[UPDATE: slides from my TF-CSIRT presentation are now available] Several years ago I wrote a paper on using the GDPR to decide when the benefits of sharing information among network defenders outweighed the risks. That used the Legitimate Interests balancing test to compare the expected benefits – in improving the security of accounts, systems or […]
Tag: Incident Response
Posts relating to responding to security incidents, CERTs, CSIRTs and similar acronyms
Categories
Information Sharing: Failing Smarter
Over the past twenty years, I’ve seen a lot of attempts to start information sharing schemes. And a lot of those have failed, some very slowly, despite huge amounts of effort. I wondered if there pointers that could be used, early on, to try to spot those. Story First, what is the story? If you […]
Anyone who works with flows, logs and other sources of information to protect network and information security should already be familiar with Recital 49 of the GDPR, where European legislators explained why that was (subject to a risk-based design) a good thing. Now the European Commission has published its draft of the replacement Network and […]
Early in 2021 I was invited to give a one-hour presentation on Data Protection and Incident Response, looking at how the demands of the two fields align and support each other, and how law and guidance have come to recognise that over the past decade or so. Incident Response and GDPR: slides Discussion at that […]
Categories
Data Breach Shanty
To celebrate my 500th blog post, here’s another sea shanty: What shall we do with the stolen data? What shall we do with the stolen data? What shall we do with the stolen data? Early in the morning. Way-hey the fines are rising Way-hey the fines are rising Way-hey the fines are rising Early in […]
Categories
WHOIS access and the NIS2 Directive
The European Commission’s proposed update of the Network and Information Security Directive may revive discussions about access to WHOIS data. When a domain name is registered, contact details are typically requested for various purposes, including billing, administrative and technical questions. For most of the history of the DNS this ‘WHOIS’ data – including names, postal […]
Categories
Improving security and privacy with AI
Two talks at last week’s FIRST conference looked at how Artificial Intelligence might be used in incident response. In both cases, the use of AI improves user privacy directly – by reducing or eliminating the need for human responders to look at user data – and also indirectly, by producing faster detection and mitigation of […]
Threat Intelligence is something of a perennial topic at FIRST conferences. Three presentations this year discussed how we can generate and consume information about cyber-threats more effectively. First Martin Eian from Mnemonic described using (topological) graphs to represent threat information. Objects, such as domain names, IP addresses and malware samples are vertices in the graph. […]
The ICO’s latest notice of a Monetary Penalty Notice, on Ticketmaster, contains unusually detailed guidance on the good practice they expect transactional websites to adopt. Although the particular breach concerned credit card data, this seems likely to apply to any site that takes customer data or that uses third party components. The whole notice is […]
The latest reports from the ICO sandbox provide important clarification of how data protection law applies to, and can guide, the application of novel technologies. This post looks at information sharing… FutureFlow’s Transaction Monitoring and Forensic Analysis Platform lets financial institutions such as banks upload pseudonymised transaction data to a common platform where they, regulators […]