ISO/IEC 27701:2019, was published in August 2019. This new ISO comes from ISO/IEC 27552:2019 (published a month before). This regulation is an extension of privacy of ISO/IEC 27001:2013, being a certifiable extension of it. ISO/IEC 27701:2019 describes a framework for Personally Identifiable Information Controllers (PII) and PII Processors to manage privacy controls to reduce the risk to people’s privacy rights. ISO/IEC 27701:2019 contains 263 controls contained in 8 main sections of requirements and controls related to the orientation with which they should be implemented by an organization: ISO scope, references, terms Context of the organization Leadership Planning Support Operation Performance evaluation Improvement ISO/IEC 27701:2019 focusesRead More →

One of the procedural measures that have been introduced by Organic Law 13/2015, of October 5 (Spain), amending the Criminal Procedure Law for strengthening procedural safeguards and regulating technological research measures allows the Judicial Police The recording and recording of oral communications through the use of electronic devices and the use of technical devices for image capture, tracking and localization. The Judicial Police has all these technical tools: Tracking Devices Localization devices Image Capture Devices Voice Communication Intercept Devices Interception devices for telematic communications (eg, the possibility of identifying the IP, IMEI, device, etc.) Registration of Mass Storage Information Devices Remote logs on computer equipmentRead More →

Every year, the challenge of protecting our IT assets from growing threats and cyber attacks is growing. Once some malicious application is in our network and later can quickly move with traffic and produce a big impact in our the network. These attacks can be devastating. I created a presentation where I explain in details this topic, you can see my presentation here (in Spanish): ¿Cuáles son los peligros a los que se enfrenta su sistema informático? from Ramiro CidRead More →

On 14/04/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it. On 04/05/2016 EU Data Privacy regulation had been published in the official bulletin of the European Union, after 20 days (25/05/2016) the new EU Data Privacy regulation became official. The General Data Protection Regulation (GDPR) have big economic penalties which will start to be real after 2 years this regulation was approved so: May 2018 Penalties of 10 millions or up to 2% of global turnover for the previous year and 20 millionsRead More →

Currently, market has a wide range of systems, products and services focused on computer security services: Antivirus, Antispyware, Firewalls, IPS, WAF, SIEM systems, etc. All these measures are indispensable and have become a priority for any company or organization towards ensuring its assets, but social engineering plays with the advantage that you can use techniques that violate own vulnerabilities inherent in human beings and, as is well known, for this there is no patch or upgrade that provides effective protection against such attacks. People is normally “the weak link in the chain”. I created a presentation where I explain in details this topic, you canRead More →

Nowadays, and even more in the future, Internet of Things, Big Data and Mobility will be present (they are already now) in our personal and professional life. The more these concepts grow, the more risk we are assuming about misuse of our Privacy Data, so more effort we will need to do to improve our privacy. Internet of Things definitely is a big relationship between physicalWorld and virtualWorld. In the future (already now) the extensive use of our data in this new “virtual World” causes a huge risk of misuse of our private data. Big Data is a broad term for data sets so large or complex thatRead More →