Ads 468x60px

Featured Posts

30 de julio de 2018

Six years ago ...



Writing is too difficult. We have to think deeply to know what we want to say. We have to organize our thoughts and we have to decide how many paragraph we are going to write about something. I have already been writing for six years and it is still difficult for me. I have to recognize writing this post is easier than the first one but words and sentences are still difficult to find on my head to write what I want to say. This was the aim of creating this blog. Writing, writing and writing to improve my writing skill because it was too difficult for me when I was studying English language and I had to take the writing exam.

Six years ago I decided to write about tech things. Particularly, I decided to write about security and networks. Since then, I write weekly about what I’m learning, what I’m reading or what I’m doing in my job. This is going to be my last post before going on holiday thus I want to write about what I have been doing in the last year which has been full of experiences and technologies.

This year, I’ve learnt new technologies such as AWS Cloud and Web Application Firewall where I created my virtual Data Center in the Amazon Web Services with AWS Elastic Load Balancing, AWS Shield & AWS WAF and Amazon CloudFront. With regard to WAF, I deployed several F5 BIG-IP WAF where I learnt clearly the difference between WAF vs IPS and I ended up getting F5 BIG-IP ASM Certified Technology Specialist. In fact, I had to deploy F5 BIG-IP DNS for Data Center Load Balancing as well.

What has been demanding, but delighted at the same time, has been the Ethical Hacking Course and the Security courses on Networks and Systems where my students learnt how to create a backdoor for Android systems, make their own malicious WhatsApp as well as making app safer with HTTP Security Policy. It was demanding because I was also studying French language at Official School of Languages and I had to do my homework such as the Video Selfie in French Language or talking about Sophie Germain. However, it was delighted because I learnt a lot about security and I passed the A2 level in French Language.

In the meantime, I’ve been reading about security, economics and psychologist such as No Place to Hide and Thinking, Fast and Slow. I’ve been also studying about Computer Forensics and I’ve had time to go to the ForoCIBER 2018 where I resolved the CyberSecurity Challenge.

An overview about the most widely read posts in the last six years:

Posts

With regard about from where the blog is visited, we can see the statistics:

Posts by countries

Last but not less important, I would like to say thanks who read this blog and support me because they are the main reason why I have already written 292 posts with almost 225000 views. If someone has something to say for improving this blog, it is welcome.

Regards my friends and I hope to see you again back in September after a great holiday.

23 de julio de 2018

Risk assessments for GDPR compliance




When I was studying for CISA and CISM certifications, I read a lot about Business Impact Analysis and the Risk Management Process. That was cool because Ariadnex was ISO 27001 compliance and I had to help them to be ready compliance with this kind of processes. Today, we have also to be GDPR compliance where all EU citizens have cyber rights from the new GDPR. This is a good opportunity for reinforce my knowledge about risk assessments because it is essential for the new regulation.

All businesses have to comply with GDPR because most of them process personal data of its employees for salaries, benefits and social security. Most of them have also a recruitment process or they evaluate their employees. There are also companies which they store and process lots of personal data for advertising campaigns or they process sensitive data as the health sector does. Therefore, there is personal data processing everywhere and these businesses have to comply with the new regulation.

The first step for compliance is to know what personal data the company is processing because we’ll have to define and design the processing operation of personal data as well as the processing purpose. Once this is done, we can use tools such as Facilita which tell us what we have to do with personal data processing. If we don’t have too much personal data and the risk level is low, maybe, we only have to do some paper work and buy some tech stuff.

Workflow for GDPR compliance

However, if we have too much personal data or sensitive data, we should evaluate a proposal to identify potential effects on individuals’ privacy and personal data. Therefore, we have to know if a basic risk assessment is enough for the company or it will be necessary a Data Protection Impact Assessment (DPIA), which is an exhaustive process known as privacy by design where projects are designed with data protection in mind from the beginning.

If the company doesn’t have high risk personal data processing, we’ll have to do a basic risk assessment. This risk assessment will have to take into account the loss of integrity, availability and confidentiality for personal data protection and it will also have to take into account rights and freedoms of individuals. However, this risk assessment shouldn’t be a exhaustive risk assessment but a essential one where only critical risks should be considered such as unauthorized access, unintentional loss or lack of procedures.

Finally, if the company has high risk personal data processing, we’ll have to do an exhaustive risk assessment through the DPIA process where we evaluate impact and the threat occurrence probability of risks to know the level of risk of each personal data processing activity. I know, it is a demanding work but mandatory for GDPR compliance.

Regards my friends and remember protecting your data!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares