WPA3 is here – Hurray!

Finally WPA3 is here! Or at least, the Wi-Fi Alliance today announced that they begun certifying products with the WPA3 protocol. Why Hurray? It’s now quite a few years since WPA2 was released and products getting certified. 14 years, to be more precise. During these years WPA2 has been subject to a number of vulnerabilities… Continue Reading

Who’s behind the access request?

  Today is the day – the infamous 25th of May 2018. When we woke up this morning GDPR was finally in effect… I was expecting this morning to be something really extra. I was expecting something like that the sky would be green and the sun would have been blue. But it turned out… Continue Reading

Word of the day: Panic!

Tomorrow is the 25th of Maj 2018 Ever heard of this new law – GDPR? If you haven’t, well – good for you then. That means that you’re not in any way involved in processing personal data. Not in your line of work, or in sports clubs or so. It would also mean that you’re… Continue Reading

Will the CLOUD Act slow down digitalizatiton?

Quite recently the CLOUD Act was approved and signed in the United States. It’s a from my perspective somewhat expected and through it all welcome missing piece in cyber crime fighting. What is CLOUD Act and what does it mean? CLOUD Act, or Clarifying Lawful Overseas Use of Data Act was enacted as late as… Continue Reading

GDPR Prepareness + Phishing = True

Phisher

Lots and lots of organizations are preparing themselves in order to be GDPR compliant. In the eleventh hour in some cases since GDPR will go into effect on the 25’th later this month. Three weeks. 21 days. What many of them have to do is to get your consent in order to keep process your… Continue Reading

Disaster Recovery – not as easy as it might seem

Disaster recovery – quite straight forward, isn’t it? Well – it might be. At least when it comes to IT environments that aren’t too complicated. The downside there is that there aren’t very many IT environments that aren’t complicated. Most of them tends to be, one way or another. Many disaster recovery solutions, no matter… Continue Reading

Worried about using Facebook Messenger? Try Signal!

I guess you’ve heard it all over and over again about the Facebook privacy scandal. There’s been a lot of focus on the scandal itself and Mark Zuckerberg testifying before the Senate. I have wrote a few posts about it as well. Read more: Why answering/setting up quiz’s and other stuff on Facebook is a… Continue Reading

Office 365 heavy target for phishers

Last Thursday I meet with one of Microsofts Trusted Security Advisor’s and we got into a discussion about phishing. I mentioned that I have seen quite a lot of phishing attempts on customers in Sweden, using the Office 365 community. Microsoft is well aware of this extensive targeting. It’s not something new, not for me,… Continue Reading

What’s most important when building an ISMS or Management System?

I’d like to share a few thoughts about what’s important when building a Management System in general, and an Information Security Management System in particular. Please consider this being tips and ideas from me to you. This post relates to ISO 27001:2013 and the standards following the new model and structure. More then one standard?… Continue Reading

Comments about the “Six myths CEOs believe about security”

A couple of days ago I read the CSO article Six myths CEOs believe about security that I’d like to make some personal comments on. 1. Attackers can’t be stopped The author, Roger A. Grimes, mentions that one of the myths is the one that there’s no efficient way of stopping attackers. Personally, I believe that… Continue Reading