On 7 November 2019 the European Data Protection Supervisor published their guidelines on the concepts of controller, processor and joint controllership. While the EDPS is the supervising authority for EUI (European Union Institutions), whose data protection activities fall under Regulation 2018/1725 and not the GDPR, the document is of importance… Continue reading
SLIDES This subject was presented at ISSE 2018 with the title “AI vs. the GDPR”. Here you can find the complete slide deck in pdf format: Slide deck ISSE-2018-AIvstheGDPR Continue reading
For organisations, wether big or small, the priority when an Information Security incident happens is to resume operations as quickly as possible and minimise disruption. What is very often overlooked is the management of digital evidence generated by an incident, whatever its nature. The sessions endeavoured to explain how to… Continue reading
Information management and security: lessons from intelligence Information in digital form is arguably the most important asset for modern organizations. Still, even today, the word “security” is often associated with guards in uniform, door locks and access control. While physical security is still fundamental, even to protect information, information security… Continue reading
Early this year the European Court of Justice declared the 2006 EU Date Retention Directive invalid. This is a very important turning point in the ongoing tug-of-war between privacy rights and security concerns, possibly a reversal of the tide that has been mounting since the beginning of the century. The… Continue reading
ISACA Venice Chapter just published its 5th paper, “National Cybersecurity, Awareness in Critical Industries in North East Italy”. I am a co-author, with Luca Moroni (coordinator) and Giuseppe Esposito. The paper sketches the general scenario on Critical Infrastructure Protection, supplies examples and also a practical tool for self-evaluation that can be… Continue reading
In this post I try to trace the evolution of EU legislation regarding Critical Infrastructure Protection, with some special attention to the Italian implementations. In any case the bulk of the regulations and laws in this field finds its origin at the European level. The main motivation behind Critical Infrastructure… Continue reading
Digital Forensics is not usually considered an important part of Information Assurance process and the management of Information Security, but it should, when we consider the big picture regarding Information Security and Cybersecurity. Nowadays all organizations, be them private corporations, public bodies, NGOs etc need to approach Information Security knowing… Continue reading
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
