Posts

Showing posts with the label Data governance

Cyber Threat Life Cycle

Image
A Target threat is when attackers make a conscious effort to attack a particular organization. So they take their time to study the origination systems and strategically plan the attack. There several common steps that an attacker takes during a targeted threat. Several Steps in a Target Threat Life Cycle: External Reconnaissance occurs when attackers collect intelligence on HOW to successfully attack. The look for unpatched systems, ip address ranges, open ports and target endpoints. Breach (Penetration of the permitter)  i s achieved using one of the many tactics used to gain access such as : social engineering , phishing, vishing, brute force attacks, tailgating, drive by download ect.  Internal Reconnaissance is when the attackers collect intelligence on the internal system, by reviewing the system and search for admin accounts that they can hijack. Lateral Movement phase occurs when the attackers take control of the clients, servers, active directory domain controller. 

Cross Border Transfer Mechanisms: Codes of Conduct

Codes of Conduct are another mechanism that can be used in transferring Personal data out of the EU to an area that is deemed not have adequate level of protection. In this article, I will explain how they created, complied with and are enforced. (1) Who Responsible for drawing up codes of conduct (a)    Governments and regulators can encourage the drawing up of codes of conduct. (b)    Codes of conduct may be created by trade associations or representative bodies. (c)    Codes should be prepared in consultation with relevant stakeholders, including individuals (Recital 99). (d)    Codes must be approved by the relevant supervisory authority; and where the processing is cross-border, the European Data Protection Board (the EDPB). (e)     Existing codes can be amended or extended to comply with the requirements under the GDPR. (2)    Codes of conduct may cover topics such as: (a)    fair and transparent processing;        (i)    Processing-means any operation or set of operations that

Data Mapping Template

Image
Data Mapping does not have to be limited to GDPR compliance . It is good idea for a businesses who stores data to map out the data they posses and what it is used for. In doing this, they can determine which data is necessary. For example, a business can effectively save money by deleting old, outdated and unnecessary data. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs. Below you will find a sample data mapping intake form. A more complex form may contain, the types of data being stored (phone numbers, email, SSN, payment information), the data source and or the custodians and or stewards of the data. You can tailor your mapping intake form to your specific needs.