Featured content

Have I mentioned recently that if you’re following the usual data security standards (NIST, CIS Critical Security Controls, PCI DSS, ISO 27001) or common sense infosec principles (PbD), you shouldn’t have to expend much effort to comply with the General Data Protection Regulation (GDPR)? I still stand by this claim.

Like the rest of the IT security world last week, I had to stop everything I was doing to delve into the latest Verizon Data Breach Investigations Report. I spent some quality time with the 2018 DBIR (after drinking a few espresso), and I can sum it all up in one short paragraph.

Those of you who have waded through our posts on US state breach notification laws know that there are few very states with rules that reflect our current tech realities. By this I mean there are only a handful that consider personally identifiable information (PII) to include internet-era identifiers, such as email addresses and passwords. And even fewer that would require a notification to state regulators when a ransomware attack occur.

You did get the the memo that GDPR goes into effect next month?

Cybersecurity has a gender gap.

The DPA (Data Protection Authority) is the agency within each European Union country that is responsible for GDPR (General Data Protection Regulation) assistance and enforcement.

We’ve interviewed many privacy experts, chief data officers, security pros and learned so much about the real world. Because we’ve covered so much, I’ve curated the most popular infosec quotes so that we can revisit their sage advice and strategies. Let the ideas simmer so that we can enter the stage we’re in with a stronger vision and execute our ideas smoothly. Enjoy!

A core security principle and perhaps one of the most important lessons you’ll learn as a security pro is AHAT, “always have an audit trail”. Why? If you’re ever faced with a breach, you’ll at least know what, where, and when. And some laws and regulations require audit trails as well.

Last month, the UK published the final version of a law to replace its current data security and privacy rules. For those who haven’t been following the Brexit drama now playing in London, the Data Protection Bill or DPB will allow UK businesses to continue to do business with the EU after its “divorce” from the EU.

This article is part of the series "[Podcast] Varonis Director of Cyber Security Ofer Shezaf". Check out the rest: Part I Part II [Transcript] Ofer Shezaf and Keeping Ahead of the Hackers

This article is part of the series "Practical PowerShell for IT Security". Check out the rest: Part I: File Event Monitoring Part II: File Access Analytics (FAA) Part III: Classification on a Budget Part IV: Security Scripting Platform (SSP) Part V: Security Scripting Platform Gets a Makeover

Windows file system auditing is an important tool to keep in your cybersecurity forensics toolbox.