California’s Version of GDPR: Applicable to Consumer Embedded Systems?
California recently passed an aggressive data privacy law. The California legislature passed AB375 (The California Consumer Privacy Act of 2018), which by most accounts, is a strong push for consumer privacy. The law, in summary, requires companies collecting consumer data to disclose to the consumer the types of data collected and allowing the consumer the option of opting out from allowing the companies to sell the consumer’s data. The new California law is a step towards t
Please investigate third party vendors with any computer or network access
Over the last five years there have been many, many corporate data breaches. These have been published and republished numerous times. The targets as of late have been hospitals, law firms, and the businesses with mass amounts of customer data. The hospital and doctor’s office targeted data includes the electronic health and medical records (EHR/EMR), including the patient’s name, address, medical information, insurance information, and other germane, relevant data. The attor
Technology Advancement Tempered with Prudence
Technology is advancing at such a fantastic rate. The pace at time is difficult to manage. These advances have the distinct possibility of vastly improving society. This has been prevalent in the medical field. These have led to improvements in diagnosing illnesses, treatments, machinery, and other attributes. An issue with this involves the pace itself. As a society, we are prone to run before we can walk. This may be fine in certain instances but not all, including technolo
Another tool for monitoring insider risk
The risk to an organization is manifested in many different packages and from many sources. One particularly poignant area of potential risk has been the organization’s own employees and staff, or the insiders. The risk may take the form of simple errors on the user’s part, e.g. clicking on a phishing email or other intentional acts, e.g. planting malware or removing intellectual property. With either avenue, the effects can be significant and detrimental. Given the nature of
Cybersecurity, the aviation industry, and AI
Aviation's prevalence and use for consumer and commercial uses is well-known. The noted parties are not always able to drive to their specific destination due to time or geographic constraints. This mode of transportation is also used for food movement, time sensitive materials, and the mail system partially. These uses and many more present clear evidence for aviation's pertinence in our daily lives.
As this is integral, the civilization, the underlying efficiency and ope
Another defense to ransomware
Ransomware continues to be a relative nightmare. These have the ability to quickly ruin the CISO’s day and wreak havoc on operations. A simple click can shut down portions of operations. In Michigan, as an example, a utility’s email system and accounting department were shut down for an extended period. The management finally paid the ransom fee so the operations could continue. If this is not enough of an eye-opening example, we simply have to remember WannaCry and its deriv
New California Privacy Act Impacts Small Businesses and Data Gathering
In a week’s time, the California Legislature submitted and approved a landmark privacy bill called the California Consumer Privacy Act of 2018. AB 375 was passed unanimously 6/28/2018 and was signed by Governor Jerry Brown. This bill will affect all companies that do business in the state and collect data, effective 1/1/2020. Highlights of the bill include:
• Gives consumers the right to ask businesses for the types and categories of personal information being collected.
•
InfoSec Global Staff Shortage: Not Easing Up Soon
There is a mass shortage of InfoSec personnel. The shortage has been well published through many different outlets, academic articles, magazines, and blogs alike. There was a study conducted by Intel Security with the Center for Strategic and International Studies (CSIS). There were 775 IT decision makers in eight countries in the public and private entities.82% of the respondents noted a shortage of cybersecurity skills. Symantec in a recent study estimated the number of ope
Bank’s Personally Identifiable Information (PII) Valuable Assets (to Sell)
Banks have the privilege of collecting our data and storing this for their uses. As the banks store this data and information, the banks are acting as stewards of this data. Being a steward and responsible, there are certain aspects of InfoSec which a reasonably prudent bank would deploy to protect the bank, its assets, and customer’s data. Apparently, there was an issue with two bank which allowed an oversight to occur. In May 2018, the Bank of Montreal and Simplii Financia