歐盟資料新例 5事項要注意

(文章於2018年5月24日在香港經濟日報刊登)

GDPR Screencap

本周五(5月25日)是歐盟《通用資料保護條例》(GDPR)生效限期。本港機構若有為歐盟提供商品服務、向歐盟人士收集數據,都受新例約束,違例可遭高昂罰款。

GDPR 規定個人資料無論儲存、處理、分發於世界何處,必須受到保護,機構要提供保護數據的證據。若干類別數據若外洩,新例規定機構須72小時內報告;歐盟28國的數據擁有人有權取得、更正或刪除個人資料,機構須迅速回應。

Continue reading

Advertisements

Secure Your AWS Workloads with IBM Managed Services

IBM Cyber Security X-Force Command Center

IBM supports Amazon GuardDuty with both managed security services and SIEM enablement for AWS environments. IBM delivers an integrated system of analytics, real-time defenses and proven experts to help you operate securely in the Cloud.

For customers who have enabled Amazon GuardDuty, IBM can help you integrate security findings and events from AWS into your existing QRadar SIEM and security operations. IBM threat insight combines Global Threat Insight and Augmented Intelligence (AI) via second stage analytics for advanced event classification. AWS customers can also engage X-Force Incident Response services for response planning, preparation, and remediation.

Continue reading

IBM Supports Amazon’s GuardDuty, a Threat Detection and Continuous Monitoring Service

amazon-guardduty-provides-intelligence-on-security-threats2-630x330

Amazon announced a new threat detection service at the recent AWS re:Invent event in Las Vegas that is designed to help protect users from security threats.

Launched by the Amazon Web Services (AWS) cloud computing division, Amazon GuardDuty uses machine learning to help identify potential anomalies and provide recommendations to reduce the risk. The intelligence-driven service aims to help IT decision-makers deal with the ever-growing range of attack vectors in the digital age.

Continue reading

Three Steps to Secure Your AWS Environment Using IBM QRadar

thinkstockphotos-466662831

Moving production assets and workloads to the cloud can be hard. In the absence of care and precision, it can also be risky. With the right tools and practices in place, you can mitigate many, if not all, of these risks. You may even be able to greatly ease your transition.

Continue reading

2018 年資訊保安藍圖

(文章亦同時被 Unwire Pro引用)

cybersecurity

新的一年,又到了制訂計劃、開創路向的季節。在企業資訊保安行業,雖然沒有人能用水晶球預言今年會出現怎樣的黑客和病毒,但根據行業和技術趨勢,我們可循三個方向提供建議,幫助企業主管思考,機構怎樣應付未來的挑戰。

具規模的企業,多數已把企業資訊保安工作,發展成資訊安全監控中心﹝security operations centre,簡稱 SOC﹞── 由保安專家進行 24 x 7 的全天候監控,提供快速有效的突發事件處理機制,維護企業運作。隨著黑客和病毒的轉變,SOC 也要調節資源和程序,在兵賊攻防戰上與時並進。

Continue reading

網絡保安﹝二之二﹞:AI 應用篇

(文章亦同時被 Unwire Pro引用)

ai

隨網絡生態改變,黑客攻擊對企業帶來的金額及商譽損失日益嚴重。網絡保安統計機構 Cybersecurity Ventures 評估,索取贖金型的黑客攻擊對用戶帶來的經濟損失由 2015 年的 3.25 億美元,升至 2017 年的 50 億美元以上,兩年增幅逾 15 倍。

在網絡保安攻防戰中,企業若要做到「魔高一尺,道高一丈」,除了做好基礎防禦和員工培訓,也要讓保安技術和工具與時並進,維持防禦優勢。近年認知運算技術在網絡保安應用上出現重大發展,本文以 IBM QRadar Advisor 一類方案為例,介紹企業如何在網絡保安上善用認知運算技術。

Continue reading

網絡保安﹝二之一﹞:修築三道防線

(文章亦同時被 Unwire Pro引用)

wall

如果能預知六個月後,你的企業將會遭受網絡攻擊,管理層應如何部署?企業可修築的防線有三道:100% 基礎防禦、用人工智能加強網絡保安,及制訂遇襲期的應變流程。

Continue reading