Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

6/30/2017
03:15 PM
Jai Vijayan
Jai Vijayan
Slideshows
Connect Directly
Twitter
LinkedIn
RSS
E-Mail

8 Things Every Security Pro Should Know About GDPR

Organizations that handle personal data on EU citizens will soon need to comply with new privacy rules. Are you ready?
1 of 9

Image Source: symbiot via Shutterstock

1 of 9
Comment  | 
Print  | 
Comments
Newest First  |  Oldest First  |  Threaded View
Joe Stanganelli
0%
100%
Joe Stanganelli,
User Rank: Ninja
7/3/2017 | 6:32:33 AM
Taking data stewardship for granted
Speaking as someone who works with data-privacy issues for a living, I think it's important and commendable how Jai breaks these factors down.

For people like us who work with these developments, relatively things like knowing that GDPR applies regardless of your organization's relationship to the data, conducting assessments, having to comply with various access, transfer, removal, and informed-consent measures as pertaining to the relationship between individuals and their data, and having an officer specifically appointed to data protection when it comes to certain kinds of sensitive data and/or certain kinds of organizations, seem at least semi-obvious. But these things are easily forgotten or otherwise not considered when you're simply trying to operate an enterprise.

It is so important for people who work in this field to understand that their clients and colleagues may not intuit compliance or best-practice factors -- and likewise important for us to stay abreast of everything and not take anything for granted.

US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
A Lawyer's Guide to Cyber Insurance: 4 Basic Tips
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  7/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13951
PUBLISHED: 2019-07-18
The set_ipv4() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv4 address in zone data.
CVE-2019-13952
PUBLISHED: 2019-07-18
The set_ipv6() function in zscan_rfc1035.rl in gdnsd 3.2.0 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.
CVE-2019-10100
PUBLISHED: 2019-07-18
The Sleuth Kit 4.6.0 and earlier is affected by: Integer Overflow. The impact is: Opening crafted disk image triggers crash in tsk/fs/hfs_dent.c:237. The component is: Overflow in fls tool used on HFS image. Bug is in tsk/fs/hfs.c file in function hfs_cat_traverse() in lines: 952, 1062. The attack v...
CVE-2019-10102
PUBLISHED: 2019-07-18
SaltStack Salt 2018.3, 2019.2 is affected by: SQL Injection. The impact is: An attacker could escalate privileges on MySQL server deployed by cloud provider. It leads to RCE. The component is: The mysql.user_chpass function from the MySQL module for Salt (https://github.com/saltstack/salt/blob/devel...
CVE-2019-10102
PUBLISHED: 2019-07-18
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically ...