securityzed contains opinions and anecdotes about INFOSEC issues. Views expressed herein belong solely to the contributors. Not to be taken as professional advice, or internally.
Join us in exploring a new way to control your personal privacy online in a conversation with the CEO of Safing, Raphael Fiedler. You know it’s going to be a great episode when their website header is “Fight surveillance because you love Freedom.”
Raphael’s company, Safing: https://safing.io/
Raphael’s podcast: https://safing.io/podcast/
The law, itself: https://transition.fcc.gov/Reports/tcom1996.txt
Link for Memory Palace (CISSP):
https://www.studynotesandtheory.com/single-post/memory-palace-cissp-notes
Link for CIRRUS (CCSP):
https://www.infosectrain.com/blog/ebook-cirrus-8000-ft-of-ccsp-course/amp/
Radha Arora - https://in.linkedin.com/in/radha-arora-780262107
Study Notes and Theory - https://www.studynotesandtheory.com
Infosec Train - https://www.infosectrain.com
Fadi Sodah (Madunix) - https://www.linkedin.com/in/madunix
The links we promise in the episode:
California law related to gender identity in employment/trade associations:
https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB396
Canadian law regarding gender identity:
https://laws-lois.justice.gc.ca/eng/AnnualStatutes/2017_13/FullText.html
The Canadian province of Prince Edward Island takes this a bit further, as do several of the Canadian jurisdictions:
https://www.princeedwardisland.ca/sites/default/files/legislation/H-12%20-Human%20Rights%20Act.pdf
Here’s the ironic (and wildly contradictory) section (12):
“12. Discrimination in advertising prohibited
(1) No person shall publish, display or broadcast, or permit to be published, displayed or broadcasted on lands or premises, or in a newspaper or through a radio or television broadcasting station or by means of any other medium, any notice, sign, symbol, implement or other representation indicating discrimination or an intention to discriminate against any person or class of persons.
Free expression of opinion
(2) Nothing in this section shall be deemed to interfere with the free expression of opinion upon any subjectin speech or in writing. 1975,c.72,s.12”
Should the police need a search warrant to look at the data on your phone? If your car creates tracking data about your driving behavior, habits, and location, should you have access to it?
The voters in the US states of Michigan and Massachusetts certainly think so.
This week, we do a roundup of some recent changes to the legal landscape associated with INFOSEC, made by referenda.
The Michigan change to the state constitution: https://ballotpedia.org/Michigan_Proposal_2,_Search_Warrant_for_Electronic_Data_Amendment_(2020)
The Massachusetts law: https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)
Our very first product review! Founder and CEO of Hyperproof Craig Unger joins us to talk about audits and how to streamline them with his company’s compliance operations platform. Not sponsored, just a fascinating chat about the ever-exciting world of audits. You can learn more about Hyperproof at their website: https://hyperproof.io/
You may notice some sound quality issues in the episode. Remember when we talked about how having a lot of security can sometimes have drawbacks? Like if you need to open your door quickly but there are five deadbolts on it? Or...if you need to stream audio but have serious endpoint security? That sort of happened here. We still think it was a great episode, and hope you agree because we would love to have Craig back soon.
We had a great time doing the live show; thanks so much to everyone who joined in (we were thrilled to see more than our Three Listeners!); and more thanks for our hosts, New Horizon (and Queen Circe), for inviting us to take part in the event.
If you’re interested in seeing the slides associated with the audio track, please use this link to YouTube: https://www.youtube.com/watch?v=RU5moEg5noU&feature=youtu.be
To continue preparing for disaster to strike, we take a look at firearms from the perspective of personal security. Or personal INsecurity? (As in a lack of security, not ego--but maybe that too.) Everyone’s situation is different, but we do have some information that might help you make that decision a bit more safely and responsibly.
Read MoreThis week, we prepare for the endtimes through personal continuity and disaster recovery, and nerd out on some truly great media.
Just a few of the books, movies, and TV mentioned (or associated with this topic):
Dawn of the Dead (George A. Romero, 1978)
Chernobyl (HBO, 2019)
The War Game (Peter Watkins, 1966: not to be confused with the 1983 classic WarGames)
Night of the Comet (Thom Eberhardt, 1984)
Cast Away (Robert Zemeckis, 2000)
Empire of the Sun (Steven Spielberg, 1987)
Firefly (Joss Whedon, 2002-2003: should have been 6 seasons and a movie)
Serenity (Joss Whedon, 2005: at least we got the movie)
Deadwood (HBO, 2004-2006)
The Road, Cormac McCarthy
Z for Zachariah, Robert C. O’Brien (THE BOOK— not the terrible movie that threw in some horrible racial overtones and a love triangle for no reason)
Lucifer’s Hammer, Larry Niven and Jerry Pournelle
Lord of the Flies, William Golding
To Build a Fire, Jack London
Day of the Triffids, John Wyndham
On The Beach, Nevil Shute
Free registration for our upcoming live webinar on 16 OCT 2020: https://register.gotowebinar.com/register/3599988395504979725
Did you know we have the bestest security system in the world? Yes we do! Join us as we review the costs and outstanding benefits of having a dog for security.
Additional resources mentioned:
War Dog: A Soldier’s Best Friend (2017) Documentary directed by Deborah Scranton, Produced by Channing Tatum. You will cry.
Togo (2019) Live action Disney movie based on true heroes. Starring Willem Dafoe. You will also cry.
Molly Burke YouTube vlog channel following the life of a “millennial girl who just so happens to be blind,” often featuring her guide dog. You can view her playlist “All About Guide Dogs” here!
This week we do a deep and rambling dive into Aaron Schwartz, his attitude toward IP, and JSTOR.
If you or someone you know is experiencing depression or suicidal thoughts, please reach out for help. NAMI (National Alliance on Mental Illness) can provide crisis support or help you find local resources to support your recovery. You don’t have to be in distress to call.
1-800-950-NAMI (6264) or info@nami.org
This is extremely exciting: Robin and I will be hosting a free webinar for New Horizons during their Awareness Month seminar. We'll be doing a live episode of the "The Sensuous Sounds Of INFOSEC" that you can participate in! So, if you ever wanted to be on the show, now's your chance.
Did I mention it's free?
We're going to discuss different INFOSEC certifications, and which pathways might be best for different practitioners. Come check it out, ask questions, and hassle us.
Also, you don't have to pay for it.
We look forward to seeing you there!
https://register.gotowebinar.com/register/3599988395504979725
There are also some other sessions being offered by excellent presenters:
https://bangor.newhorizons.com/resources/free-webinars
Roger Ison-Haug is the head of Berigo AS, a Norwegian audit and consulting firm. [https://www.berigo.as/?lang=en] We also consider him a good friend, and he is one of the three people who listen to the show.
International audit/standards organizations mentioned during the episode:
- ISO (the International Organization for Standardization, which is odd, considering how it’s abbreviated) [https://www.iso.org/home.html]: a global standards body that publishes standards for performing just about every kind of human activity possible. Standards discussed on the show include:
-- The 9000 series: The Total Quality standards (sometimes referred to as “Total Quality Management (TQM),” or “Quality Management Systems (QMS),” collectively)
-- The 27000 series: Standards for information security, often referred to as the “Information Security Management System (ISMS),” which is actually the name of one of the standards in that series, 27001
- ISACA (originally the Information Systems Audit and Control Association, but has now legally changed its name to the abbreviation) [isaca.org]: Originally an American standards body that addressed information systems audit and security for manufacturing systems, but has since evolved into an international IT security and management standards body. Famous for:
-- Professional certifications, such as the CISA (certified information systems auditor) and CISM (certified information security manager) [full disclosure: Ben has the CISM certification]
-- Audit and governance standards, particularly the (unfortunately named) COBIT 19 standard (control objectives for information and related technologies)