Blog, Data collection and Risk - Cyber Security Informer

The Best 10 Vendor Risk Management Tools

Centraleyes

MARCH 25, 2024

Let’s discuss an acronym reshaping the business world: Vendor Risk Management , or VRM. With supply chains extending across multiple regions and involving numerous third-party vendors, organizations face unprecedented challenges in managing vendor risks effectively. What risks are you facing?

Risk

Risk Data collection Architecture Government

Manual vs Automated Risk Management: What You Need to Know

Centraleyes

MAY 5, 2024

Murphy’s Law in Modern Risk Management Murphy’s Law is a timeless reminder of life’s unpredictability. In today’s digital age, where cyber attacks are a matter of when rather than if, assessing potential risks and their likelihood of occurrence is only getting more critical.

Risk

Risk Data collection Cyber Risk Cybersecurity

UnFAIR: The Limitations of FAIR’s Risk Model

Security Boulevard

MARCH 2, 2023

This is blog 2 of 3 in our FAIR model series. The limitations of FAIR’s data collection process are discussed in part 1 of this blog series. Building a lego design and quantifying cyber risk have essential characteristics in common.

Risk

Risk Cyber Risk Data collection

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Almost Half of All Chrome Extensions Are Potentially High-Risk

eSecurity Planet

NOVEMBER 29, 2022

percent) of all Chrome extensions have a High or Very High risk impact due to permissions required at installation, according to Incogni, and over a quarter (27 percent) collect user data. These are the highest Risk Impact extensions.” ” Accessing Sensitive Data. Much of that data is highly sensitive.

Risk

Risk Adware Data collection Passwords

BloodHound Enterprise Learns Some New Tricks

Security Boulevard

AUGUST 3, 2023

Summary The BloodHound code-convergence project brings some significant and long-desired feature enhancements to BloodHound Enterprise (BHE): Cypher search, including pre-built queries for AD and Azure Built-in support for offline data collection (i.e., Up next in our release blog series is the one everyone has been waiting for.

Data collection

Data collection Engineering Risk

OpenAI Is Not Training on Your Dropbox Documents—Today

Schneier on Security

DECEMBER 19, 2023

Simon Willison nails it in a tweet: “OpenAI are training on every piece of data they see, even when they say they aren’t” is the new “Facebook are showing you ads based on overhearing everything you say through your phone’s microphone.” On a personal level we risk losing out on useful tools.

Government

Government Banking Risk Internet

Top VAPT Testing Companies

Security Boulevard

JANUARY 6, 2023

Introduction By reducing information risks and vulnerabilities, a process called information security, also referred to as infosec, protects electronic data. Data collection, organization, processing, and deletion are all included in the definition of data management. InfoSec […].

Computers and Electronics

Computers and Electronics InfoSec Data collection Mobile

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

The Last Watchdog

JANUARY 9, 2023

A Data Privacy Impact Assessment, or DPIA , is a formal assessment of the privacy risks of your data processing activities. The purpose of conducting a DPIA is to identify and assess the potential impact of these risks on individuals’ rights and freedoms from your proposed processing operations.

Data privacy

Data privacy Small Business Data collection Cyber Risk

Chinese threat actors extract big data and sell it on the dark web

SC Magazine

APRIL 19, 2021

Researchers on Monday reported that cybercriminals are taking advantage of China’s push to become a leader in big data by extracting legitimate big data sources and selling the stolen data on the Chinese-language dark web. The stolen data ranges from lottery and stock data to commercial databases of Canadian and U.S.

Big data

Big data Data collection Mobile Risk

On Surveillance in the Workplace

Schneier on Security

MARCH 12, 2019

Touted as useful management tools, they can augment biased and discriminatory practices in workplace evaluations and segment workforces into risk categories based on patterns of behavior. Gamification and algorithmic management of work activities through continuous data collection.

Surveillance

Surveillance Data collection Technology Risk

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

The Last Watchdog

MAY 21, 2020

Kernel The privacy risks associated with online or browser fingerprinting today are real. Advertisers are amassing a huge amount of data and creating a comprehensive profile on you as an internet user. Intrinsic risks Device fingerprinting does reveal a lot about who you are.

Advertising

Advertising Internet Internet Accountability

Reinventing Asset Management for Cybersecurity Professionals

IT Security Guru

MAY 24, 2021

Understanding the risk context of every asset helps them decide what requires immediate action, and what can be done incrementally or mitigated with other changes or ignored as too low risk. They need automation when they want it, so that action is taken automatically based on the security risk policies they have put in place.

Cybersecurity

Cybersecurity Risk Software Data collection

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

Privacy and Cybersecurity Law

JUNE 29, 2020

The experience made clear that no smart city can proceed without social license and that there is no social license without addressing privacy risks. . Risk #1: Surveillance both from the State and surveillance capitalism. Digital solutions generally create the risk of law enforcement access to the data they collect.

Surveillance

Surveillance Data collection Risk Data breaches

IoT Unravelled Part 3: Security

Troy Hunt

NOVEMBER 25, 2020

The vulnerability Context Security discovered meant exposing the Wi-Fi credentials of the network the device was attached to, which is significant because it demonstrates that IoT vulnerabilities can put other devices on the network at risk as well. Are these examples actually risks in IoT?

IoT

IoT Firmware Risk Manufacturing

7 Steps to Measure ERM Performance

Centraleyes

FEBRUARY 19, 2024

The distinction between enterprise risk management (ERM) and traditional risk management is more than semantics. The simplest way to explain their core differences is that traditional risk management operates within confined departmental boundaries.

Risk

Risk Marketing Manufacturing Data collection

What’s in the NIST Privacy Framework 1.1?

Centraleyes

MARCH 14, 2024

Initially introduced as The NIST Privacy Framework : A Tool for Improving Privacy Through Enterprise Risk Management, Version 1.0, The adjustment of the NIST Privacy Framework in response to new frameworks like the NIST’s AI Risk Management Framework (AI RMF) and the update to the NIST Cybersecurity Framework (CSF) to Version 2.0

Government

Government Risk Artificial Intelligence Cybersecurity

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

The Last Watchdog

OCTOBER 13, 2021

Check out the examples below from Forrester’s blog. First-party” data is different from zero-party data. First-party data is based on inference collected from either implicit or explicit events that are collected internally. Data collection red flags. All of this leads us to “third-party” data.

eCommerce

eCommerce Data collection Consumer Protection Advertising

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

The Last Watchdog

OCTOBER 17, 2022

To provide even further insight into the data safety and privacy practices of app developers, researchers at Incogni conducted a study of the top 500 paid and top 500 free Google Play Store apps. percent) of the apps share user data with third parties. Greediest data harvesters. percent share approximate location history.

Data privacy

Data privacy Media Data collection Data breaches

Understanding the Different Types of Audit Evidence

Centraleyes

APRIL 18, 2024

Risk Management Assessment: Through evidence collection, auditors assess an organization’s risk management processes, ensuring they are proactive, comprehensive, and aligned with its risk appetite.

Risk

Risk Penetration Testing Encryption Cybersecurity

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

CyberSecurity Insiders

SEPTEMBER 11, 2021

Security industry blogs, magazines, and websites frequently report that many security teams are frustrated by the limitations of their SIEM tool. Analysts find dealing with data collected from numerous hosts within an enterprise to be a daunting task. In that case, additional risk must be assumed by the organization.

Threat Detection

Threat Detection Data collection Software Engineering

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The Last Watchdog

NOVEMBER 21, 2018

International regulations have also played a significant role in the privacy discussion, specifically following enforcement of the GDPR (General Data Privacy Regulation) in the European Union (EU). He has over 10 years of experience with Information Security, Cyber Security, and Risk Management. . If the U.S.

Data privacy

Data privacy Data collection Big data Government

The end looms for Meta's behavioural advertising in Europe

Malwarebytes

AUGUST 4, 2023

From the Meta blog: We will share further information over the months ahead, because it will take time for us to continue to constructively engage with regulators to ensure that any proposed solution addresses regulatory obligations in the EU, including GDPR and the upcoming DMA.

Advertising

Advertising Data breaches Data collection Marketing

A Full Guide to Achieving SOC 2 Certification for Startups

Centraleyes

NOVEMBER 16, 2023

Prioritize the Risk Assessment Risk Assessment: Among the most pivotal steps in your SOC 2 journey is conducting a thorough risk assessment. Modern platforms streamline onboarding with smart questionnaires, making data collection more manageable. Customizable reports help maintain alignment within your team.

Risk

Risk Data collection Backups Accountability

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

Centraleyes

APRIL 25, 2024

Risk Management: By identifying vulnerabilities and assessing controls, security audits contribute to effective risk management, allowing organizations to prioritize and address critical risks. Frequency Conducted regularly throughout the year, focusing on continuous improvement and ongoing risk assessment.

Risk

Risk Accountability Technology Software

How to Secure Your Business Social Media Accounts

BH Consulting

AUGUST 31, 2023

When we think about social media, we think about the nice side of it: staying in touch with friends and family, getting updates about our interests – but the more active we are on it, the more risk we’re exposed to. The more exposed we are in the online space, the more potential there is for risk to a business. More than 4.7

Media

Media Accountability Authentication Passwords

A Pandora's Box: Unpacking 5 Risks in Generative AI

Thales Cloud Protection & Licensing

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Security Boulevard

APRIL 17, 2024

A Pandora's Box: Unpacking 5 Risks in Generative AI madhav Thu, 04/18/2024 - 05:07 Generative AI (GAI) is becoming increasingly crucial for business leaders due to its ability to fuel innovation, enhance personalization, automate content creation, augment creativity, and help teams explore new possibilities.

Risk

Risk Data collection Artificial Intelligence Accountability

Regional privacy but global clouds. How to manage this complexity?

Thales Cloud Protection & Licensing

MAY 31, 2022

Data controllers are accountable to the persons (consumers, citizens) or other organisations (customers) they serve as part of their purpose. Whilst Cloud service providers, as data processors, are responsible for actions they are contracted to deliver by controllers (data collection, modification, storage, transmission, deletion etc).

Data privacy

Data privacy Digital transformation Accountability Data collection

Critical Success Factors to Widespread Deployment of IoT

Thales Cloud Protection & Licensing

FEBRUARY 16, 2021

There are three major threat vectors that harm IoT deployments: Devices are hijacked by malicious software; Data collected and processed in IoT ecosystems is tampered with and impacts the confidentiality, integrity and availability of the information; and, Weak user and device authentication.

IoT

IoT Manufacturing Energy and Utilities Data collection

The Ultimate ESG Audits Checklist

Centraleyes

NOVEMBER 20, 2023

ESG audits are systematic assessments of an organization’s ESG-related risks and disclosures. These audits serve the crucial role of verifying the accuracy of ESG data and information that a company shares with its employees, stakeholders, and regulatory bodies. What is an ESG Audit? Who Performs an ESG Audit?

Government

Government Energy and Utilities Risk Technology

How to Help Protect Your Digital Footprint

Identity IQ

JANUARY 24, 2024

How to Help Protect Your Digital Footprint IdentityIQ Every click, search, and interaction online contributes to your digital footprint – an intricate trail of data that encapsulates your digital identity. While the digital landscape offers unprecedented convenience and connectivity, it also presents many risks.

Identity Theft

Identity Theft Education Media Accountability

More SRE Lessons for SOC: Simplicity Helps Security

Anton on Security

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Think well-implemented zero trust , that helps users, simplifies IT and reduces risk. Metrics and associated data collection? 10X fun assured! This means we need simplicity even more.

Engineering

Engineering Software Data collection Architecture

Mastering the German Federal Data Protection Act (BDSG-New): A Deep Dive

Centraleyes

DECEMBER 4, 2023

But what does this mean for data subjects, and how can they enforce their privacy rights? Which organizations must comply, and how can one avoid infringing German data protection laws? This blog post will dive into these questions, providing all the essential details.

Data privacy

Data privacy Risk Telecommunications Big data

Emerging security challenges for Europe’s emerging technologies

Thales Cloud Protection & Licensing

SEPTEMBER 5, 2019

The report found that for IoT in Europe, the primary data security threats lie with attacks on IoT devices, loss or theft of IoT devices, and more broadly a lack of established security frameworks for IoT – all of which ranked higher in Europe than in our global sample. Overall, these track closely to the global sample. Blockchain.

Technology

Technology Digital transformation IoT Big data

The SOC 2 Compliance Checklist for 2023

Centraleyes

DECEMBER 10, 2023

SOC 2 is primarily used by software companies but is intended for any service provider, or SaaS company, who stores their customers data in the cloud, or within their software. Many companies find the SOC 2 report a fundamental component of their vendor risk assessment when onboarding a new vendor. Automation.

Risk

Risk Data breaches Software Information Security

Five ways to protect against software supply-chain attacks

SC Magazine

APRIL 9, 2021

Developers often never know when the author of a malicious module has copied the blog of a well-meaning author, changed the code in the blog to import a typosquatted malicious module, and then used some SEO tactics to ensure their malicious tutorial gets ranked higher in searches.

Software

Software Data collection Malware Risk

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Thales Cloud Protection & Licensing

JULY 12, 2018

But making the IoT work requires trust in the devices and the data they collect. In this blog, and in one by my colleague Julie Lassabliere from Safelayer Secure Communications , we explore the need for trusted device identification and data integrity in the IoT.

IoT

IoT Data collection Encryption eCommerce

Data Privacy in the United States: A Recap of 2023 Developments

Centraleyes

FEBRUARY 1, 2024

In 2023, California remained at the forefront of the movement of states with consumer privacy laws by approving the final text of the California Privacy Rights Act regulations and inviting public comments on proposed rulemaking for cybersecurity audits, risk assessments, and automated decision-making.

Data privacy

Data privacy Consumer Protection Media Data collection

More SRE Lessons for SOC: Simplicity Helps Security

Security Boulevard

NOVEMBER 17, 2022

Phil’s 8 megatrends blog reminds us about this by calling one of his cloud megatrends “Simplicity: Cloud as an abstraction machine.” Think well-implemented zero trust , that helps users, simplifies IT and reduces risk. Metrics and associated data collection? 10X fun assured! This means we need simplicity even more.

Engineering

Engineering Software Data collection Architecture

New Jersey Privacy Act: What to Expect

Centraleyes

JANUARY 15, 2024

Consumers can opt out of data processing for sales, targeted advertising, or profiling, and controllers must respond to verified requests within 45 days, with a possible 45-day extension. Why Didn’t the ADPPA Pass? The post New Jersey Privacy Act: What to Expect appeared first on Centraleyes.

Data privacy

Data privacy Advertising Data collection Government

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

The Last Watchdog

OCTOBER 10, 2022

To test the true extent of data collection in VR, we designed a simple 30-person user study called MetaData. Instead, it is a first step towards solving a dangerous technological disparity: despite posing an unprecedented degree of privacy risk, VR currently lacks even the most basic privacy tools.

Risk

Risk Data privacy Data collection Technology

6 Business functions that will benefit from cybersecurity automation

CyberSecurity Insiders

OCTOBER 28, 2021

This blog was written by an independent guest blogger. Many security professionals spend hours each day manually administering tools to protect enterprise data. For many organizations, spending so much time collecting data is not conducive to innovation and growth. Data privacy. Implement zero trust protocols.

Cybersecurity

Cybersecurity Data privacy Small Business Threat Detection

I’m in your hypervisor, collecting your evidence

Fox IT

OCTOBER 18, 2022

Fox-IT’s approach to enterprise scale incident response for the past few years has been to collect small forensic artefact packages using our internal data collection utility, “acquire”, usually deployed using the clients’ preferred method of software deployment. Far from an ideal “fire and forget” data collection solution.

Data collection

Data collection Software Engineering Encryption

The Best 10 Vendor Risk Management Tools

Manual vs Automated Risk Management: What You Need to Know

Webinars

Trending Sources

UnFAIR: The Limitations of FAIR’s Risk Model

Webinars

Almost Half of All Chrome Extensions Are Potentially High-Risk

BloodHound Enterprise Learns Some New Tricks

OpenAI Is Not Training on Your Dropbox Documents—Today

Top VAPT Testing Companies

GUEST ESSAY: How ‘DPIAs” — data privacy impact assessments — can lead SMBs to compliance

Chinese threat actors extract big data and sell it on the dark web

On Surveillance in the Workplace

Privacy issues in smart cities – Lessons learned from the Waterfront Toronto – Sidewalks project

GUEST ESSAY: What everyone should know about the pros and cons of online fingerprinting

Reinventing Asset Management for Cybersecurity Professionals

PRIVACY ISSUES IN SMART CITIES – LESSSONS LEARNED FROM THE WATERFRONT TORONTO – SIDEWALKS PROJECT

IoT Unravelled Part 3: Security

7 Steps to Measure ERM Performance

What’s in the NIST Privacy Framework 1.1?

GUEST ESSAY: A primer on the degrees of privacy tech companies assign to your digital footprints

GUEST ESSAY: A breakout of how Google, Facebook, Instagram enable third-party snooping

Understanding the Different Types of Audit Evidence

Report Finds Over 50% of Security Practitioners Are Unhappy With Current SIEM Vendor

GUEST ESSAY: California pioneers privacy law at state level; VA, VT, CO, NJ take steps to follow

The end looms for Meta's behavioural advertising in Europe

A Full Guide to Achieving SOC 2 Certification for Startups

The Ultimate Guide to Excelling in Your External Audit: 5 Proven Strategies

How to Secure Your Business Social Media Accounts

A Pandora's Box: Unpacking 5 Risks in Generative AI

A Pandora’s Box: Unpacking 5 Risks in Generative AI

Regional privacy but global clouds. How to manage this complexity?

Critical Success Factors to Widespread Deployment of IoT

The Ultimate ESG Audits Checklist

How to Help Protect Your Digital Footprint

More SRE Lessons for SOC: Simplicity Helps Security

Mastering the German Federal Data Protection Act (BDSG-New): A Deep Dive

Emerging security challenges for Europe’s emerging technologies

The SOC 2 Compliance Checklist for 2023

Five ways to protect against software supply-chain attacks

Knock, Knock; Who’s There? – IoT Device Identification & Data Integrity Is No Joke

Data Privacy in the United States: A Recap of 2023 Developments

More SRE Lessons for SOC: Simplicity Helps Security

New Jersey Privacy Act: What to Expect

GUEST ESSAY: Privacy risks introduced by the ‘metaverse’ — and how to combat them

6 Business functions that will benefit from cybersecurity automation

I’m in your hypervisor, collecting your evidence

Stay Connected