![\"dreamstime_xxl_21128878](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/dreamstime_xxl_21128878-copy.png\")
The first things you have to ask yourself is do I am aware of the security risks; I have to face in the near future?<\/p>\nThe first things you have to ask yourself is do I am aware of the security risks; I have to face in the near future?<\/p>\n
![\"awareness\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/awareness.png\")
Well let me try to explain what is actually all involved of being aware of the current threats, the risks and responsibilities of a vulnerability and security breach\u2026<\/p>\n
![\"signpost-advice-300x237\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/signpost-advice-300x237-1.jpg\")
<\/div>\n![](\"https:\/\/media.licdn.com\/mpr\/mpr\/AAEAAQAAAAAAAAkpAAAAJDRlYWU4YWNhLTNhNDctNDk2Ny1hNDQyLWUzM2M2ZGMwZjhlZQ.png\")
Speaking about awareness check out in real time the current threats all over the world.<\/p>\n
\u00a0<\/p>\n
See below an overview of different network maps:<\/p>\n
\u00b7\u00a0\u00a0\u00a0\u00a0\u00a0Global Network<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0BOTNET<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0Digital Attack Map, Top daily DDoS attacks worldwide<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0Kaspersky CYBER THREAT\u00a0REAL-TIME MAP<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0FireEye<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0CSO Online Daily Dashboard<\/a><\/p>\n \u00b7\u00a0\u00a0\u00a0\u00a0\u00a0Norse Attack Map<\/a><\/p>\n The primary objective of a security awareness program is to educate users on their responsibility to help protect the confidentiality, availability and integrity of their organization’s information and information assets. Information security is everyone\u2019s responsibility, not just the IT security department. It is critical that users understand not only on how to protect the organization\u2019s information, but why it is important to protect that information. \u201cPeople are often the weakest link in a security chain, because they are not trained or generally aware of what security is all about. Employees must understand how their actions can greatly impact the overall security position of an organization\u201d. An awareness program should reinforce security policy and other information security practices that are supported by the organization. Security awareness \u201chelps minimize the cost of security incidents, helps accelerate the development of new application systems, and helps assure the consistent implementation of controls across an organization\u2019s information systems\u201d.<\/p>\n The goal of awareness is to raise the collective awareness of the importance of security and security controls. Awareness messages should be simple, clear and presented in a format that is easily understood by the audience. The goal of training is to facilitate a more in depth level of user understanding. Some tactics include, but are not limited to formal classroom training, one-on-one training and educational packets.<\/p>\n Although many companies have already adopted privacy processes and procedures consistent with the Directive, the GDPR contains a number of new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force in the spring of 2018.<\/p>\n With new obligations on such matters as data subject consent, data anonymization, breach notification, trans-border data transfers, and appointment of data protection officers, to name a few, the GDPR requires companies handling EU citizens\u2019 data to undertake major operational reform.<\/p>\n This is the first in a series of articles addressing the top 10 operational impacts of the GDPR.<\/p>\n First of al we start with awareness, and ask yourself the following things:<\/p>\n 1)\u00a0\u00a0\u00a0\u00a0It is precisely the manufacturing capacity, or access of SMEs to appropriate infrastructures such as pilot lines, and the development of such infrastructures, that this combined funding can support. For innovative SMEs in particular, it is important to ensure a full involvement in industrial value chains, and access to pilot lines and RTOs, or technology infrastructures offering services to SMEs, allowing them to design, prototype, test and ultimately produce their innovations.<\/p>\n 2)\u00a0\u00a0\u00a0\u00a0The exploitation strategy <\/em>should be realistic and identify obstacles, requirements and necessary actions involved in reaching higher TRLs, such as<\/p>\n a.\u00a0\u00a0\u00a0\u00a0\uf0b7 Improved material\/product robustness and reliability;<\/p>\n b.\u00a0\u00a0\u00a0\u00a0\uf0b7 Addressing European value chains;<\/p>\n c.\u00a0\u00a0\u00a0\u00a0\uf0b7 Securing an industrial integrator to adapt the new technologies to industrial scale;<\/p>\n d.\u00a0\u00a0\u00a0\u00a0\uf0b7 Availability of large-scale testing, pilot and manufacturing facilities;<\/p>\n e.\u00a0\u00a0\u00a0\u00a0\uf0b7 Standardization;<\/p>\n f.\u00a0\u00a0\u00a0\u00a0\u00a0\uf0b7 Product approval by regulatory and\/or relevant international bodies;<\/p>\n g.\u00a0\u00a0\u00a0\u00a0\uf0b7 Sustainability of financing (after the EU funding).<\/p>\n A great number of activities aim to develop innovative technologies bringing them closer to the markets, including a progress towards higher Technology Readiness Levels (TRLs).5 This will help the manufacturing sectors to adapt to global competitive pressure by improving their technological base. As proposed in the European KET Strategy, the KET parts of this work Programme use TRLs where relevant. This Work Programme addresses TRLs from 3-4 up to 7, with an overall centre of gravity in the range from 5-6, with the highest level reserved for cases where there is strong industrial commitment.<\/p>\n To optimize impact, the following aspects should be considered by proposals wherever appropriate:<\/p>\n a) <\/strong>Well-targeted value chains enable to capture value to Europe \u2013 this aspect should be reflected in the quality of the consortium and the work plan to ensure optimal structure to maximize impact.<\/p>\n b) <\/strong>Adequate balance of industrial and research partners for the delivery of the expected outcome beyond the end of the project.<\/p>\n c) <\/strong>In order to facilitate up-scaling, aspects such as demonstration, transfer and piloting should be included as a part of the R&D&I actions. Where standardization needs are identified, they should be followed up.<\/p>\n d) <\/strong>The integration of business development, time to market, and market understanding, together with the understanding and exploitation of customized and personalized products and services in the business-to-business context is necessary to meet innovation needs in the range TRL 5-7.<\/p>\n e) <\/strong>Proof-of-concept prototypes, demonstration, assessments, platform-building activities, and pilots help to overcome the acceptance barrier, increase trust and convince potential users, express additional value benefits for diversified communities, provide seeds for new projects of the proposers also in other parts of Horizon 2020, and develop mechanisms for facilitating value creation in the real economy.<\/p>\n f)\u00a0<\/strong>Non-technical and regulatory issues regarding health, safety and the environment should accompany the development of industrial applications, especially in fields such as nanotechnologies, where potential risks and public concerns have been identified.<\/p>\n Data security plays a prominent role in the new General Data Protection Regulation (GDPR) reflecting its symbiotic relationship with modern comprehensive privacy regimes.<\/p>\n Compared to Directive 95\/46\/EC, the GDPR imposes stricter obligations on data processors and controllers with regard to data security while simultaneously offering more guidance on appropriate security standards. The GDPR also adopts for the first time specific breach notification guidelines.<\/p>\n The GDRP<\/strong> separates responsibilities and duties of data controllers and processors, obligating controllers to engage only those processors that provide \u201csufficient guarantees to implement appropriate technical and organizational measures\u201d to meet the GDPR\u2019s requirements and protect data subjects\u2019 rights. Processors must also take all measures required by Article 32, which delineates the GDPR\u2019s \u201csecurity of processing\u201d standards.<\/p>\n Under Article 32, similarly to the Directive\u2019s Article 17, controllers and processors are required to \u201cimplement appropriate technical and organizational measures\u201d taking into account \u201cthe state of the art and the costs of implementation\u201d and \u201cthe nature, scope, context, and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.\u201d Unlike the Directive, however, the GDPR provides specific suggestions for what kinds of security actions might be considered \u201cappropriate to the risk,\u201d including:<\/p>\n a)\u00a0\u00a0\u00a0\u00a0<\/strong>The Pseudonymization and encryption of personal data.<\/p>\n b)\u00a0\u00a0\u00a0\u00a0<\/strong>The ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services.<\/p>\n c)\u00a0\u00a0\u00a0\u00a0<\/strong>The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident.<\/p>\n d)\u00a0\u00a0\u00a0\u00a0<\/strong>A process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.<\/p>\n Controllers and processors that adhere to either an approved code of conduct or an approved certification mechanism \u2014 as described in Article 40 and Article 42 \u2014 may use these tools to demonstrate compliance with the GDPR\u2019s security standards.<\/p>\n For additional guidance on security standards, controllers and processors may consider the Recitals, in particular Recitals 49 and 71, which allow for processing of personal data in ways that may otherwise be improper when necessary to ensure network security and reliability.<\/p>\n Unlike the Directive, which was silent on the issue of data breach, the GDPR contains a definition of \u201cpersonal data breach,\u201d and notification requirements to both the supervisory authority and affected data subjects.<\/p>\n \u201cPersonal data\u201d is defined in both the Directive and the GDPR as \u201cany information relating to an identified or identifiable natural person (\u201cdata subject\u201d).\u201d Under the GDPR, a \u201cpersonal data breach\u201d is \u201ca breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.\u201d This broad definition differs from that of most U.S. state data breach laws, for example, which typically are triggered only upon exposure of information that can lead to fraud or identity theft, such as financial account information.<\/p>\n In the event of a personal data breach, data controllers must notify the supervisory authority “competent under Article 55” which is most likely (looking to Article 56(1)) the supervisory\u00a0authority of the member state where the controller has its main establishment or only establishment, although this is not entirely clear. Notice must be provided \u201cwithout undue delay and, where feasible, not later than 72 hours after having become aware of it.\u201d If notification is not made within 72 hours, the controller must provide a \u201creasoned justification\u201d for the delay.<\/p>\n Article 33(1) contains a key exception to the supervisory authority notification requirement: Notice is not required if \u201cthe personal data breach is unlikely to result in a risk for the rights and freedoms of natural persons,\u201d a phrase that will no doubt offer data protection officers and their outside counsel opportunities to debate the necessity of notification.<\/p>\n A notification to the authority must \u201cat least\u201d: (1) describe the nature of the personal data breach, including the number and categories of data subjects and personal data records affected; (2) provide the data protection officer\u2019s contact information; (3) \u201cdescribe the likely consequences of the personal data breach\u201d; and (4) describe how the controller proposes to address the breach, including any mitigation efforts. If not all information is available at once, it may be provided in phases.<\/p>\n When a data processor experiences a personal data breach, it must notify the controller but otherwise has no other notification or reporting obligation under the GDPR.<\/p>\n If the controller has determined that the personal data breach \u201cis likely to result in a high risk to the rights and freedoms of individuals,\u201d it must also communicate information regarding the personal data breach to the affected data subjects. Under Article 34, this must be done \u201cwithout undue delay.\u201d<\/p>\n The GDPR provides exceptions to this additional requirement to notify data subjects in the following circumstances: (1) the controller has \u201cimplemented appropriate technical and organizational protection measures\u201d that \u201crender the data unintelligible to any person who is not authorized to access it, such as encryption\u201d; (2) the controller takes actions subsequent to the personal data breach to \u201censure that the high risk for the rights and freedoms of data subjects\u201d is unlikely to materialize; or (3) when notification to each data subject would \u201cinvolve disproportionate effort,\u201d in which case alternative communication measures may be used.<\/p>\n Assuming the controller has notified the appropriate supervisory\u00a0authority of a personal data breach, its discretion to notify data subjects is limited by the DPA\u2019s ability, under Article 34(4), to require notification or conversely to determine it is unnecessary under the circumstances.<\/p>\n Data breach notification is possibly most firmly established globally\u00a0in the U.S. There,\u00a0\u201creasonable\u201d security standards are still being\u00a0defined and nearly every U.S. state has a different breach notification law, which has led to some consternation among privacy professionals. The GDPR\u2019s uniform application across EU member states should at least provide predictability and thus efficiencies to controllers and processors seeking to establish compliant data security regimes and breach notification procedures across the entirety of the 28 member states. Nonetheless, the GDPR’s reference to a “competent supervisory authority” suggests notification may need to be made to more than one supervisory authority depending on the circumstances, and the ambiguity of a number of terms such as “undue delay,” likelihood of risk to rights and freedoms,” and “disproportionate effort” all remain to be further clarified and defined in practice.<\/p>\n\n\n <\/p>\n","protected":false},"excerpt":{"rendered":" The first things you have to ask yourself is do I am aware of the security risks; I have to face in the near future? Well let me try to explain what is actually all involved of being aware of the current threats, the risks and responsibilities of a vulnerability and security breach\u2026 \u00a0 \u00a0 … Read moreAwareness of Cyber risks<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":1842,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[25],"tags":[],"class_list":["post-23","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/23","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/comments?post=23"}],"version-history":[{"count":0,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/posts\/23\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/media?parent=23"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/categories?post=23"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/hjinterim.tech\/index.php\/wp-json\/wp\/v2\/tags?post=23"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}The Importance of the Human Element<\/strong><\/h2>\n
\u00a0<\/div>\n![\"0102-p1-human-element-brain\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/0102-p1-human-element-brain.jpg\")
While confidentiality, integrity and availability represent what aspects of information and information assets are being protected; people, process and technology describe how this protection occurs. All three factors of people, process and technology play an equally important role in information security. However, technical controls, such as firewalls, often receive all of the attention and people and process are overlooked. While firewalls and other security controls provide a very necessary baseline of protection, they can be rendered useless if a user either deliberately or unintentionally misuses their access or fails to protect resources within their control. Consider the scenario that a user is tricked into giving out their ID and password to an unauthorized person over the phone. It does not sound like a huge security breach. It is just one tiny mistake, right? Unfortunately, that is not the case. This mistake creates vulnerability in the security architecture that could result in a substantial loss if exploited. It only takes one open door to create an opportunity for an attacker. Although a shared password was the only violation used in this example, it is important to understand that there are many ways that users can become a security weakness. In addition, when the number of authorized users is considered, then the overall potential exposure is, astounding. This is why people are a major factor in the success or failure of an information security program.<\/div>\nSecurity Awareness Goals and Objectives<\/strong><\/h2>\n
![\"wellnessbd\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/wellnessbd-1.png\")
<\/div>\n![\"GDRP_Logo_corr\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/gdrp_logo_corr.jpg\"){kind=logo}
<\/div>\nThe new\u00a0General Data Protection Regulation<\/a>\u00a0(GDPR) is set to replace the Data Protection Directive 95\/46\/EC effective May 25, 2018.\u00a0The GDPR\u00a0is directly applicable in each member state and will lead to a greater degree of data protection harmonization across EU nations.<\/h3>\n
\n
Recourses<\/strong><\/h2>\n
![\"insider-threat-cybersecurity\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/insider-threat-cybersecurity.jpg\")
<\/div>\nStrategic orientation on innovative technologies closer to the market<\/strong><\/h2>\n
![\"orientacion-estrategica\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/orientacion-estrategica.jpg\")
<\/div>\n(1) Enhancing your environment with the GDPR Enhances Data Security and Breach Notification Standards<\/strong><\/h2>\n
![\"data-key\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/data-key.jpg\")
<\/div>\nSecurity of data processing standards<\/strong><\/h2>\n
![\"d3a4febf87d1929fe6b3411042884151\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/d3a4febf87d1929fe6b3411042884151.jpg\")
<\/div>\n\u201cPersonal data breach\u201d notification standards<\/strong><\/h2>\n
![\"images\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/images.jpeg\")
<\/div>\nHarmonization<\/strong><\/h2>\n
![\"2-1\"](\"https:\/\/hjinterim.files.wordpress.com\/2017\/01\/2-1-1.jpg\")
<\/div>\n