Monday, March 8, 2021
  • SMBs need to take immediate action on Microsoft Exchange vulnerabilities
  • HAFNIUM and SolarWinds Attacks Highlight Lack of Accountability
  • Aqua Security Details Docker Hub, Bitbucket Cryptojacking Attack
  • BSides Calgary 2020 – Shelly Giesbrecht’s ‘The Trouble With Ransomware’
  • The Three Components of the HIPAA Security Rule

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Governance, Risk & Compliance Security Bloggers Network 

Home » Cybersecurity » Governance, Risk & Compliance » The GDPR Deadline Has Passed – Now What?

The GDPR Deadline Has Passed – Now What?

by Bob Covello on June 3, 2018

I was listening to Jenny Radcliffe interviewing Sarah Clarke on The Human Factor podcast the other day. (If you haven’t tuned in to this podcast, you are definitely missing out on a magnificently entertaining and educational experience!)

Sarah made an accurate observation about what would happen after the May 25th deadline for GDPR compliance. She said that she was concerned that many folks would lapse into a bit of complacency after the deadline passed. That is not a direct quotation, but the sentiment is the same. The GDPR contains strategic goals, not just tactical approaches to the future.

I have already witnessed how some folks who are on the front lines of infosec are not only ill-advised about the regulation but are also not as well-versed in the regulation as they should be. This is dangerous considering that we are to be part of the process that is supposed to support this far-reaching regulation.

I was on a recent phone call with a pentest vendor who was telling me that the GDPR “absolutely requires” penetration tests on all networks. A quick search of the GDPR for the word “pen” turns up some very useful information, such as the words indePENdent, dePENding, and PENalty but, alas, nothing about a penetration test.

In the vendor’s defense, Article 32 in Section 2 states, “the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security approppriate to the risk, including . . . a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing.”

One could loosely interpret that to indicate penetration testing, but it could also be interpreted more strongly as speaking towards an audit mindset.

I wondered what could be causing this problem, and as (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Bob Covello. Read the original post at: https://www.tripwire.com/state-of-security/featured/gdpr-deadline-passed-now-what/

June 3, 2018June 4, 2018 Bob Covello Compliance, Featured Articles, GDPR, Regulatory Compliance
  • ← How to Protect Your Organization From Within
  • The Shared Security Podcast Weekly Blaze – Telegram Messenger in Russia, Amazon’s Facial Recognition Technology, Digital License Plates →

TechStrong TV – Live

Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Zero-Trust in a Trusting World
A Close Call Prompts Security Reassessment
Okta Acquisition of Auth0 Signals DevSecOps Shift Left
HIPAA Security Requirements: What They Really Mean
Three Top Russian Cybercrime Forums Hacked
Active/Active Multi-Region Systems on Steroids With Serverless
The March IronNet Threat Intelligence Brief
Defining Application Security
PCI DSS 4.0 Is Coming – Are You Ready?

Upcoming Webinars

Tue 09

Zero Trust Journey – A Security Leader’s Story

March 9 @ 11:00 am - 12:00 pm
Mon 15

Don’t Get Attached to Your Attachment!

March 15 @ 9:00 am - 10:00 am
Mon 15

Managing Security in a Decentralized World

March 15 @ 1:00 pm - 2:00 pm
Wed 17

API Security: Everything You Need to Know To Protect Your APIs

March 17 @ 1:00 pm - 2:00 pm
Mon 22

The Main Application Security Technologies to Adopt in 2021

March 22 @ 1:00 pm - 2:00 pm
Tue 30

Application Security in the Rapid Digital Transformation Age

March 30 @ 1:00 pm - 2:00 pm
Wed 31

The Anatomy of an Account Takeover Attack

March 31 @ 3:00 pm - 4:00 pm
Apr 01

Pharma Drama: An Interactive Crisis Simulation of an Insider Threat

April 1 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

The Dangers of Open Source Software and Best Practices for Securing Code

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

3 Hiking Principles That Made Me a Better CISO
CISO Suite Cybersecurity Industry Spotlight Security Boulevard (Original) 

3 Hiking Principles That Made Me a Better CISO

March 8, 2021 Jack Hamm | Yesterday 0
Decentralizing Cloud Security Management
Cloud Security Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Awareness Security Boulevard (Original) 

Decentralizing Cloud Security Management

March 5, 2021 Michael Salleo | 3 days ago 0
A Close Call Prompts Security Reassessment
Application Security Cybersecurity Data Security Industry Spotlight Malware Security Boulevard (Original) 

A Close Call Prompts Security Reassessment

March 4, 2021 Rui Ribeiro | 4 days ago 0

Top Stories

Chinese Exchange Hack: At Best, Microsoft is Incompetent
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Chinese Exchange Hack: At Best, Microsoft is Incompetent

March 4, 2021 Richi Jennings | 4 days ago 0
Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Unknown Hacker Grabs Gab’s Data, DDoSecrets Doesn’t Leak it

March 2, 2021 Richi Jennings | Mar 02 0
‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It
Analytics & Intelligence Application Security Cloud Security Cybersecurity Data Security DevOps Featured Identity & Access Incident Response Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

‘Dangerous’ RCE in VMware: Patch, or the Puppy Gets It

February 26, 2021 Richi Jennings | Feb 26 0

Security Humor

via     the comic delivery system monikered   Randall Munroe   resident at   XKCD  !

XKCD ‘Mars Rovers’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.