7MS #294: GDPR Me ASAP
7 Minute Security18 Jan 2018

7MS #294: GDPR Me ASAP

GDPR in a nutshell

GDPR, in a nutshell, is a set of legal regulations focused on the privacy of personal information for EU citizens - no matter where they are. Entities that store and/or process personal information about EU citizens must clearly explain to the citizens what data is being stored and processed, and any parties the data is being shared with. The citizens must opt-in and agree to each instance or reason that their data is being stored and processed. The citizens also must be able to, at any time, request a copy of the data or request that it be deleted.

How does GDPR define "personal data"

As "any information relating to an identified or identifiable natural person."

When do GDPR regulations start being enforced?

May 25, 2018.

What are the key roles organizations need to be aware of as it relates to handling data under GDPR regulations?

Two primary roles:

Controller

An entity that determines the purposes, conditions and means of the processing of personal data

Processor

An entity which processes personal data on behalf of the controller

What are the GDPR lawful basis for processing data?

  • Consent: the individual has given clear consent for you to process their personal data for a specific purpose.

  • Contract

  • Legal obligation

  • Vital interests

  • Public task

  • Legitimate interests

Are there any good step-by-step guides to GDPR compliance?

This site lays things out at a high level with a 12-step program, if you will.

How can I learn more about GDPR?

This http://gdprandyou.ie/ site is a great GDPR primer, and this PDF from Imperva is good as well. I also googled GDPR for dummies and found some good results too :-)

Avsnitt(702)

7MS #686: Our New Pentest Training Course is Almost Ready

7MS #686: Our New Pentest Training Course is Almost Ready

Oh man, I'm so excited I can hardly sleep. Our new three-day (4 hours per day) training is getting closer to general release. I talk about the good/bad/ugly of putting together an attack-sensitive lab that students can abuse (but hopefully not break!), and the technical/curriculum-writing challenges that go along with it.

1 Aug 23min

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

7MS #685: The Time My Neighbor Almost Got Scammed Out of $13K

Today's kind of a "story time with your friend Brian" episode: a tale of how my neighbor almost got scammed out of $13k. The story has a lot of red flags we can all keep in mind to keep ourselves (as well as kids/friends/parents/etc.) safer from these types of shenanigans.

25 Juli 22min

7MS #684: Pwning Ninja Hacker Academy

7MS #684: Pwning Ninja Hacker Academy

Hey friends, today we start pwning Ninja Hacker Academy – cool CTF-style lab that has you start with no cred and try to conquer domain admin on two domains!

18 Juli 22min

7MS #683: What I'm Working on This Week - Part 4

7MS #683: What I'm Working on This Week - Part 4

This week I'm working on a mixed bag of fun security and marketing things: A pentest I'm stuck on My latest lab CTF obsession: Ninja Hacker Academy A cool "about 7MinSec" marketing video that was recorded in a pro studio!

12 Juli 30min

7MS #682: Securing Your Family During and After a Disaster – Part 7

7MS #682: Securing Your Family During and After a Disaster – Part 7

Today's episode is a downer! We talk about things you might want to have buttoned up for when you are eventually not alive anymore: Living will Buried vs. cremated? Funeral plans Funeral PHOTOS? I also talk about how my dad broke his ribs while trying to break a chimpmunk, and how a freak 4-wheeler accident also had my ribs in agony.

4 Juli 30min

7MS #681: Pentesting GOAD – Part 3

7MS #681: Pentesting GOAD – Part 3

Today Joe "The Machine" Skeen and I pwn the third and final realm in the world of GOAD (Game of Active Directory): essos.local! The way we go about it is to do a WinRM connection to our previously-pwned Kingslanding domain, coerce authentication out of MEEREEN (the DC for essos.local) and then capture/abuse the TGT with Rubeus! Enjoy.

27 Juni 18min

7MS #680: Tips for a Better Purple Team Experience

7MS #680: Tips for a Better Purple Team Experience

Today I share some tips on creating a better purple team experience for your customers, including: Setting up communication channels and cadence Giving a heads-up on highs/criticals during testing (not waiting until report time) Where appropriate, record videos of attacks to give them more context

20 Juni 26min

7MS #679: Tales of Pentest Pwnage – Part 73

7MS #679: Tales of Pentest Pwnage – Part 73

In today's tale of pentest pwnage I talk about a cool ADCS ESC3 attack – which I also did live on this week's Tuesday TOOLSday. I also talk about Exegol's licensing plans (and how it might break your pentest deployments if you use ProxmoxRox).

13 Juni 30min

Populärt inom Politik & nyheter

motiv
svenska-fall
p3-krim
rss-krimstad
fordomspodden
aftonbladet-krim
blenda-2
flashback-forever
rss-viva-fotboll
aftonbladet-daily
rss-sanning-konsekvens
rss-vad-fan-hande
dagens-eko
grans
olyckan-inifran
rss-frandfors-horna
rss-krimreportrarna
krimmagasinet
spotlight
rss-flodet