Computer security

Guida al GDPR per chi non ne vuol sapere: raschia raschia rimane il rischio 😊

Ma se ti dico “rischio” tu che mi rispondi? Er… no non intendo la sequela di insulti o le minacce più o meno velate a cu stai quasi sicuramente pensando, stavo cercando di parlare di GDPR… No, no, GDPR non è una parolaccia, calmiamoci. Insomma volevo solo chiedere che cosa associate alla idea di rischio indicata dal GDPR. Ne parlo qui perché ultimamente ho avuto modo di vedere come molti non hanno bene chiaro cosa sia questo fantomatico rischio di cui si parla. Allora cerchiamo di fare un poco di chiarezza ad un livello che persino io possa capire di…

hit by “wannacry” (may be you deserve it) …

Guys Again a ransomware outbreak on the news. May I say I am not surprised at all? And may I say that the media coverage has been ridiculous and instead of presenting the event as something that should highlight the incompetent behaviour of managers targeted by this issue they claims about “cyberattack” which is a completely different thing. And yet people asking why? how come? how this can be possible? again really? We know that CyberSecurity is always a side though from most of the management no matter where. The proof, beside the claims from CEO, IT Managers and generally speaking CxO,…

It is time for research to think about security and privacy

We usually talk about cyber security and privacy related to the world of industry and personal, but today I would make some points related to research in universities. how much security aware are universities? This is an interesting topics, looking at the statistics on cyber security attacks I would say security and privacy awareness is not at the first point in their needs. So bad … well first of all let’s make a little distinction: engineering vs the rest it is out of doubt that engineering universities and research are more cyber security savvy than the rest. Some of them…

Dear CISO, please talk about business with your board, not technicality.

Antonio Ieranò CSO, Cyber Security Architect, technical evangelist, consultant, writer, journalist and trainer Dear CISO and Board I think we should always consider our job as a part of the business. We finally started to consider cyber security and data protection as a serious issue but now the question is how we evaluate a risk in our analysis and business plans… Current documentations and reports, for risk analysis, presented to most of the boards use just a flag (High, medium, low risk) but does not seems to specify any metric. Without metric it is hard to make sound evaluation and…

GDPR and the technology market

Question: will the new privacy policies and laws impact the technology market? This is an interesting question to ask ourselves; whether we are consumer of the technology market or technology vendors the impact of the new technologies (from cloud to IoT, from industry 4.0 to big data just to name the most acknowledged from a marketing point of view) privacy regulations can affect heavily our behaviours and the market. so let try to understand what could be the implications of this new focus on privacy and data protection. First of all we should try to understand what we are talking…

Watching the new presidents’ acts and talks (and the possible future outlook) And I am scared

I usually do not write here about political stuff, if not in rare occasions but, hey, this is my blog at the end so I can express my feeling and thoughts. I was watching today some videos related to USA president elected Donald Trump and his approach to the news (he would tweet: Fake news, sad!) and, honestly, I am scared to dead. I do not like Mr Trump, USA citizens elected him so I have to cope with that, but this does not means I have to like him. I found most of his tweet questionable, his cult of…

Devi fare il budget sulla sicurezza informatica? Se sei stato fortunato: ti sei preso un ransomware

ho pensato che sia cosa utile fare seguito ad un mio precedente post che si chiedeva se era paperino a fare i budget di sicurezza. Diciamolo, uno dei problemi che affliggono il mondo della sicurezza è che in pochi hanno una vaga idea di come costruire un budget che copra questi bisogni e lamentarsi sempre non aiuta a risolvere il problema, ho quindi pensato di scrivere un suggerimento su come venire incontro alla determinazione del valore economico della stesura di un budget di sicurezza informatica. Il problema di costruire il budget della sicurezza è, notoriamente, che chi lo fa deve…

Happy new insecure 2017: my resolutions and wishlist for new year

Here we are, a new year comes and we, as cyber security expert, will keep warning the world about the deeply insecure world we are living. And we will announce new technologies and new devastating scenarios related to new technologies. IoT and Cloud will rise their evil face while bad people will be lurking in the dark waiting to attack the innocent lamb crossing the road. But, in all of this, the most of the damage will be still done by bad designed systems, by managers that does not understand what means living in a digital world, by politicians that…

unhappy employee are a cyber security concern

Have you ever considered the fact that the “best place to work” is something a security chap should take into serious consideration? A lot of people keep thinking that security is all about one of that technology, most of those expert master perfectly one of another specific technology and think they have the sacred graal of security. Since I am not so a big tech expert I am allowed to think that security isn’t in that specific technology, but in a systemic approach where technology cover just one part, and is just a part of a whole process. One of the aspect…

Security and Datacenters

A Datacenter is a collection of several different elements, all working together to offer a platform to our digital needs. A datacenter is actually a mix of different elements, some logic some physical, it is just not a mere collection of elements but a complex systems with a lot of interactions. We can easily see inside the datacenter, cables, racks, servers, network equipments, storage units and so on but all are there (or should be there) for a purpose and are interconnected. A big part of a datacenter is not even visible; it is the software and data running in…

Posts navigation
Stop censorship
%d bloggers like this: