The Directive on security of network and information systems (the NIS Directive) was adopted by the European Parliament on 6 July 2016 and entered into force in August 2016. Member States have to transpose the Directive into their national laws by 9 May 2018.
Naturally, this law has been sidelined in favour of the more popular GDPR which was entered into force on the 25 May 2018.
Maybe it’s “too” technical or doesn’t have a good acronym. I’ll just call it DENIS (DirectivE on security of Network and Information Systems) to keep it simple.
Two new Laws that just made things a little bit more complicated, but wait, there’s a shortage of InfoSec experts and salaries are not rising in proportion to the work, and wait, the InfoSec profession is 90% male or has all the industry reports suddenly fallen to the bottom of the agenda.
Cute little single player game INSIDE has got me laughing and panicking at the same time as I play the role of a boy escaping Big Brother….it kinda feels like Orwell’s 1984 vision. The simple game design is what makes it an absolute winner in the era of 20 bottom combination moves.
Probably inspired by GDPR, some Global vendors are following the tracks of social media giants by making it easy to download ALL your data.
It will take seven (7) days but I just put in my request for info to Apple hoping for some surprises. There will be many of us who state that we have “nothing” to hide and don’t care what information is held.
Self-discovery is always a healthy thing gives you the power to decide to delete ALL, correct or reset.
App Store, iTunes Store,
iBooks Store and Apple Music activity
Apple ID account and device information
Apple Online Store and Retail Store activity
AppleCare support history, repair requests and more
Game Center activity
iCloud Bookmarks and Reading List
iCloud Calendars and Reminders
iCloud Drive files and documents
Maps Report an Issue
Look out for the Article 33 – 72 Hour breach notification debacle.
I can only imagine the litigations that are cued up and ready to go. Enterprise is all lawyered up but Small Business owners must be wondering what to do. The first cases will definitely hit the media.
Will it make the end-user safer or just cause admin hassle and change the strategic position of hackers and miscreants? A new era of Lawfare where regulations are used to tied up resources of a target, distracting them and potential weakening their infrastructure.
Policy, procedures, standards, compliance will someone please wake me up.
…but yet I’ve already had some vague clueless queries from worried business folk.
No matter, your friendly neighbourhood CISSP is here for ya.
The UK Prime Minister made a clever “Uncle Tom” move by placing a 2nd Generation immigrant into one of the most powerful roles in her government replacing a British White female.
The “Urgent” session in parliament played out like pure theatre, with immigrants on both sides clashing words and intentions. The Conservation Party pivoted to EU regulations and illegal immigration while Labour bombarded the new Home Secretary with direct questions on what he would “actually” do and when.
I wish they would replace the word “Windrush” with “Jamaican” as it actually refers to the truth of a ship carrying 1027 passengers and two stowaways on a voyage from Jamaica to London in 1948.
So with just over 31 days to go before the European Laws change the game, it’s important to know how this may impact you in real life.
Art. 33 GDPR Notification of a personal data breach to the supervisory authority
In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
Vague terms such as “undue delay” still gives weak protection for individuals but the game changer is 72 hours to tell everybody you’ve been hacked.
I can see more blackmail attempts coming forth as companies look to delay public notification. The big telecoms companies are well prepared and have started notifying end-users of the legal changes but there is not much comments or chatter on how this will change the Hacker community.
The important thing is now you can sue someone when the big hacks happen….and they WILL happen.