1. New security legislation like the GDPR and NIS Directive impose strict requirements on organizations to implement appropriate technical and organizational security measures to protect personal data.
2. The GDPR in particular requires detailed documentation of security decisions, mandatory breach reporting, and holds both controllers and processors directly responsible for security failures.
3. Proper management of open source software vulnerabilities is important for compliance, as organizations must ensure all components, including third-party libraries, receive security updates to prevent data breaches. Failure to do so has resulted in fines under prior UK data protection law.
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user ...ZoneFox
ZoneFox is an award winning market leader in User Behaviour Analytics, providing critical insights around data-flow that you need to secure against the Insider Threat.
This breakfast club focused on the new Data Protection regime covering what the new regime will entail and what to be thinking about now in order to be ready for the new regulations.
https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
The Data protection law reform is coming with the General Data Protection Regulation (GDPR) taking effect from 25 May 2018. You should start preparing now for changes that GDPR will require to your current policies and procedures. This presentation is an overview of what it is about.
Toreon adding privacy by design in secure application development oss18 v20...Sebastien Deleersnyder
The General Data Protection Regulation (GDPR) has arrived!
One monumental change is the introduction of Privacy by Design. In this keynote we will focus on the Privacy by Design (PbD) implications for developers.
Two cornerstones for a successful implementation of PbD will be pitched: 1) the integration of GDPR in a Secure Development Lifecycle approach 2) threat modeling and GDPR risk patterns
ZoneFox, Machine Learning, the Insider Threat and how UEBA protects the user ...ZoneFox
ZoneFox is an award winning market leader in User Behaviour Analytics, providing critical insights around data-flow that you need to secure against the Insider Threat.
This breakfast club focused on the new Data Protection regime covering what the new regime will entail and what to be thinking about now in order to be ready for the new regulations.
https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
ISO/IEC 27001 vs. CCPA and NYC Shield Act: What Are the Similarities and Diff...PECB
The adoption of laws protecting the data of individuals and consumers is becoming a driving force to push organizations to revisit their security around client and personal data. In addition, with the rise of government legislated personal data protection laws such as GDPR, individuals in other jurisdictions are now looking for better personal data protection. In this presentation, we will examine two US laws as well as the ISO/IEC 27001 standard and we will look at commonalities and differences between these three and how data security is driven from each.
The webinar will covered:
• An overview of the state of data security/privacy today
• Current trends driving adoption of stronger data protection standards/laws
• An overview of data protection in ISO/IEC 27001, CCPA, and the NYC Shield Act
• A comparison of ISO/IEC 27001, CCPA and the NYC Shield Act
• Lessons to be applied
Recorded webinar:
The GDPR: Common misunderstandings and lessons learned so farPECB
In this webinar, we will be exploring the issues that organizations faced in the final run-up to the GDPR taking effect on 25th May, and the lessons learned so far in regards to the GDPR compliance.
Main points covered:
• Website privacy policies – is it a Policy or is it a notice?
• Personal data breaches: when to put your hand up?
• Do we need a DPO?
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
IBM i Security: Identifying the Events That Matter MostPrecisely
Making Sense of Critical Security Data
Today’s world of complex regulatory requirements and evolving security threats requires finding simple ways to monitor all IBM i system and database activity, identify security threats and compliance issues in real time and produce clear reports.
The IBM i operating system produces a wealth of security-related information but organizations still face hurdles
in terms of working with such large data volumes. Integrating IBM i security information into a SIEM (Security Information and Event Management) solution is becoming critical to enable early detection and quick response to security incidents.
In this webinar, we will discuss:
- Key IBM i log files and static data sources that must be monitored
- Automating real-time analysis of log files to identify threats to system and data security
- Integrating IBM i security data into SIEM solutions for a clear view of security across multiple platforms
GDPR Breach Notification Demystifying What the Regulators WantSymantec
Are you confident you know how to respond to a breach in line with GDPR regulations? If you didn’t get a chance to hear Symantec expert Ilias Chantzos’ Strategy Talk at Infosec 2018, find out more here:
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
With the introduction of the GDPR, in May, came updates to the Data Protection legislation that had been in place since 1988, making the new regulations more coherent in dealing with the levels of online use we see today in comparison to 30 years ago. It has also brought with it new and more stringent rules around the security of personal data and how it is processed.
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations. This webinar looks at what is new in GDPR and how it may effect your business, what have we learned from the GDPR 3 months on and how Thesaurus can help your organisation utilise the new regulations for the benefit of you, your customers, suppliers and employees.
Speakers include:
Laura Murphy - HR Manager, Thesaurus Software / Bright Contracts
Jennie Hussey - Payroll Advisor and Employment Law Expert, Thesaurus Software / Bright Contracts
Guest Speaker: Graham Doyle - Head of Communications, Data Protection Commissioners
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
The General Data Protection Regulation published by the European Parliament, the Council of the European Union and the European Commission, is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU).
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
The GDPR: Common misunderstandings and lessons learned so farPECB
In this webinar, we will be exploring the issues that organizations faced in the final run-up to the GDPR taking effect on 25th May, and the lessons learned so far in regards to the GDPR compliance.
Main points covered:
• Website privacy policies – is it a Policy or is it a notice?
• Personal data breaches: when to put your hand up?
• Do we need a DPO?
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
In this work we highlighted some of the concepts of data privacy, techniques used in data privacy, and some techniques used in data privacy in the cloud plus some new research trends.
IBM i Security: Identifying the Events That Matter MostPrecisely
Making Sense of Critical Security Data
Today’s world of complex regulatory requirements and evolving security threats requires finding simple ways to monitor all IBM i system and database activity, identify security threats and compliance issues in real time and produce clear reports.
The IBM i operating system produces a wealth of security-related information but organizations still face hurdles
in terms of working with such large data volumes. Integrating IBM i security information into a SIEM (Security Information and Event Management) solution is becoming critical to enable early detection and quick response to security incidents.
In this webinar, we will discuss:
- Key IBM i log files and static data sources that must be monitored
- Automating real-time analysis of log files to identify threats to system and data security
- Integrating IBM i security data into SIEM solutions for a clear view of security across multiple platforms
GDPR Breach Notification Demystifying What the Regulators WantSymantec
Are you confident you know how to respond to a breach in line with GDPR regulations? If you didn’t get a chance to hear Symantec expert Ilias Chantzos’ Strategy Talk at Infosec 2018, find out more here:
For more information visit https://www.thesaurus.ie or https://www.brightpay.ie
With the introduction of the GDPR, in May, came updates to the Data Protection legislation that had been in place since 1988, making the new regulations more coherent in dealing with the levels of online use we see today in comparison to 30 years ago. It has also brought with it new and more stringent rules around the security of personal data and how it is processed.
All organisations, regardless of size, will have had to introduce or update existing policies regarding personal data in order to comply with the new regulations. This webinar looks at what is new in GDPR and how it may effect your business, what have we learned from the GDPR 3 months on and how Thesaurus can help your organisation utilise the new regulations for the benefit of you, your customers, suppliers and employees.
Speakers include:
Laura Murphy - HR Manager, Thesaurus Software / Bright Contracts
Jennie Hussey - Payroll Advisor and Employment Law Expert, Thesaurus Software / Bright Contracts
Guest Speaker: Graham Doyle - Head of Communications, Data Protection Commissioners
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
GDPR vs US Regulations: Their differences and Commonalities with ISO/IEC 27701PECB
Based on online data, GDPR fines increased by 40% in 2020, compared to the previous years since the law came into force, and they are expected to increase even more in the upcoming years.
In this light, organizations are facing challenges when it comes to compliance with the increased number of data privacy laws and regulations worldwide.
The webinar covers
• ISO/IEC 27701 standard and its requirements
• GDPR requirements and principles mapped against ISO/IEC 27701
• An overview of CCPA requirements
• Upcoming US privacy laws
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001-information-technology--security-techniques-information-security--management-systems---requirements
https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Articles: https://pecb.com/article
Whitepapers: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/QGqJsh4kedM
Website link: https://pecb.com/
Georgie Collins and Dan Hedley, Irwin Mitchell LLP presented, "Data breaches and the law, a practical guide" at Flight East 2018. For more information on Black Duck by Synopsys, please visit our website at www.blackducksoftware.com.
The General Data Protection Regulation published by the European Parliament, the Council of the European Union and the European Commission, is a regulation intended to strengthen and unify data protection for all individuals within the European Union (EU).
As legislators continue to expand the scope of the laws governing information security, we will take a look at some of the new European-level laws in this area from an open source perspective, and consider their impact on OSS management practices. The session will focus on the General Data Protection Regulation, not only because it applies to everyone, but also because its requirements are in many ways the most detailed and prescriptive. During the session we will also touch on some industry-specific developments like the Network and Information Services Directive and the Electronic Identification Regulation. Dan will cover what the new laws say (and perhaps more importantly what they don’t say), how to go about applying them to your OSS management regime, and what you might need to think about changing as a result.
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
Flight Amsterdam Presentation by Daniel Hedley and Georgie Collins, Partners, Irwin Mitchell looked at the intersection of the GDPR and open source software management and the laws which govern how organisations must respond to data breaches (including GDPR and NISD), how to prepare for a data breach, and what to do if the worst happens.
EU cybersecurity requirements under current and future medical devices regula...Erik Vollebregt
Presentation delivered at Q1 MEDICAL DEVICE CYBERSECURITY RISK MITIGATION conference in Washington on 25 July 2016 concerning EU cybersecurity requirements under current and future medical devices regulation
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
This webinar covers:
- An overview of the General Data Protection Regulation (GPDR) and the Data Security and Protection (DSP) Toolkit and their impact on the healthcare sector.
-Accountability frameworks that support GDPR compliance, and the role of senior management in ensuring compliance and cyber resilience is a strategic focus.
-Embedding data protection by design and by default, and a holistic approach to achieving a cyber resilient posture.
-The practical steps that healthcare organisations need to take when looking at GDPR compliance.
-The role of a robust staff awareness programme in supporting a culture of cyber resilience and compliance.
A recording of the webinar can be found here: https://www.youtube.com/watch?v=xFEkkkwAdl4
Risk assessments and applying organisational controls for GDPR complianceIT Governance Ltd
This webinar covers:
-An overview of the General Data Protection Regulation (GDPR) and risk assessments.
-The process for risk management and industry best practice for risk treatment.
-The components of an internal control system and privacy -compliance framework.
-ISO 31000 principles and the risk management process.
You can find the webinar here https://www.youtube.com/watch?v=wInMDee7T78&t=154s
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
This webinar provides an overview of:
- The principle of accountability and what it means
- Applying the principle of accountability
- Developing policies and procedures that comply with the Regulation
- Raising GDPR awareness and providing employees with training
- The board's responsibility to appoint a dedicated data privacy team of DPO
- The requirement to conduct data privacy audits and impact assessments
A recording of this webinar is available here:
https://www.youtube.com/watch?v=6KGeMwz7jro&feature=youtu.be
Rick Borden, Chief Privacy Officer, White & Williams LLP - #InfoGov17 - Cyber...ARMA International
While information governance has been a best practice in cybersecurity, outside of the Federal government and Sarbanes-Oxley financial reporting requirements, for the most part, regulations have not required information governance. That is rapidly changing. The New York Department of Financial Services new cybersecurity regulation has intensive information governance requirements that go beyond personal information. the European Global Data Protection Regulation also has significant information governance requirements. This session will discuss some of these regulatory requirements and where regulation is going in these areas.
Complying with Cybersecurity Regulations for IBM i Servers and DataPrecisely
Multiple security regulations became effective across the globe in 2018, most notably the European Union’s General Data Protection Regulation (GDPR), and additional regulations are on their heels. The California Consumer Privacy Act, with its GDPR-like requirements, is just one of the regulations that requires planning and preparation today.
If you need to implement security policies for IBM i systems and data that will meet today’s compliance requirements and prepare you for those that are on the way, this webinar will help you get on the right track.
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
Government Technology & Services Coalition & InfraGard NCR's Program: Cyber Security: Securing the Federal Cyber Domain by Strengthening Public-Private Partnership
Presentation: Cybersecurity for Government Contractors
Presenter: Robert Nichols, Partner, Covington & Burling LLP
When GDPR becomes law in a few months, it will be the most wide-ranging and stringent data protection initiative in history. To prepare for this sea change, most organizations have streamlined and detailed their information security policies; however, many are unaware that immature application security programs arguably pose the biggest threat of a data breach. This oft-forgotten piece of data protection puts organizations at risk of GDPR fines.
Attend this joint webinar with Security Innovation and Smarttech247 to learn practical tips on incorporating application security best practices into an InfoSec program to achieve GDPR compliance.
Topics include:
* Summary of GDPR key concepts
* Security of data processing in software and the CIA triad
* The people and process problem of GDPR: Governance
* Using Data Protection by Design for secure design and business logic
* Assessments to verify the security of processing
Presenters:
Roman Garber, Security Innovation
Edward Skraba, Smarttech247
General Data Protection Regulation and Compliance - GDPR: Sharique M RizviSharique Rizvi
The GDPR. applies to all EU member states, and replaces Data Protection Directive 95/46/EC. The personal data must be kept secure and organisation are accountable for data security, large fines to be levied for the breaches.
General Data Protection Regulation (GDPR) tidal wave that has hit, are you ready? Is your organization prepared for the extensive privacy requirements GDPR puts forth for any organization handling EU Data Subjects' personal Data? At this point, organizations must have a complete inventory of personal data and have conducted a DPIA against it. A handful of supervisory authorities have issued compliance guidelines, but your organizations must be able to assess compliance with this ambiguous regulation at any time.
Many aspects of GDPR define the distinction between a data collector and a data processor, their respective responsibilities and compliance requirements. Those responsibilities will have an effect on the contracts you negotiate with third parties, the way in which you evaluate the risks involved with establishing a business relationship and the policies you develop to maintain compliance to the regulations.
Join this webinar to learn:
*More information about GDPR and what the industry is experiencing to date
*What minimum requirements you should have had in place by May 25, 2018
*What you should plan to do for the next 12-18 months if you are not completely ready
*What the SEC Privacy Shield program is and why you should self-certify
*How to continuously monitor vendor risk KPIs
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
L’Application Economy obbliga l’IT a correre alla stessa velocità del business. Nel contempo l’entrata in vigore di nuove stringenti normative in ambito sicurezza impone l’adeguamento del Software Delivery LifeCycle affinché queste possano essere implementate e testate già dalle fasi iniziale dello sviluppo, ottimizzando i tempi di delivery e minimizzando il time to market.
Similar to New Security Legislation and its Implications for OSS Management (20)
Flight WEST 2018 Presentation - A Buyer Investor Playbook for Successfully Na...Black Duck by Synopsys
Anthony Decicco, shareholder, GTC Law Group presented at FLIGHT West 2018. His session description included:
A buyer and investor focused discussion of key open source software-related issues and deal points. Understanding the key legal and technical risks, as well as strategies for mitigating them, will help you to focus due diligence, speed and smooth negotiations and get better deal terms, increasing overall value and avoiding post-transaction surprises.
For more information, please visit us at www.blackducksoftware.com
FLIGHT WEST 2018 Presentation - Continuous Monitoring of Open Source Componen...Black Duck by Synopsys
Basma Shahadat, Lead Research Engineer presented at Black Duck Flight West 2018. Security checking in the early stages of the SDLC is critical. This session will demonstrate how Proofpoint is taking proactive steps to reduce risk by integrating Black Duck into Proofpoint’s continuous integration pipeline to detect open source vulnerabilities during the product build. For more information, please visit us at https://www.blackducksoftware.com/
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Black Duck On-Demand-Audits von über 1.100
kommerziellen Anwendungen im Jahr 2017
verdeutlichen die ständigen Herausforderungen, vor
denen Unternehmen stehen, um Open Source effektiv
zu erkennen und zu sichern.
FLIGHT Amsterdam Presentation - Open Source, IP and Trade Secrets: An Impossi...Black Duck by Synopsys
At Flight Amsterdam, Fenna Douwenga, Associate, Bird & Bird provided practical tips on open source licenses, intellectual property rights, and trade secrets. During the presentation Fenna reviewed, everlasting conflict between patents, copyright and open source and how it can be overcome. Additionally, the new European Trade Secrets Directive was discussed and how some of the requirements therein may for instance conflict with the GNU General Public license. Furthermore, a quick outline of the influence of Brexit on licenses closed under UK law was given and how potential problems can be prevented.
FLIGHT Amsterdam Presentation - Don’t Let Open Source Software Kill Your DealBlack Duck by Synopsys
Flight Amsterdam presentation by Anthony Decicco, Shareholder, GTC Law Group
Open source software is increasingly centric to transactions, whether licensing, mergers, acquisitions, financing, insurance, offerings or loans, and the deal landscape is changing with the prevalence of representation and warranty insurance, heightened focus on security vulnerabilities and increasing litigation. As such, it is important to understand and re-visit key open source software-related issues and deal points to accelerate your deal, avoid unnecessary due diligence and realize the most value from your open source software-related compliance efforts.
Open Source Insight: Securing IoT, Atlanta Ransomware Attack, Congress on Cyb...Black Duck by Synopsys
The Black Duck blog and Open Source Insight become part of the Synopsys Software Integrity blog in early April. You’ll still get the latest open source security and license compliance news, insights, and opinions you’ve come to expect, plus the latest software security trends, news, tips, best practices, and thought leadership every week. Don’t delay, subscribe today! Now on to this week’s open source security and cybersecurity news.
Open Source Insight:GitHub Finds 4M Flaws, IAST Magic Quadrant, 2018 Open So...Black Duck by Synopsys
A big news week for Synopsys and Black Duck as Gartner releases the 2018 Gartner Magic Quadrant for Application Security Testing and the 2018 Open Source Rookies of the Year are announced. More on these stories and the hottest open source security and cybersecurity news in this week’s Open Source Insight!
2018 is the Open Source Rookies report’s 10th anniversary, brought to you by Black Duck by Synopsys. This infographic shows the impressive number of projects started in 2017 and the distribution across the world and a wide range of categories. Narrowing them down was hard! The open source community continues to produce innovative and influential open source projects.
Open Source Insight: Who Owns Linux? TRITON Attack, App Security Testing, Fut...Black Duck by Synopsys
We look at the three reasons you must attend the FLIGHT Amsterdam conference; how to build outstanding projects in the open source community; and why isn’t every app being security tested? Plus, in-depth into the TRITON attack; why 2018 is the year of open source; how open source is driving both IoT and AI and a webinar on the 2018 Open Source Rookies of the Year.
Open Source Insight is your weekly news resource for open source security and cybersecurity news!
Open Source Insight: SCA for DevOps, DHS Security, Securing Open Source for G...Black Duck by Synopsys
It’s an acronym-filled issue of Open Source Insight, as we look at the question of SCA (software composition analysis) and how it fits into the DevOps environment. The DHS (Department of Homeland Security) has concerning security gaps, according to its OIG (Office of Inspector General). Can the CVE (Common Vulnerabilities and Exposures) gap be closed? The GDPR (General Data Protection Regulation) is bearing down on us like a freight train, and it’s past time to include open source security into your GDPR plans.
Plus, an intro to the Open Hub community, looking at security for blockchain apps, and best practices for open source security in container environments are all featured in this week’s cybersecurity and open source security news.
Open Source Insight: AppSec for DevOps, Open Source vs Proprietary, Malicious...Black Duck by Synopsys
Welcome to the March 2nd edition of Open Source Insight from Black Duck by Synopsys! We look at places you’d never expect to find GDPR data, as well as answers to your most-frequently-asked GDPR questions. Synopsys Principal Scientist Sammy Migues explores why enterprises must have a software security program while Black Duck Technology Evangelist, Tim Mackey, takes a look at building application security into the heart of DevOps. Plus, a report that may give you nightmares on the malicious possibilities of AI. All the cybersecurity and open source security news fit to print lies ahead for your reading pleasure…
Open Source Insight: Big Data Breaches, Costly Cyberattacks, Vuln Detection f...Black Duck by Synopsys
This week’s Open Source Insight features a powerful visualization tool displaying the world’s biggest data breaches at name brands such as Ebay, Equifax, Anthem, and Target. The White House and British Foreign Office have condemned a cyber-attack launched by the Russian military on Ukraine and hint at reprisals. Black Duck brings open source vulnerability detection to Kubernetes, and Synopsys will host Elevate, an evening thought leadership event at Embedded World 2018 featuring an elite group of international cyber security experts leading a discussion about IoT and embedded systems security threats and solutions.
Read on for all the open source security and cybersecurity news you need to know this week.
Open Source Insight: Happy Birthday Open Source and Application Security for ...Black Duck by Synopsys
Opinions differ on exactly when, but open source turned twenty this year. Most security breaches in 2017 were preventable (you hear that, Equifax?), and it’s time to take a look back to prevent similar breaches in 2018. iPhone source code gets leaked (for a short time). And keeping medical devices, voting machines, automobiles, and critical infrastructure safe in a world of increasing application risk.
Read on for open source security and cybersecurity in Open Source Insight for February 9th, 2018.
Open Source Insight: Security Breaches and Cryptocurrency Dominating NewsBlack Duck by Synopsys
This week in Open Source Insight we examine blockchain security and the cryptocurrency boom. Plus, take an in depth look at open source software in tech contracts with a legal expert from Tech Contracts Academy, Adobe Flash Player continues to be a security concern, the Open Source Initiative turns 20, and step by step instructions for migrating to Docker on Black Duck Hub. Cybersecurity and security breach news also dominates this week, as Synopsys examines security breaches in 2017 and how they were preventable.
Principal engineer at MITRE, Bob Martin, examines the potential security issues introduced by the Internet of Things and proactive measures you can take to address those issues.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
Introducing Crescat - Event Management Software for Venues, Festivals and Eve...Crescat
Crescat is industry-trusted event management software, built by event professionals for event professionals. Founded in 2017, we have three key products tailored for the live event industry.
Crescat Event for concert promoters and event agencies. Crescat Venue for music venues, conference centers, wedding venues, concert halls and more. And Crescat Festival for festivals, conferences and complex events.
With a wide range of popular features such as event scheduling, shift management, volunteer and crew coordination, artist booking and much more, Crescat is designed for customisation and ease-of-use.
Over 125,000 events have been planned in Crescat and with hundreds of customers of all shapes and sizes, from boutique event agencies through to international concert promoters, Crescat is rigged for success. What's more, we highly value feedback from our users and we are constantly improving our software with updates, new features and improvements.
If you plan events, run a venue or produce festivals and you're looking for ways to make your life easier, then we have a solution for you. Try our software for free or schedule a no-obligation demo with one of our product specialists today at crescat.io
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Artificia Intellicence and XPath Extension FunctionsOctavian Nadolu
The purpose of this presentation is to provide an overview of how you can use AI from XSLT, XQuery, Schematron, or XML Refactoring operations, the potential benefits of using AI, and some of the challenges we face.
AI Genie Review: World’s First Open AI WordPress Website CreatorGoogle
AI Genie Review: World’s First Open AI WordPress Website Creator
👉👉 Click Here To Get More Info 👇👇
https://sumonreview.com/ai-genie-review
AI Genie Review: Key Features
✅Creates Limitless Real-Time Unique Content, auto-publishing Posts, Pages & Images directly from Chat GPT & Open AI on WordPress in any Niche
✅First & Only Google Bard Approved Software That Publishes 100% Original, SEO Friendly Content using Open AI
✅Publish Automated Posts and Pages using AI Genie directly on Your website
✅50 DFY Websites Included Without Adding Any Images, Content Or Doing Anything Yourself
✅Integrated Chat GPT Bot gives Instant Answers on Your Website to Visitors
✅Just Enter the title, and your Content for Pages and Posts will be ready on your website
✅Automatically insert visually appealing images into posts based on keywords and titles.
✅Choose the temperature of the content and control its randomness.
✅Control the length of the content to be generated.
✅Never Worry About Paying Huge Money Monthly To Top Content Creation Platforms
✅100% Easy-to-Use, Newbie-Friendly Technology
✅30-Days Money-Back Guarantee
See My Other Reviews Article:
(1) TubeTrivia AI Review: https://sumonreview.com/tubetrivia-ai-review
(2) SocioWave Review: https://sumonreview.com/sociowave-review
(3) AI Partner & Profit Review: https://sumonreview.com/ai-partner-profit-review
(4) AI Ebook Suite Review: https://sumonreview.com/ai-ebook-suite-review
#AIGenieApp #AIGenieBonus #AIGenieBonuses #AIGenieDemo #AIGenieDownload #AIGenieLegit #AIGenieLiveDemo #AIGenieOTO #AIGeniePreview #AIGenieReview #AIGenieReviewandBonus #AIGenieScamorLegit #AIGenieSoftware #AIGenieUpgrades #AIGenieUpsells #HowDoesAlGenie #HowtoBuyAIGenie #HowtoMakeMoneywithAIGenie #MakeMoneyOnline #MakeMoneywithAIGenie
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
Need for Speed: Removing speed bumps from your Symfony projects ⚡️Łukasz Chruściel
No one wants their application to drag like a car stuck in the slow lane! Yet it’s all too common to encounter bumpy, pothole-filled solutions that slow the speed of any application. Symfony apps are not an exception.
In this talk, I will take you for a spin around the performance racetrack. We’ll explore common pitfalls - those hidden potholes on your application that can cause unexpected slowdowns. Learn how to spot these performance bumps early, and more importantly, how to navigate around them to keep your application running at top speed.
We will focus in particular on tuning your engine at the application level, making the right adjustments to ensure that your system responds like a well-oiled, high-performance race car.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
Navigating the Metaverse: A Journey into Virtual Evolution"Donna Lenk
Join us for an exploration of the Metaverse's evolution, where innovation meets imagination. Discover new dimensions of virtual events, engage with thought-provoking discussions, and witness the transformative power of digital realms."
2. New security legislation and its implications for
OSS management
Daniel Hedley
Partner
Irwin Mitchell LLP
3. Some scene setting
• 79,000 known OSS vulnerabilities, 30,000 reported since 2000
• 96% of applications scanned found open source components with an
average of 147 unique components per application
• 67% of applications scanned had known open source vulnerabilities
• Those vulnerabilities known on average for more than 4 years
• e.g. almost 200,000 devices with the Heartbleed vulnerability still on the Internet
(Shodan 2017)
• OSS vulnerabilities are attractive targets:
• OSS is ubiquitous
• Victim often doesn’t know OSS is there
4. Why this matters - some key new legislation
For everyone:
• General Data Protection Regulation
For some businesses:
• NIS Directive
• Electronic Identification Regulation
5. GDPR – what it is and what it does
• Comprehensive reform of data privacy law
• In force 25 May 2018
• NEW – extra-territorial effect
• NEW – direct obligations for processors
• NEW – much more detailed and prescriptive security
requirements
• NEW – obligation to document security decisions and processes
• NEW – mandatory detailed breach reporting for all
6. GDPR – subject matter scope (art 2)
APPLIES TO:
“the processing of personal data wholly or partly by automated means and to the processing other than by automated
means of personal data which form part of a filing system or are intended to form part of a filing system”
• “processing” = “any operation or set of operations which is performed on personal data or on sets of personal data,
whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available,
alignment or combination, restriction, erasure or destruction”
• “personal data” = “any information relating to an identified or identifiable natural person (‘data subject’); an
identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier
such as a name, an identification number, location data, an online identifier or to one or more factors specific to the
physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”
7. GDPR – territorial scope (art 3)
Applies if processing takes place in the context of the
activities of an establishment in a member state (regardless
of data location).
ALSO applies if NO establishment in a member state BUT:
• Offering goods or services to data subjects located in member
states (no payment required)
• Monitoring behaviour of data subjects in member states
8. GDPR – application to data processors
• Under current law, data processors (e.g. IT service providers) have no direct
liability to data subjects or regulators.
• Only exposure is contractual, to the controller
• Failure to deal with contractually = controller’s problem
• Under GDPR, processors have direct obligations and direct liability for a
range of obligations, including obligations to secure data, to ensure it has a
compliant contractual obligation to the controller to secure it, & to
cooperate with the regulator.
9. GDPR – security principle (art 1)
• “Personal data shall be processed in a manner that
ensures appropriate security of the personal data,
including protection against unauthorised or unlawful
processing and against accidental loss, destruction or
damage, using appropriate technical or organisational
measures”
• Fleshed out more in art 32 (next slides)
• Burden of proof of compliance on data controller (art 1(2))
10. GDPR – security (art 32)
1. Taking into account the state of the art, the costs of implementation and the nature, scope, context and
purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of
natural persons, the controller and the processor shall implement appropriate technical and organisational
measures to ensure a level of security appropriate to the risk, including inter alia as appropriate:
(a) the pseudonymisation and encryption of personal data;
(b) the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems
and services;
(c) the ability to restore the availability and access to personal data in a timely manner in the event of a
physical or technical incident;
(d) a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational
measures for ensuring the security of the processing.
2. In assessing the appropriate level of security account shall be taken in particular of the risks that are
presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised
disclosure of, or access to personal data transmitted, stored or otherwise processed.
11. Unpacking article 32 (1)
• Core obligation to “implement appropriate technical and
organisational measures”
• Requires a risk assessment
• So, must know what the risks are!
• Balance risk against state of the art, cost
• Risks to consider include “accidental or unlawful
destruction, loss, alteration, unauthorised disclosure of, or
access to personal data transmitted, stored or otherwise
processed”
12. Unpacking article 32 (2)
Then a list of things must consider and either
implement or have a reason to reject, incl.
• “the ability to ensure the ongoing confidentiality,
integrity, availability and resilience of processing systems
and services”
• “a process for regularly testing, assessing and evaluating
the effectiveness of technical and organisational
measures for ensuring the security of the processing”
13. GDPR – obligation to document (art 30)
• Controllers and processors must comply with record
keeping obligations.
• INCLUDES record of security measures and decisions taken
under art 32
• Make avail to regulator on request
• Only exception = <250 staff AND only occasional
processing, no likely risk to DSs, no “special categories” of
data
14. GDPR – mandatory breach reporting
• Controller – to regulator UNLESS no real risk to DSs
• 72 hours unless not “feasible” (basically, have a v good reason)
• Processor – to controller
• Without undue delay
• Controller – to data subjects IF high risk to rights and freedoms
• Without undue delay
• Information to be provided to regulator includes
• Nature of the breach (i.e. how it happened, who affected etc)
• Likely consequences of the breach
• Mitigation and remediation measures
15. Network and Information Security Directive (1)
• Much of it devoted to establishment of agencies and a
cross-border infosec cooperation framework
• But ch IV & V also addnl obligations for some businesses:
• “Operators of essential services”
• Energy, transport, banking, financial infrastructure, healthcare, water supply,
digital infrastructure
• “Digital service providers”
• Online marketplace, online search engine, cloud computing platforms
• Transposition deadline May 2018
16. NIS Directive – what does it add to GDPR?
• From a security perspective, covers a lot of the same ground
• Applies based on activities and characteristics of ENTITY, not characteristics
of affected DATA
• If GDPR-compliant, prob. most of the way there BUT devil is in the detail
esp. notification requirements
• Micro and small business exception for digital service providers
17. Network and Information Security Directive (2)
“Operators of essential services”
• Designated by the state
• “appropriate and proportionate technical and organisational measures”
• Mandatory breach notification “without undue delay”
• When breach notification obligation triggered not very clear though
18. Network and Information Security Directive (3)
“Digital Service Providers”
• “appropriate and proportionate technical and organisational measures to manage the risks posed to the
security of network and information systems which they use in the context of offering …” [marketplace,
search engine, cloud services etc]
• “A level of security of network and information systems appropriate to the risk posed” & taking into
account a range of factors including
• “the security of systems and facilities”
• “monitoring, auditing and testing”
• Mandatory notification without undue delay of “any incident having a substantial impact on the
provision of a [digital service] that they offer in the Union”
19. Electronic Identification Regulation
Applies to “trust service providers”
“appropriate technical and organisational measures to manage the risks posed to the security of the trust
services they provide. Having regard to the latest technological developments, those measures shall ensure
that the level of security is commensurate to the degree of risk. In particular, measures shall be taken to
prevent and minimise the impact of security incidents and inform stakeholders of the adverse effects of any
such incidents.”
Mandatory breach notification within 24 hours if “a significant impact on the trust service provided or on the
personal data maintained therein”
• Potentially to several bodies
20. Relevance to OSS management (1)
• Legislation is technology neutral
• Compliance is self-assessed at the time, retrospectively
re-assessed by regulators post breach
• Strong legal obligations to secure
• Unlikely that 3P vendors will take much if any liability for
OSS
• It is for the breached party to show that its security was
“adequate”
21. Relevance to OSS management (2)
• From 2014 guidance published by the ICO, the UK data privacy regulator (emphasis
added):
“It is ... important that any software you use to process personal data is
subject to an appropriate security updates policy ... you must also ensure
that no relevant components are ignored. This is a common risk where
responsibility for updates is split between multiple people, or where third-
party libraries or frameworks are used.”
• The UK ICO at least has fined people specifically for failure to do this.
• & under GDPR, fines get much much bigger …
• Reminder: 67% of applications scanned by Black Duck in 2016 contained unpatched OSS
vulnerabilities.
22. Relevance to OSS management (3)
How does it get into org:
• From vendor, due diligence as to patch and security management
• Contractual? Sometimes. Starting to see in regulated industries e.g.
finance
• Clarity as to who is responsible for what is key
• From own code base, check-in processes and scanning tools
• Other sessions covering this in some detail.
23. Consequences of failure
• Potential for very large fines (up to EUR20mn / 4% of
global turnover under GDPR)
• Reputational damage (e.g. TalkTalk, Yahoo!)
• Damages claims by data subjects
• Regulatory intervention
• Possibility under GDPR of class actions led by charities and
campaign groups
24. Conclusions and takeaways
• The law has caught up with infosec risks
• Compliance is self-assessed at the time, but its adequacy is
retrospectively considered by the authorities post breach – so you
need to have a good story to tell
• OSS is not a special case and is not a get-out clause
• Failure to manage OSS vulnerabilities is unlikely to be accepted as
an excuse by regulators
• Financial and other consequences can be very serious
Of course should care about security anyway. Carrot and stick. But stick is getting much much bigger. GDPR is the main event. NISD relevant for some businesses. EIR relevant for trust services. Not going to get too excited about those, will touch on them briefly.
Yes, will still apply in UK post-Brexit.
So, theoretically doesn’t apply to ALL data. BUT in practice a) defs v v broad and b) who’s going to implement a two-tier security regime based on these distinctions?
So, relevant to e.g. US cloud vendors. Plainly aimed at Google and Facebook BUT catches much more than that.
Lots of text. We’ll unpack on the next slides. V important point is that this is TECHNOLOGY NEUTRAL. It doesn’t say what you have to do – it says what you have to think about and how you must be able to justify your own decisions. Breach happens, essentially, if the regulator disagrees with you after the fact.
Worth noting that the state of the art likely includes known vulns
So, need to be able to ensure vulns are patched, or be able to justify why not. Need to be testing and checking for them too, or be able to justify why not.
All those decisions and measures implemented under art 32 must be documented and produced to regulator on demand. The way the small business exception is drafting means almost nobody will be able to use it, esp. in the tech space.
This is expensive and painful process. Another reason to avoid getting breached in the first place as much as poss.
Turning to this briefly. Doesn’t apply to everyone. Directive so exactly how it will apply in each country still an open question.
Skip these and EIR if short on time.
Perfection is not required. BUT you have to show adequacy.
Not knowing you’ve got e.g. Heartbleed isn’t going to get you off the hook.