Fri, 12 Jul 2019 04:40:27 +0000: Avoid exposing sensitive data in public cloud storage buckets (S3, GCS, etc). Here's one way to secure buckets on the application level.
Tue, 02 Jul 2019 09:34:01 +0000: Cloud computing puts different requirements on information governance than on-premise processing and storage. Read how to take the shared responsibility model into account for governance based on the data security lifecycle model.
Sat, 29 Jun 2019 22:10:01 +0000: Cloud compliance management: key aspects of maintaining compliance throughout a shared responsibility model when using cloud architectures.
Sat, 22 Jun 2019 05:27:31 +0000: I’ve tried to find a simple web based RSS reader but don’t really like any of the most popular ones. Too many ads, too much flashy graphics, and limits on number of feeds without paying. So, I started uilding one. This is work in progress, and is currently almost featureless. You can add private and […]
Sun, 16 Jun 2019 22:02:43 +0000: This post is a quick note on localization. Recently I needed to add some localization features to a frontend project running Vue 2.0. Why not just use an i18n package? That would probably have been a good thing to do, but those I found either had confusing documentation, a high number of old unresolved issues […]
Fri, 14 Jun 2019 12:24:22 +0000: This is a relatively long post. Specific areas covered: Legal issues Cloud service agreements (contracts) Third-party access to documents stored in the cloud (e-discovery) 3.1 Overview 3.1.1 Legal frameworks governing data protection and privacy Conflicting requirements in different jurisdictions, and sometimes within the same jurisdiction. Legal requirements may vary according to Location of cloud provider […]
Thu, 23 May 2019 22:01:41 +0000: CCSK domain 2 is about risk management and governance. In this post we look at some of the CSA guidance descriptions and also comment on more practical aspects of governance when moving to cloud computing.
Sun, 19 May 2019 20:43:49 +0000: Recently I participated in a one-day class on the contents required for the “Certificate of Cloud Security Knowledge” held by Peter HJ van Eijk in Trondheim as part of the conference Sikkerhet og Sårbarhet 2019 (translates from Norwegian to: Security and Vulnerability 2019). The one-day workshop was interesting and the instructor was good at creating […]
Mon, 06 May 2019 17:07:05 +0000: Crime in general is moving online, and with that the digital risks for all businesses are increasing, including for traditional physical stores – as well as eCommerce sites. This blog post is a quick summary of some risks that are growing quickly and what shop owners can do to better control them. Top 10 Cybersecurity […]
Mon, 18 Mar 2019 21:17:51 +0000: Reading about hacking in the news can make it seem like anyone can just point a tool at any website and completely take it over. This is not really the case, as hacking, whether automated or manual, requires vulnerabilities. A well-known tool for security professionals working with web applications is Burp from Portswigger. This is […]
Sun, 14 Jul 2019 20:37:40 +0000: Managing requests from persons whose data you process is a key aspect of GDPR compliance. Learn more about how to optimize managing and responding to user requests in this practical workflow post.
Sat, 06 Jul 2019 22:07:15 +0000: Do you value privacy? Most individuals and companies would reply with a clear “Yes!” to that simple question but their actions are often not very well aligned with that expressed attitude. What are the legal privacy rights we have as individuals? Before we consider whether ee actually do value privacy, let’s review what rights the … Continue reading Privacy isn’t about secrecy, it is about human rights
Thu, 27 Jun 2019 10:38:02 +0000: Cybehave's June security note is on #ransomware - how to prepare to avoid paying criminals to get your data back
Mon, 24 Jun 2019 21:45:25 +0000: Bringing new features to RiskTool, PrivacyBox and PhishingBot - and one more thing - our IssueTool is now available to customers too: issue tracking the way it should work!
Mon, 17 Jun 2019 21:01:33 +0000: Learn how to plan a role based and effective cybersecurity awareness program - and get a free planning template.
Tue, 21 May 2019 21:30:37 +0000: Cybehave will be a subcontractor to Webstep in new eHealth development project with a potential value up to 80 million NOK and a duration of 4 years. Cybehave will provide advisory services within security architecture and threat modeling.
Sat, 18 May 2019 20:45:45 +0000: What should you do when you get hacked? This post helps you understand how you should prepare and what your action plan should be focused on to minimize business impact and getting back to normal quickly.
Tue, 14 May 2019 23:04:13 +0000: A blog post showing how easy it can be to create malware that lets a hacker get access to your computer - whether you are running Windows, Linux or a Mac.
Wed, 08 May 2019 21:11:16 +0000: The problem with the "dangerous link" is often not that we do not know that links may be dangerous. Our goal when using a computer is not to verify that links are safe (unless you work in cybersecurity, perhaps) - it is to get something done. Can designers help make that safer?
Wed, 01 May 2019 19:04:40 +0000: Italian regulator gives first GDPR fine - over poor cybersecurity practices at the website of the 5-star movement. Good information security management is a requirement for GDPR compliance.