The General Data Protection Regulation (GDPR) has been the buzz word that is causing media hype and organisations across the globe. You can find myths and misconceptions around GDPR more than you can find factual information. This blog post will address some of the key myths that we have found.
In my previous two articles in this series focused on developing an Information Security Management System (ISMS) based on ISO 27001:2013, I presented the common myths associated with the standard. In this article, I am going to provide an overview of the standard and section 4 Context of the organisation.
Okay, I know I promised to delve into and discuss the requirements defined in 4 Context of the organisation. However, I realised that they are other common myths that I should dispel for those of you that are interested in implementing an Information Security Management System (ISMS) that conforms with ISO/IEC 27001:2013 (ISO 27001).
Reports surfaced on the 12th of April of a botnet that attacks IoT running BusyBox and other Linux-based devices. The bot, which is believed to be active since the 20th of March 2017, exploits hard-coded passwords of devices with published SSH or telnet, as well as attempting to brute-force passwords of devices with non-default credentials. As the name suggest, BrickerBot bricks the devices and leaves them completely useless. This is done by executing a set of commands to delete storage, corrupt routing and others.
When using devices and online services, always use modern, convenient and strong access controls. Fingerprint sensors are brilliant for controlling access to personal devices, a good password manager makes creating and remembering passwords a breeze, and adding multi-factor authentication is the best approach for protecting the accounts you really care about.