) of respondents.
For those organizations not completing DPIAs, the most common reason was because that organization felt it did not engage in high-risk processing activities.MediaSolution: TrustArc Assessment Manager
MediaAssessment Manager streamlines the end to end assessment process following the proven TrustArc methodology developed and refined through thousands of engagements. Identify gaps, record risks, manage tasks, maintain comprehensive audit trails, and produce compliance reports to meet GDPR Article 35 DPIA, Vendor Risk, International Data Transfer and other regulatory requirements.
The assessments, including the DPIA assessment, are powered by intelligent content and leverage built in logic and automated risk scoring. Skip logic functionality, as well as configurable compliance expressions, enable systematic identification of noncompliant answers and recommendations on how to remediate potential issues.
TrustArc also has a large team of expert consultantsβ¦
β A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access β
π Read
via "Threatpost | The first stop for security news".
All of the vulnerabilities arise from improper input validations.π Read
via "Threatpost | The first stop for security news".
Threat Post
A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access
All of them arise from improper input validations.
π How to create a security-focused work culture π
π Read
via "Security on TechRepublic".
Learn how to beef up your company's cyberdefenses by training employees on cybersecurity policies and procedures, password management, and phishing.π Read
via "Security on TechRepublic".
TechRepublic
How to create a security-focused work culture
Learn how to beef up your company's cyberdefenses by training employees on cybersecurity policies and procedures, password management, and phishing.
π΄ Android Malware Hits Victims in 196 Countries π΄
π Read
via "Dark Reading: ".
Malware disguised as games and utilities struck more than 100,000 victims before being taken out of Google Play.π Read
via "Dark Reading: ".
Dark Reading
Vulnerabilities & Threats recent news | Dark Reading
Explore the latest news and expert commentary on Vulnerabilities & Threats, brought to you by the editors of Dark Reading
π΄ Emotet Malware Gets More Aggressive π΄
π Read
via "Dark Reading: ".
Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.π Read
via "Dark Reading: ".
Darkreading
Emotet Malware Gets More Aggressive
Emotet's operators have been adding new capabilities, making the malware now even more dangerous to its enterprise targets.
β EU to offer nearly $1m in bug bounties for open-source software β
π Read
via "Naked Security".
Rewards on 15 bug bounty programs start at $28,600 and include open source software such as KeePass, FileZilla, Drupal and VLC media player.π Read
via "Naked Security".
Naked Security
EU to offer nearly $1m in bug bounties for open-source software
Rewards on 15 bug bounty programs start at $28,600 and include open source software such as KeePass, FileZilla, Drupal and VLC media player.
β Adobe Fixes Two Critical Acrobat and Reader Flaws β
π Read
via "Threatpost | The first stop for security news".
An unscheduled patch fixed two critical flaws that could enable arbitrary code execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Fixes Two Critical Acrobat and Reader Flaws
An unscheduled patch fixed two critical flaws that could enable arbitrary code execution.
β Vein authentication beaten by wax hand and photograph β
π Read
via "Naked Security".
A new presentation shows how vein authentication systems can be fooled using a fake wax hand model.π Read
via "Naked Security".
Naked Security
Vein authentication beaten by wax hand and photograph
A new presentation shows how vein authentication systems can be fooled using a fake wax hand model.
β Donβt fall victim to the Chromecast hackers β hereβs what to do β
π Read
via "Naked Security".
First they came for your printer... and then they came for your Chromecast - learn how to tighten up your router security.π Read
via "Naked Security".
Naked Security
Donβt fall victim to the Chromecast hackers β hereβs what to do
First they came for your printerβ¦ and then they came for your Chromecast β learn how to tighten up your router security.
π Why Microsoft is leading the march toward a passwordless future π
π Read
via "Security on TechRepublic".
Microsoft rolled out passwordless sign in option for insiders on Windows 10 build 18309. Here's why others will likely follow.π Read
via "Security on TechRepublic".
π How to install the Passbolt Team Password Manager on Ubuntu 18.04 π
π Read
via "Security on TechRepublic".
Passbolt is a powerful, web-based password manager that can be employed by individuals and teams.π Read
via "Security on TechRepublic".
TechRepublic
How to install the Passbolt Team Password Manager on Ubuntu 18.04
Passbolt is a powerful, web-based password manager that can be employed by individuals and teams.
π΄ Microsoft's 'Project Bali' Wants to Let You Control Your Data π΄
π Read
via "Dark Reading: ".
Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.π Read
via "Dark Reading: ".
Darkreading
Microsoft's 'Project Bali' Wants to Let You Control Your Data
Currently in private beta, Bali is designed to give users control over the data Microsoft collects about them.
π΄ Managing Security in Today's Compliance and Regulatory Environment π΄
π Read
via "Dark Reading: ".
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.π Read
via "Dark Reading: ".
Darkreading
Managing Security in Today's Compliance and Regulatory Environment
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
β Wide-Ranging German Doxxing Incident Hits Hundreds of Politicians β
π Read
via "Threatpost | The first stop for security news".
It's not clear why the data release wasn't noticed earlier.π Read
via "Threatpost | The first stop for security news".
Threat Post
Wide-Ranging German Doxxing Incident Hits Hundreds of Politicians
It's not clear why the data release wasn't noticed earlier.
π Phishing toolkit uses custom font and substitution cipher to evade detection π
π Read
via "Security on TechRepublic".
A vintage spycraft tool was updated for the technological age as cybercriminals attempt to evade programmatic detection.π Read
via "Security on TechRepublic".
TechRepublic
Phishing toolkit uses custom font and substitution cipher to evade detection
A vintage spycraft tool was updated for the technological age as cybercriminals attempt to evade programmatic detection.
β Phishing Tactic Hides Tracks with Custom Fonts β
π Read
via "Threatpost | The first stop for security news".
The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based bank.π Read
via "Threatpost | The first stop for security news".
Threat Post
Phishing Tactic Hides Tracks with Custom Fonts
The phishing campaign is using a new technique to hide the source code of its landing page - and stealing credentials from customers of a major U.S.-based bank.
β Marriott Revises Breach Scope to 383M Records β
π Read
via "Threatpost | The first stop for security news".
The hotel giant said after de-duping, the breach appears to be smaller than it thought.π Read
via "Threatpost | The first stop for security news".
Threat Post
Marriott Revises Breach Scope to 383M Records
The hotel giant said after de-duping, the breach appears to be smaller than it thought.
β Weather Channel App in a Deluge of Legal Trouble for Data Misuse β
π Read
via "Threatpost | The first stop for security news".
The lawsuit alleges that the Weather Channel app misled users about why it was collecting their (extremely precise) geolocation data.π Read
via "Threatpost | The first stop for security news".
Threat Post
Weather Channel App in a Deluge of Legal Trouble for Data Misuse
The lawsuit alleges that the Weather Channel app misled users about why it was collecting their (extremely precise) geolocation data.
β Facebook hoaxes β harmless fun or security risk? [VIDEO] β
π Read
via "Naked Security".
Here's what you need to know about Facebook hoaxes, all in plain English.π Read
via "Naked Security".
Naked Security
Facebook hoaxes β harmless fun or security risk? [VIDEO]
Hereβs what you need to know about Facebook hoaxes, all in plain English.