Geschreven door: Lora Mourcous van advocatenkantoor SOLV. Eén van de lastigste dingen onder de AVG is wel het vaststellen van de rollen bij het verwerken van persoonsgegevens. De privacywetgeving maakt namelijk een onderscheid tussen de verwerkingsverantwoordelijke en de verwerker. Hoewel het onderscheid vaak genoeg op eerste gezicht duidelijk is, zorgen de ontwikkeling en het gebruik … Continue reading AVG – Onderscheid controller en verwerker
“Ontkenning is een goede manier om je te beschermen totdat het niet meer zo is”. De digitalisering, automatisering en robotisering nemen toe maar daardoor ook de afhankelijkheid van ICT en de cybercriminaliteit en alle andere cybergevaren. Als je Googelt kom je al snel harde feiten en statistieken tegen over de ernst en omvang van de … Continue reading Cybercrime wordt steeds geavanceerder en agressiever
SIEM for beginners We may think of Security Controls as containing all the information we need to be secure, but often they only contain the things they have detected – there is no ‘before and after the event context within them. This context is usually vital to separate the false positive from true detection, the actual attack … Continue reading SIEM for beginners written by Alienvault
De stress van compliancy Om uiteenlopende redenen legt de wet- en regelgeving allerlei security regels op in uw sector. Toezichthouders zorgen ervoor dat u zich dient te houden aan deze wet- en regel-geving. Daartoe laten zij regelmatig audits uitvoeren. Vaak levert dat vele bevindingen op. Dit genereert werk op voor soms maanden. Hiermee is geen rekening gehouden. Tegelijkertijd dient u aan te tonen dat u adequate maatregelen hebt genomen binnen de strakke … Continue reading Het security continue verbeterprogramma
OWASP testing The OWASP Testing Project has been in development for many years. With this project, we wanted to help people understand the what, why, when, where, and how of testing their web applications, and not just provide a simple checklist or prescription of issues that should be addressed. The outcome of this project is a … Continue reading OWASP testing guide and OSCP
Travelling all over the world I learned that the security related to WIFI-connectivity is in most public places very bad. And yet many people make use of it despite the alerts they get about a unsecure connection. In fact they do transactions through unsecure WIFI networks like banking transactions. I was amazed. Surely they these … Continue reading Is my Android secure?
Bouwen van een CDC. Denk goed na. De markt van security is weliswaar lucratief en de opportunities liggen voor het grijpen maar tegelijkertijd ligt falen of faillissement op de loer. Het ligt voor de hand in markt waarin de vraag naar security groot is, om dan een CDC te bouwen. Waar liggen de gevaren? Maar … Continue reading Bouwen van een Cyber Defense Center
Qauth is an open standard for access delegation, commonly used as a way for Internet users to grant websites or applications access to their information on other websites but without giving them the passwords. This mechanism is used by companies such as Amazon, Google, Facebook, Microsoft and Twitter to permit the users to share information about their accounts … Continue reading Authentication protocols
Here is a short overview of all kind of interesting web sites concerning security. Cobit - Control Objectives for Information and Related Technology. It Govermance Framenwork - International Assurance Control ISACA. To research, develop, promote an authorative up-to-date and generally accepted Objective Information and related technology controls ESF - European Security Forum - The … Continue reading Interesting security websites
Companies that demonstrate excellence, innovation and leadership in information security. WINNER FINALISTS Advanced Persistent Threat Protection (APT) Advanced Persistent Threat Protection (APT) WINNER: FINALISTS: Lastline Enterprise (Lastline, Inc.) Adaptive Defense 360 (Panda Security) Failsafe (Damballa) Anti Malware Anti Malware WINNER: FINALISTS: Comodo Advanced Endpoint Protection (Comodo) Isla Web Malware Isolation System … Continue reading Overview best security tools
Pensioen spreekt niet tot de verbeelding en staat, behalve voor de 50’gers, ver van ons af. Niet interessant dus. Maar de kans dat je een pensioengat krijgt, in de ICT, is betrekkelijk groot. Doe de pensioencheck. Nu kan je dat pensioengat herstellen en kun je dat in je toekomstige salarisonderhandelingen meenemen! Wist je, om een … Continue reading ICT’er, weet je zeker dat je pensioen goed is geregeld?
Here I summarise some interesting tools to boost the productivity and quality of your ICT and also I came across a framework. Underneath you find an overview: Jenkins-Software development and testing; is an open source automation server-based system written in Java and automates the non-human part of software development process, with continuous integration and facilitating … Continue reading Boost your productivity and choose the proper tools for development and operations (dev/ops)
The management cycle of I&AM. Definition A popular description is; identity management, also known as identity and access management (I&AM) is the security and business discipline that "enables the right individuals to access the right resources at the right times and for the right reasons". Another definition is; … Continue reading Everything about Identity and Access management I&AM
Advanced Endpoint Protection Traps is a better solution than traditional antivirus. AEP traps has a multi-method prevention approach that secures endpoints against known and unknown malware and exploits before they can compromise a system. Traps prevents security breaches and successful ransomware attacks, in contrast to detection and response after critical assets have been compromised. In … Continue reading Advanced Endpoint Protection Traps
Veel artikelen gaan over techniek / infrastructuur. Maar techniek moet beheerd worden. Het is een lastige en ingewikkelde taak. Vaak een onderschatte taak. Wat komt er zoal kijken bij het beheer. Hier in dit artikel worden vele aspecten kort aangestipt die met het beheer te maken hebben. De conclusie is dat beheer onder invloed stat … Continue reading Overzicht samenhang beheeraspecten. Een onderschatte tak van sport.
Documentation is the keystone for the ICT and yet many people dislike the task of documenting. Unfortunately a lot of documents must be created and maintained. IF not the operation and projects do run a high risk of malfunctioning. And the organisation could be in jeopardy. What type of documents must be created and what … Continue reading Overview project documents and sheets
EICAR EICAR is a 68-byte .com file detected as "EICAR-Test-File". This IS NOT a virus but is a manipulated file for testing for the presence of Antivirus systems in email, the file system, or other places. This test file simply displays a text message and returns the control to the operating system. Software vendors agreed about developing a uniform … Continue reading High security controls moving from military to the business
Testing is depending on a lot of other areas within an ICT project. Ignoring these dependencies and not following the principal rules can have devastating results on the testing. Here you find some come ground rules (principles) which contributes to better test results. Requirements / Statement of Work (SOW). Have (very) clear requirements in the Statement … Continue reading Testing – Rules of engagement
Long ago, 20 years, you had a terminal emulator such as 5250-emulator to connect to your system. Now-a-days you have so many devices that can be connected ranging from laptops, tablets, cellphones to printers and any endpoint that has an IP-address. How do you control so many devices that try to access the network from … Continue reading Control your devices in your network!
An urgent request to contribute to the writing of a book called "Diplomacy and strategy – Enterprise systems management"
Here, an annual report on WordPress.com 2016 Toolsynergie. How attractive it has been for her readership. Read the statistics and determine whether ToolSynergie is an attractive site. VISITORS So if you want to move 771 people you need to have almost 20 busses for transportation. Furthermore on the blog site Toolsynergie, the number of readers … Continue reading Blog statistics 2016 Toolsynergie
Herman Rensink Datacenter - / Cloud Architect /CISSP (Associate Member ISC2) The National Institute of Standards and Technology (NIST) is a measurement standards laboratory, and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. It is ONE of the many sources on the Internet. NIST's activities … Continue reading NIST Computer Security Publications – NIST Special Publications (SPs)
UNDERSTAND WHAT YOU’RE GETTING INVOLVED IN Cloud computing covers everything from storing backups of your important data remotely to running all your office systems “in the cloud”… Source: Move to the Cloud
The dangerous undercurrent Projects that will fail before it even starts and we still proceed; odd technology acquisitions that cost a lot of money and management already knew; unexplained mergers that ends in a disaster while investigations and reports already highlighted the bad outcome and yet the reports went into the shredder; implementing methodologies no … Continue reading The irrational human being and the dangerous undercurrent.
Security is becoming increasingly important. Cybercrime is sophisticated and it takes more money, resources and most important, it requires a joined effort of our security solutions. Customers, vendors, commercial and non-commercial organisations should work together in order to defeat or minimise the impact of threats. In light of this two major developments in the area … Continue reading STIX and TAXII, standards on security information exchange
It is a huge endeavour when organisations wants to move their business to the Cloud. One of the many decisions you have to make upfront is the migration of your applications to the Cloud. Thinking about migrating your applications is always good even if your are NOT going to the Cloud. Applications support the business directly … Continue reading Application migrations to the Cloud
Recently I found a very good website called CloudRanger with a complete training course about "MS Implementing MS Azure Infrastructure Solutions." The owner is Shawn Ismail and he is the creator of this training. Many thanks Shawn! My page is just meant as a passthrough to his website CloudRanger. Purpose training The website at CloudRanger lists all … Continue reading Implementing Microsoft Azure Infrastructure Solutions 70-533
Do you recognise this? Projects finish on time within budget and constraints, and all the stakeholders needs and requirements are fulfilled. The teams operating exactly according to the guidelines and are "self steering" teams. The team members are inspired and there is no hidden agenda and all involved members are not afraid of changes. If you have … Continue reading Many reasons why projects succeed!
ICT is all about knowledge and experience. In order to keep up the pace of developments within ICT you have to keep on learning. What is hot today, will be outdated tomorrow. On average, the life cycle of services and products as well as methodologies and techniques is about 3 years. For me I chose Cloud and … Continue reading OpenStack: Install, build and run IaaS cloud with Open Stack | Udemy
Herman Rensink, Data center Architect / CISSP. Here I talk about the technological transformation which is one of the 3 key areas besides organisational and procedural. Transformation is a continuous process and is done in steps that can be overseen and done. It is NOT a radical change but rather a good managed process with … Continue reading Cloud transformation – part one – Technology