Will the CLOUD Act slow down digitalizatiton?

Quite recently the CLOUD Act was approved and signed in the United States. It’s a from my perspective somewhat expected and through it all welcome missing piece in cyber crime fighting. What is CLOUD Act and what does it mean? CLOUD Act, or Clarifying Lawful Overseas Use of Data Act was enacted as late as… Continue Reading

GDPR Prepareness + Phishing = True

Phisher

Lots and lots of organizations are preparing themselves in order to be GDPR compliant. In the eleventh hour in some cases since GDPR will go into effect on the 25’th later this month. Three weeks. 21 days. What many of them have to do is to get your consent in order to keep process your… Continue Reading

Disaster Recovery – not as easy as it might seem

Disaster recovery – quite straight forward, isn’t it? Well – it might be. At least when it comes to IT environments that aren’t too complicated. The downside there is that there aren’t very many IT environments that aren’t complicated. Most of them tends to be, one way or another. Many disaster recovery solutions, no matter… Continue Reading

Worried about using Facebook Messenger? Try Signal!

I guess you’ve heard it all over and over again about the Facebook privacy scandal. There’s been a lot of focus on the scandal itself and Mark Zuckerberg testifying before the Senate. I have wrote a few posts about it as well. Read more: Why answering/setting up quiz’s and other stuff on Facebook is a… Continue Reading

Office 365 heavy target for phishers

Last Thursday I meet with one of Microsofts Trusted Security Advisor’s and we got into a discussion about phishing. I mentioned that I have seen quite a lot of phishing attempts on customers in Sweden, using the Office 365 community. Microsoft is well aware of this extensive targeting. It’s not something new, not for me,… Continue Reading

What’s most important when building an ISMS or Management System?

I’d like to share a few thoughts about what’s important when building a Management System in general, and an Information Security Management System in particular. Please consider this being tips and ideas from me to you. This post relates to ISO 27001:2013 and the standards following the new model and structure. More then one standard?… Continue Reading

Comments about the “Six myths CEOs believe about security”

A couple of days ago I read the CSO article Six myths CEOs believe about security that I’d like to make some personal comments on. 1. Attackers can’t be stopped The author, Roger A. Grimes, mentions that one of the myths is the one that there’s no efficient way of stopping attackers. Personally, I believe that… Continue Reading

ISO audit done

Finally through with the ISO audits (ISO 9001:2015, ISO 14001:2015, ISO 27001:2013 and OHSAS 18001). Despite a few minor nonconformities we’ll be recommended continued certification. Well done to us then!