Penetration Testing Archive
Article 32 of the EU GDPR (General Data Protection Regulation) requires organizations to implement technical measures to ensure data security. Specifically, it highlights the need for “a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational …
Before you embark on a project to implement an ISO 27001 ISMS (information security management system), you should know that there is a strong connection between your ISMS project and penetration testing. Penetration testing (often called ‘pen testing’ or ‘ethical hacking’) …
Cyber attacks are an increasingly serious risk for organizations, but many senior staff seem to believe that their organization won’t be targeted. They might say that their organization is too small to be on attackers’ radars, or that they don’t …
In addition to health issues, UConn Health patients are now fretting over their PII (personally identifiable information) being compromised. On December 24, 2018, UConn Health discovered that an unauthorized party had accessed nearly 1,500 employee email accounts. Breach at UConn …
At the beginning of the month, RMIA (Reproductive Medicine and Infertility Associates) in Woodbury, Minnesota informed its patients that a malware attack had potentially exposed their PII (personally identifiable information). In its announcement, RMIA said: “On December 5, 2018, we …
In January, Ascension’s server suffered a security lapse that allowed information on 24 million bank, mortgage and other loans to be accessed online. The server contained decades worth of data, but was not password protected. The lack of security allowed …
Attorney General of North Carolina Josh Stein and House Representative Jason Saine have introduced the “Strengthen North Carolina Identity Theft Protection Act,” mandating organizations to report data breaches within 30 days. What does the Act say? The Act updates the …
Oklahoma might have been “O.K.” in Rodgers and Hammerstein’s 1943 Pulitzer Prize-winning Broadway musical, but the state’s cybersecurity standards certainly aren’t. On January 16, the ODS (Oklahoma Department of Securities), which oversees and regulates Oklahoma’s securities business, announced “an incident …
For many, weekends mean lounging around with a cup of coffee and the newspaper. However, on December 29, 2018, readers of the Baltimore Sun, Chicago Tribune, Los Angeles Times, New York Times, San Diego Union-Tribune, and Wall Street Journal: Weekend …
As a result of a phishing attack, the San Diego Unified School District was forced to send an email to parents and former students notifying them that their PII (personally identifiable information) may have been accessed by an unauthorized party. …
