#gdpr cert services | Explore Tumblr Posts and Blogs

report-1 · 7 months

Text

Self-Encrypting Drive SED Market Growth, Trend, and Prospects from 2023–2030

Self-Encrypting Drive SED Market Growth

The Self Encrypting Drive SED Market is expected to grow from USD 2.70 Billion in 2022 to USD 3.50 Billion by 2030, at a CAGR of 3.40% during the forecast period.

Get the Sample Report:https://www.reportprime.com/enquiry/sample-report/11279

Self-Encrypting Drive SED Market Size

Self-encrypting drive (SED) is a type of hard drive that automatically and continuously encrypts all data stored on it, without any impact on performance. The global SED market research report is segmented by type (internal and external hard disk drives), application (IT & telecom, BFSI, government & public utilities, manufacturing enterprise), region (North America, Asia Pacific, Middle East, Africa, Australia, and Europe), and major players (Western Digital Corp, Seagate Technology PLC, Samsung Electronics, Toshiba, Thales, Micron Technology Inc, NetApp, Kingston Technology Corp, Gemalto, Certes Networks Inc, Kanguru Solutions, TAEC). Regulatory and legal factors related to market conditions are also analyzed in the report. For instance, the report covers various regulations and compliance requirements such as GDPR, HIPAA, and PCI DSS that need to be met for data privacy and security. In conclusion, the SED market is expected to grow rapidly due to increasing concerns over data privacy and security, as well as the rising number of data breaches.

Self-Encrypting Drive SED Market Key Players

Western Digital Corp

Seagate Technology PLC

Samsung Electronics

Toshiba

Thales

Buy Now & Get Exclusive Discount on this:https://www.reportprime.com/enquiry/request-discount/11279

Self-Encrypting Drive SED Market Segment Analysis

The Self Encrypting Drive (SED) target market includes a wide range of industries, including financial services, healthcare, government and military, and retail. These industries require secure and efficient data management due to regulatory compliance and privacy concerns. The increasing adoption of cloud storage and the need to protect sensitive data during transfer and storage are the major factors driving revenue growth of the Self Encrypting Drive market.

The latest trends in the Self Encrypting Drive market include the rising demand for hardware-based SEDs, which offer improved security compared to software-based encryption. Moreover, the increasing implementation of Bring Your Own Device (BYOD) policies in organizations has led to a surge in the demand for SEDs. Additionally, the availability of low-cost SEDs with advanced security features is expected to fuel market growth during the forecast period.

However, the major challenges faced by the Self Encrypting Drive market include the high cost of SEDs compared to software-based encryption solutions, lack of awareness among end-users about SEDs, and concerns over compatibility issues with legacy hardware and software.

According to the report’s main findings, the global Self Encrypting Drive market is expected to grow at a CAGR of 21.3% during the forecast period. The Asia-Pacific region is expected to witness the highest growth rate due to the increasing adoption of cloud storage and the growing need for secure data management in industries such as healthcare, financial services, and government and military.

Based on the report’s findings, the main recommendations for the Self Encrypting Drive market include increasing awareness about the benefits of SEDs through targeted marketing campaigns and partnerships with key players in the industry. Additionally, manufacturers should focus on developing low-cost SEDs with advanced security features and compatibility with legacy hardware and software.

This report covers impact on COVID-19 and Russia-Ukraine wars in detail.

Purchase This Report:https://www.reportprime.com/checkout?id=11279&price=3590

Market Segmentation (by Application)

IT & Telecom

BFSI

Government & Public Utilities

Manufacturing Enterprise

Others

Information is sourced from www.reportprime.com

#business #market strategies #market growth #market analysis #market research

0 notes

technteacher · 4 years

Text

Complete Privacy Certification Course Bundle (CIPTv2020, CIPM And CIPP/E)

Learn How To Become A Highly Paid Privacy Consultant

Exclusive Deal | 87 percent off original price.

Get the complete Course Link here

Course Description

Learn how to become a highly paid privacy consultant or advisor today and earn more than 130K/year!

Get 3 globally recognized privacy certifications in less than 30 days:

Certified Information Privacy Technologist (CIPTv2020)

Certified Information Privacy Manager (CIPM)

Certified Information Privacy Professional (CIPP/E)

Accredited by The International Association of Privacy Professionals (IAPP).

All above certifications certs are at the same level, there is none more advanced than the other. The courses and certificates can be taken in any order.

CIPT is designed for privacy technologists, privacy by design engineers – so a focus into integrating technology in privacy.

CIPP is for privacy professionals in general and is more focused on the far reaching GDPR regulation – so the legal side.

CIPM is for privacy managers. More on building a privacy programme into an organization.

This course bundle contains over $100,000 of consulting material clients will pay for – Start using it today.

You don’t need to pay expensive in-class trainings anymore, this bundle is everything you need!

The Privacy Bundle is specifically designed for you to take control of your clients data privacy and think privacy all the time. No matter if you are a legal person that lacks technology skills or viceversa, if you are a security enthusiast/consultant/expert or an all-in-one IT consultant.

What makes it UNIQUE on the market, is that it is not only about the law, it is about ways to make privacy operational; it is not a legal perspective, it is the technological angle that will complement any privacy regulation (GDPR, CCPA etc).

It includes all important law pieces explained with examples and technical controls.

The course will give you the opportunity to learn by going through a lot of challenges, it will give you 100 templates to reuse, one of my customer anonymized reports , 30+ hours of video content through an extremely well structured curricula, how to build privacy by design with examples, how to execute the DPO role and much much more.

What you’ll learn

“Lessons from ex IBM-er, MICROSOFT-er about how to make privacy operational and how to get 3 privacy certifications in less than 30 days: CIPTv2020, CIPM, CIPP/E by IAPP”.

How to make privacy operational by using technology

GDPR and CCPA compliance and implementation

Privacy in Information Lifecycle

Privacy in Systems and Applications

DPO role explained – step by step

How to perform gap assessments, implementations and privacy consultancy services using templates

Online Privacy Issues

Privacy related to Direct Marketing

Subject Access Requests

Advanced Privacy by Design techniques

GDPR impact on HR and Cloud Service Providers

How to pass IAPP certifications in less than 30 days

6 Courses Included with Purchase

Build EU GDPR data protection compliance from scratch (CIPT)

Ultimate Privacy by Design MasterCourse (GDPR, CCPA etc)

GDPR Privacy Data Protection CASE STUDIES (CIPT,CIPM, CIPP)

How to Succeed in a Data Protection Officer Role (GDPR DPO)

California Consumer Privacy Act (CCPA) – Complete Course

Build Security Incident Response for GDPR Data Protection

So what are you waiting for Enroll Complete Privacy Certification Bundle NOW! with Exclusively Discount.

About the Instructor

Roland Costea, After spending my last 8 years working for Microsoft, IBM, Genpact and Cognizant as a Privacy & Security Director being able to create hundreds of integrated security and privacy programmes for top organizations in the world, I have decided to put all my experience together and create 6 courses, to show how to actually make Data Privacy operational and most importantly how to think out of the box.

I have been involved in engineering privacy for a lot of industries including Automotive (Mercedes-Benz, Geely, Volvo) and also provided DPO as a service for several other top companies in Europe and US. I have worked and developed the privacy strategy for Microsoft & IBM for the whole Central and Eastern Europe and also drived Cognizant Security and Privacy business in DACH.

Also See: Top Cyber Security Courses Online 2020

Image source: Pixabay

The post Complete Privacy Certification Course Bundle (CIPTv2020, CIPM And CIPP/E) appeared first on HackersOnlineClub.

from HackersOnlineClub https://ift.tt/3gZUZ6l from Blogger https://ift.tt/2CgQzJN

#Blogger

0 notes

terabitweb · 5 years

Text

Original Post from InfoSecurity Magazine Author:

Magecart Group Linked to Dridex and Carbanak Malware

Security researchers have discovered close links between a digital skimming group, Dridex phishing campaigns and the notorious Carbanak malware.

Malwarebytes researchers Jérôme Segura, William Tsing, and Adam Thomas examined WHOIS data prior to GDPR taking effect to uncover those behind Magecart Group 5, they revealed in a new blog post.

Unlike many others using the notorious skimming code, the group usually attacks supply chain organizations with the hope of infecting many more websites and their customers.

Although it usually registers domains to support its activity using privacy protection services, the group appears to have made a mistake when it registered informaer.info with Chinese bulletproof hoster BIZCN/CNOBIN.

The researchers’ digging revealed the name “Guo Tang,” a Beijing-based address and phone number, and a Yahoo.com email address.

The latter has been used to register multiple domains used in phishing campaigns designed to deliver notorious banking trojan Dridex, including an efax attack on German users, and others spoofing the OnePosting and Xero brands, Malwarebytes revealed.

They also cited research by the Swiss CERT which claimed Dridex has in the past been used to deliver the Carbanak info-stealing malware.

The phone number from Magecart Group 5’s registrant information has also been linked to Carbanak group, a cybercrime operation thought to have stole hundreds of millions of dollars from global banks.

“Victimology helps us to get a better idea of the threat actor behind attacks. For instance, we see many compromises that affect a small subset of merchants that are probably tied to less sophisticated criminals, often using a simple skimmer or a kit,” concluded Malwarebytes.

“In contrast, we believe that the bigger breaches that reel in a much larger prize are conducted by advanced threat groups with previous experience in the field and with well-established ties within the criminal underground.”

#gallery-0-6 { margin: auto; } #gallery-0-6 .gallery-item { float: left; margin-top: 10px; text-align: center; width: 33%; } #gallery-0-6 img { border: 2px solid #cfcfcf; } #gallery-0-6 .gallery-caption { margin-left: 0; } /* see gallery_shortcode() in wp-includes/media.php */

Go to Source Author: Magecart Group Linked to Dridex and Carbanak Malware Original Post from InfoSecurity Magazine Author: Magecart Group Linked to Dridex and Carbanak Malware Security researchers have discovered close links between a digital skimming group, Dridex phishing campaigns and the notorious Carbanak malware.

#InfoSecurity Magazine

0 notes

williamsjoan · 5 years

Text

Cybersecurity and human rights

Tehilla Shwartz Altshuler Contributor

Dr. Tehilla Shwartz Altshuler is a Senior Fellow and head of the Democracy in the Information Age Project at The Israel Democracy Institute’s.

A cyberattack has the power to paralyze cellular communications; alter or erase information in computerized systems; prevent access to computer servers; and directly harm a country’s economy and security by attacking its electricity networks or banking system.

The necessity is clear for any country, but especially Israel with its unique security considerations, to maintain a cyber defense system. The creation of the unified Israel National Cyber Directorate (INCD), which includes the Israel Cyber Event Readiness Team (CERT-IL), side by side with other security agencies such as the Israeli NSA and Mossad within the Prime Minister’s Office, addresses this need. This is an important institution, and it therefore must have clearly defined legislative powers, goals and organizational structures.

What is interesting, though, is that although Israel is Startup Nation when it comes to innovation and development, it is sorely behind in legislation that deals with the growing dilemmas regarding the intersection between technology, human rights and democratic values. Most technological innovations in security and tracking systems used in social networks are developed out of the public eye. The unified INCD was established before legislation to regulate its activities was put in place.

To this end, the recent publishing of the first draft of a cyber law for Israel, designed to provide a legal framework for the activities of Israel’s cyber defense system, is welcomed. However, the content of the draft shows that the State is seeking to assume far wider powers than are needed to protect the public from cyberattacks. Part of the reason for this is that it is difficult at present to assess what cyberattacks could look like in the future, but another part is what seems to be a somewhat hidden policy of the government to use technology in order to increase their control over citizens’ activities.

According to the draft, the INCD, a division within the Prime Minister’s Office, will be able to routinely collect data from internet and cellular providers, government ministries, local authorities and government corporations in order to identify and thwart cyberattacks in real time. Yet the definition of “security relevant data” remains ambiguous, and is certainly much broader than the definitions laid out in IOC (Cyber Threat Indicator) in the American Cybersecurity Information Sharing Act (CISA) passed in 2015.

The question is whether there is truly a need for all of this information — a record of all online activities and personal details we’ve shared with governmental agencies — to be collected in this way, and whether this is information that could potentially be used to create behavioral profiles that could be used against citizens. What, in effect, is the difference between gathering this data and wide-scale, unrestricted wiretapping? For the State to have access to such far-reaching information constitutes a real threat to citizens’ privacy and human rights on a larger scale.

In addition, should the drafted bill pass, INCD will have access to computers and the authority to collect and process information, all in the name of identifying cybersecurity infiltrators. This could include almost any information held by any private citizen or business. While the law mentions the need to respect the right to privacy, it also permits activities that do not infringe upon this right “more than is necessary” — a frighteningly vague limitation. In addition, there do not seem to be sufficient limits on the use of the information collected. How long can it be stored? Can it be passed from INCD to the police, or to other agencies?

We would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.

This bill endows the INCD with supreme regulatory powers that supersede those of the police, the Privacy Protection Authorities and others. The INCD even has the capacity to withdraw licenses awarded to commercial institutions. One obvious outcome of this is that it will lead to a lack of cooperation between the different authorities. The million-dollar question is, of course, when do these powers come into play? And the answer, again, is worrying: “Whenever necessary in order to defend a ‘vital interest.'”

This might mean protecting the country’s security or saving human life, but according to the draft, it also includes “the proper functioning of organizations that provide services on a significant scale.” Does this also mean a cyberattack on a large clothing chain? And if so, is this justified?

Classic cybersecurity, as we know it, deals mainly with potential damage to tangible infrastructure. However, the proposed bill allows the prime minister to add more cyberthreats to this list at his will. Which begs the question: What will happen when a prime minister adds something along the lines of “harming the public consciousness by presenting arguments on social networks”? or “disseminating fake news”? Do we really want the INCD to be empowered to deal with such cases in addition to the Israeli NSA?

Moreover, the draft makes scant mention of oversight bodies to regulate the use of such broad powers, and grants the head of INCD the power to maintain a veil of secrecy when attacks are being discovered. It certainly makes sense not to publicize the existence of a cyberattack until it is under control — in order to prevent additional damage — but assume that you are a patient in a hospital in which a cyberattack has created confusion in the administration of medicines. How long would you want this to be kept secret? And what of bank account holders, or people who have registered for a dating site, whose details have been compromised?

The proposed bill endows the INCD with unchecked power, especially when compared with other democracies. The abuse of such power and Edward Snowden’s exposure of PRISM (the NSA’s intrusive surveillance program) should serve as a warning to us all, especially here in Israel. Today, the right to privacy can no longer be seen as the right to control one’s personal data as laid out in the General Data Protection Regulation (GDPR). Rather, the right to privacy is understood as a prerequisite condition for other human rights. While the bill is important, one cannot help but think that it may be the first stage in an unprecedented “big brother” scenario.

Legislators have to take the time to study cyber issues and the threats and opportunities that they pose. It is crucial that those who decide whether or not to pass the bill gain a deep understanding of the meaning of the right to privacy in a digital world. This knowledge will allow them to create a more balanced piece of legislation and in turn protect the rights of Israeli citizens.

The law states that one of its primary goals is to “advance Israel as a global leader in the field of cyber security.” Yet let us not forget that in a small country like Israel, driven by creativity, independence and thinking out-of-the-box, we would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.

Cybersecurity and human rights published first on https://timloewe.tumblr.com/

0 notes

siscertglobal · 2 months

Text

#gdpr #gdpr cert services #gdpr compliance #gdpr standard #sis certifications

0 notes

fmservers · 5 years

Text

Cybersecurity and human rights

Tehilla Shwartz Altshuler Contributor

Dr. Tehilla Shwartz Altshuler is a Senior Fellow and head of the Democracy in the Information Age Project at The Israel Democracy Institute’s.

We would not be global leaders in cyber and technology without simultaneously protecting fundamental human rights.

Via David Riggs https://techcrunch.com

#TechCrunch

0 notes

beautifulmiraclepizza-blog · 6 years

Text

Mobile : la bataille de la data de géolocalisation a commencé

Fournisseurs de SDK, analyseurs de bid requests et poseurs de boîtiers en magasin, tous espèrent décrocher la martingale, en offrant le reach le plus élevé possible.

Pour les retailers qui veulent générer du trafic en magasin depuis Internet, et dans une perspective "drive to store", la data de géolocalisation est devenue incontournable. Mais pas n'importe laquelle. Une donnée historisée et "people based", pour connaître les lieux de fréquentations préférés d'un mobinaute et exploiter cette information via des publicités ciblées. Les annonceurs sont prêts à mettre le prix fort pour ce type de données et les prestataires l'ont bien compris : ils rivalisent d'ingéniosité et de techniques, pour pouvoir leur proposer des jeux de données avec le plus grand reach possible.

Aujourd'hui, Teemo, Singlespot et Vectaury revendiquent pouvoir toucher entre 10 et 17 millions de visiteurs uniques par mois là où les acteurs qui s'appuient sur la bid request ont un reach compris entre 20 et 35 millions de visiteurs uniques mensuels, selon les informations communiquées au JDN par un acheteur mobile. Les spécialistes du boîtier sont encore plus distancés sur ce terrain-là. La faute à un coût structurel encore plus fort : il faut installer un parc de beacons au sein de chaque point de vente. Autre limite : il faut également que l'utilisateur ait activé son bluetooth pour être détecté.

Grâce aux contrats qu'il a noués avec quatre des plus gros SSP opérant en France, le spécialiste allemand de la data mobile Adsquare revendique un taux de pénétration de près de 90% sur ce marché. Son modèle est hybride car il collecte aussi de la donnée via un SDK. "Certes le bassin d'audience touché par ce biais est moins important mais on a plus d'informations sur l'utilisateur, les points de contacts étant beaucoup plus nombreux", explique son VP Demand EMEA, Vincent Tessier. Un SDK spécialisé peut récupérer la donnée de géolocalisation d'un utilisateur jusqu'à une centaine de fois par jour, dès lors que ce dernier a consenti à la partager.

"L'autre avantage de la méthodologie du SDK est qu'elle permet de déterminer le temps passé par le mobinaute dans un point de vente, ce que ne donnent les bid requests", précise Kaoutar Benazzi, patronne de Mobext France, l'agence mobile d'Havas Group. Plus un prospect passe du temps en magasin, plus il est intéressé. L'information a donc une valeur forte pour les publicitaires.

Alors que l'entrée en vigueur du RGPD est désormais une question de semaines, le respect de la vie privée du mobinaute est évidemment un sujet clé. Ce n'est pas Teemo, épinglé sur le sujet par un article de Numerama cet été, qui dira le contraire. "Il est primordial pour nous de travailler avec des entreprises respectueuses du cadre réglementaire", confirme Kaoutar Benazzi.

Trois typologies d'acteurs se dégagent aujourd'hui. Tout d'abord, ceux qui installent leur SDK chez des éditeurs partenaires (médias, sites e-commerce, comparateurs…), en leur proposant de monnayer auprès d'annonceurs et d'agences de leurs réseaux la donnée de géolocalisation qu'ils collectent. Cette donnée sera ensuite activée selon le modèle du bundle data + média. C'est le modèle choisi en France par Teemo, Singlespot, Vectaury, ou Adotmob, qui commercialise en exclusivité la data de son actionnaire Vente-privee. Bliss Media, Ground Truth et Verve sont les trois autres acteurs majeurs en Europe.

On trouve ensuite les acteurs qui profitent de l'envoi d'une requête publicitaire (bid request) au sein d'une place de marché pour extraire la data de géolocalisation associée à cette requête. Ces acteurs, comme Admoov, passent des contrats avec les SSP qui gèrent la transaction pour collecter la donnée. Enfin, des sociétés comme Fidzup ou Retency s'appuient sur des technologies avec boîtiers qu'ils installent pour mesurer le trafic en point de vente et le "matcher" avec des ID Web.

Chaque méthode a ses avantages et inconvénients. Passer des deals avec les SSP est la voie royale pour obtenir un reach très élevé. Il est en effet beaucoup plus compliqué de convaincre un éditeur d'application d'installer son SDK. "C'est d'autant plus vrai qu'il faut attendre une mise à jour de l'application concernée (ce qui est rare) pour le faire", précise Emilie Carcassonne, VP Southern Europe du fournisseur de data Nielsen Marketing Cloud. Les places sont donc chères et certains éditeurs d'applications en profitent. Ces derniers exigent désormais des minimums garantis qui peuvent monter jusqu'à 100 000 euros par mois. Pour pouvoir installer son SDK, le fournisseur doit donc s'engager à dépenser jusqu'à million d'euros annuel en achat média chez l'éditeur. "Cette stratégie est difficilement tenable sur le long terme tant les montants sont extravagants pour l'univers mobile, témoigne un acteur du marché qui souhaite rester anonyme. On refuse de perdre notre argent là-dedans, quitte à perdre des éditeurs."

Tous s'efforcent donc de montrer patte blanche : Teemo a été certifié conforme au RGPD par l'organisme ePrivacy et Vectaury a dévoilé ses nouveaux bandeaux opt in "géo-transparents" et RGPD compatibles. Un SDK open source baptisé Open Locate que les développeurs d'applications peuvent intégrer vient par ailleurs de voir le jour. Son objectif : leur permettre de gagner en transparence et en contrôle en ce qui concerne la collecte et le transfert de données de géolocalisation. Parmi les premiers partenaires on retrouve Appnexus, Adsquare et Teemo. Emilie Carcassonne en est convaincue : "tous ceux qui seront hors des clous fin mai ne vont pas faire long feu".

La concurrence est rude… et n'en est qu'à ses débuts. "Le marché est encore peu structuré, explique Kaoutar Benazzi. Nous avons même dû nommer un référent en charge d'auditer les nouvelles technologies, pour les challenger et les tester." Chez Publicis, les collaborateurs des équipes font même office de "cobayes" pour mesurer la qualité du tracking et sa conformité avec le contexte réglementaire. "On a monté un panel chez nous pour suivre l'avant et l'après RGPD", explique le directeur général de Performics, Frédéric Marty-Debat.

Les agences travaillent donc avec des acteurs comme Teemo et d'autres, alors même que ces derniers peuvent apparaître comme des concurrents dans la mesure où ils opèrent l'achat média. "On n'hésite pas à se tourner vers des acteurs en managed services lorsque l'on reçoit un brief et que ces acteurs nous semblent apporter la réponse la plus pertinente, confirme Frédéric Mary-Debat. C'est notre responsabilité en tant que conseil de l'annonceur." Performics ne leur fait pour autant pas une confiance aveugle et sollicite des tiers indépendants. "On challenge les résultats qu'ils revendiquent avec un Kairos ou un Retency pour mesurer la performance qu'ils s'attribuent."

Yves Pellemans's insight:

Entre 10 et 17 millions de VU mensuels pour les fournisseurs de SDK. Le double pour ceux qui s'appuient sur la bid request .. .Et la GDPR comme arbitre ...

0 notes

mypoodleisgucci · 6 years

Text

What Associations Need to Know NOW about GDPR

If you aren't already thinking about whether or not you are in compliance with the new EU General Data Protection Regulation(GDPR) taking effect in May 2018, you should be. This regulation will impact organizations worldwide, carries hefty penalties for those who abuse or ignore their responsibilities, and is ushering in a new day for better data privacy and data hygiene for everyone.

But what do YOU need to know right now to make sure you are on the right path?

This show's guests include two high profile UK-based GDPR experts, an association CEO, and an association industry technology consultant leading the way in organizing leaders for GDPR readiness. If you have questions about your data and responsibilities with the GDPR, register for this free chat!

Confirmed Guests include:

Dr. Rachel O’Connell, Chief Information Officer, The Trust Bridge

Rachel O’Connell (Co-Founder of The TrustBridge) is one of the preeminent authorities on electronic identification and age verification and has worked with The Digital Policy Alliance (EURIM) which is the politically neutral, cross-party policy voice in Europe of the internet and technology sector. Rachel led the Age Verification Group of the Digital Policy Alliance and is the author of a Publicly Available Specification (PAS) and technical standard entitled PAS 1296 on an Online Age Checking code of practice, which was published by the British Standards Institution in August 2017.

Rachel was the fifth person to join the start-up social networking platform, Bebo, and was instrumental in operationally building the business, which was acquired by AOL in 2008 for $850M. Before joining Bebo, Rachel led a series of highly successful large-scale Pan-European projects, which involved managing teams located in 19 countries across Europe.

In 2000, Rachel set up the Cyberspace Research Unit, at the University of Central Lancashire and secured funding from the European Commission to establish and operate the first UK Internet Safety Centre (2000- 2006), which was based at the Cyberspace Research Unit. Rachel’s Ph.D. examined the implications of online pedophile activity for investigative strategies

https://www.linkedin.com/in/racheloconnell/

David Clarke, FBCS CITP, Chief Technology Officer

David is a leading authority on security issues with experience across Finance, Telecoms, and the Public Sector. David is a Fellow of the British Computer Society, at the most senior professional grade. His past work included building secure operations capabilities, often from scratch, and developing a full Cyber incident response. Other projects included the development of CERT (Computer Emergency Response Team) on a Financial Intranet which handled $3.5 trillion trading per day and the rollout of managed security services with a $400 million global install base. David headed up the architecture and oversaw implementation.

David’s accomplishments include:

Achieving multiple Global ISO27001 standard qualifications for several $billion dollar contracts.

Development of a PCI-DSS (The Payment Card Industry Data Security Standard for a UK Credit Card Transmission Service).

Management of Multiple Global Security Operations Centres.

Development of a CERT (computer emergency response team) for leading-edge technological deployments and architectures.

GDPR Technology Forum – Founder LinkedIn Forum

Recognized as one of the top 10 influencers by Thompson Reuter and one of the top 30 most influential thought-leaders and thinkers on social media, in risk management, compliance and reg tech in the UK.

Founder and Owner of Linkedin GDPR Technology group 8600 + Members

Twitter @1davidclarke which has 52.8 k Followers

https://paper.li/1DavidClarke/1477816063#/ published 4 times a week

A recognized thought leader in the InfoSec industry, David has over 52,800 twitter followers and is the author of a forthcoming book on cyber.

https://www.linkedin.com/in/1davidclarke/

David DeLorenzo, CAE, CIO - Technology Management at DelCor Technology Solutions

With more than 20 years’ experience in the association space and nearly 15 years as a senior IT executive, David DeLorenzo has a history of dynamic leadership, strategic thinking, problem-solving, and team building. He is a high-energy leader and visionary who excels at planning and communicating strategic initiatives as they relate to the overall enterprise.

https://www.linkedin.com/in/dddelorenzo/

About Association Chat

Association Chat is an online community and podcast with a live weekly show interviewing special guests every Tuesday at 2 pm EST. You can learn more about Association Chat at http://associationchat.com/ & https://www.crowdcast.io/kikilitalien. You can connect with the association community throughout the week on Twitter using the hashtag #assnchat or through the Facebook Group.

Association Chat remains free for viewers (and only allows for one sponsor per episode).

If you find any meaning and value in Association Chat, please consider becoming a patron with a recurring monthly donation of your choosing on Patreon at https://www.patreon.com/associationchat.

(*"Cheekily" hashtagged from the beginning! #assnchat – yes, we know what it looks like and no, we aren't changing it.*)

KiKi L'Italien serves as host for the chat with regular guests and quarterly live events along with creative collaborations with industry thought leaders.

Association Chat: http://www.associationchat.com

See Past Episodes: https://www.crowdcast.io/kikilitalien

Where to Subscribe/Get Involved/Learn More

Website: http://associationchat.com/

Facebook Group (private): https://www.facebook.com/groups/AssociationChat/

iTunes: https://itunes.apple.com/us/podcast/association-chat-podcast/id1221431539

Google Play: http://bit.ly/googleassnchat

iHeartRadio: https://www.iheart.com/podcast/association-chat-28628199/?cmp=web_share

Stitcher: http://www.stitcher.com/podcast/association-chat-podcast

Soundcloud: https://soundcloud.com/kiki-litalien

YouTube: https://youtu.be/RWiKUrUWxcg

Watch Live: https://www.crowdcast.io/kikilitalien

Vimeo: https://vimeo.com/amplifiedgrowth

Check out this episode!

#associations #association chat #association podcast

0 notes

lbcybersecurity · 7 years

Text

Cyber Security Roundup for June 2017

Another large scale ransomware cyber attack caused chaos and dominated the media headlines around the world this month. The Petya ransomware, a copycat of WannaCry, caused major operational impact to organisations neglecting to apply Microsoft Windows critical security updates. There were reports of the malware significantly impacting British marketing firm WPP, a Jewson hardware store, Ukrainian national infrastructure associated firms, and even halting production at a Cadbury chocolate factory in Australia.

Aside from the Peyta ransomware outbreak, it was another busy month of significant cyber security attacks and data compromises across the UK. The UK Parliament's email system was hacked with around 90 email accounts compromised due to the usage of weak passwords by parliament staff, it is not certain how many of 90 were MPs or not, but I wouldn't surprised if there were more than a few using weak passwords. There were further cyber troubles for the UK government after its Digital Service website data.gov.uk data was compromised. Virgin media told 800,000 of its users to change their router passwords after it was discovered that hackers could access Virgin's Super Hub 2 routers. And there was yet more critical security patches released this month, as Microsoft and application vendors fight to stay ahead of cyber criminals and nation-state actors software exploits.

Over in the United States, a US Health Insurer forked out £90 million to cover compensation and legal costs after hackers stolen customer records in its care. We could well see these types of large payouts in the UK soon after the General Data Protection Regulation (GDPR) kicks in May 2018. The GDPR gives the Information Commissioners Office (ICO) new powers to fine up to 10 Million Euros or 2% the previous year global turnover of the company, for any cyber security breaches. Data subjects will also have the right to take companies to court to seek damages as well. The ICO will get double those penalty rates for privacy rights breaches, ouch! Under the GDPR companies are forced to fess up to all security incidents which compromises or places personal data at risk, both to the ICO and to each data subject impacted, so there will be no hiding place for security breaches in the UK after next May.

Finally, US Cert and Incapsula released an interesting advisory about 'Hidden Cobra', a North Korean Cyber Threat group. This nation-state group is seemingly ramping up their capabilities at the moment, and are behind the DeltaCharlie campaign and linked with the WannaCry ransomware outbreak last month, well worth a read.

NEWS

Peyta / NotPeyta / Petrwrap Ransomware Attack

NSA & GCHQ link North Korean with the global WannaCry Ransomware Attack

Parliament Cyber Attack 'hit up to 90 users'

UK Government Digital Service Site User Data Breached

Four Arrests in UK over Microsoft Technical Support Scam Phone Calls

UK Online Fraud Overlooked by the Government, Police and Business

Password Manager OneLogin hit by Data Breach

Virgin Media tells 800,000 Users to Change Passwords over Router Hacking Risk

ICO Fines Gloucester City Council £100k for not patching the Heartbleed Bug

The US Health Insurer is to pay out over £90m after Hackers Stole Customer Records

WannaCry Cyber Attack Halts Production at Honda

Cyber Due-Diligence Now Forms an Essential part of M&A Planning

UK Hacker exploits Clydesdale & Yorkshire Online Bank loophole to Steal £100,000

Personal Details of nearly 200 Million US Citizens Exposed

South Korean Hosting Firm Pays $1 Million Ransom

Microsoft to Remove SMB1 protocol used by WannaCry & Peyta from Windows 10

Microsoft release Security Updates to fix 94 flaws, including on Windows XP & Windows 2003

Adobe releases Critical Security Updates Flash Player and Shockwave Player

AWARENESS, EDUCATION AND THREAT INTELLIGENCE

Hidden Cobra: North Korea’s DDoS Botnet Infrastructure

Hidden Cobra and DeltaCharlie: An Explainer

Apple Mac computers targeted by Ransomware and Spyware

Firewall Adware Epidemic Infects 9% of UK Networks

REPORTS

2017 Trustwave Global Security Report

PwC 2016 Digital Annual Report: UK Councils unable to cope with Cyber Threats

Druva Annual Ransomware Report: 2017 Survey

from Cyber Security Roundup for June 2017

0 notes