42. Safing: Fighting Surveillance with Raphael Fiedler

in

Join us in exploring a new way to control your personal privacy online in a conversation with the CEO of Safing, Raphael Fiedler. You know it’s going to be a great episode when their website header is “Fight surveillance because you love Freedom.”

Raphael’s company, Safing: https://safing.io/

Raphael’s podcast: https://safing.io/podcast/


37. Referen-duh

in

Should the police need a search warrant to look at the data on your phone? If your car creates tracking data about your driving behavior, habits, and location, should you have access to it?

The voters in the US states of Michigan and Massachusetts certainly think so.

This week, we do a roundup of some recent changes to the legal landscape associated with INFOSEC, made by referenda.

The Michigan change to the state constitution: https://ballotpedia.org/Michigan_Proposal_2,_Search_Warrant_for_Electronic_Data_Amendment_(2020)

The Massachusetts law: https://ballotpedia.org/Massachusetts_Question_1,_%22Right_to_Repair_Law%22_Vehicle_Data_Access_Requirement_Initiative_(2020)

35. Craig Unger with Hyperproof

in

Our very first product review! Founder and CEO of Hyperproof Craig Unger joins us to talk about audits and how to streamline them with his company’s compliance operations platform. Not sponsored, just a fascinating chat about the ever-exciting world of audits. You can learn more about Hyperproof at their website: https://hyperproof.io/

You may notice some sound quality issues in the episode. Remember when we talked about how having a lot of security can sometimes have drawbacks? Like if you need to open your door quickly but there are five deadbolts on it? Or...if you need to stream audio but have serious endpoint security? That sort of happened here. We still think it was a great episode, and hope you agree because we would love to have Craig back soon.


28. Audits with Roger Ison-Haug - Small Business Security - Part 7

in

Roger Ison-Haug is the head of Berigo AS, a Norwegian audit and consulting firm. [https://www.berigo.as/?lang=en] We also consider him a good friend, and he is one of the three people who listen to the show.

International audit/standards organizations mentioned during the episode:

- ISO (the International Organization for Standardization, which is odd, considering how it’s abbreviated) [https://www.iso.org/home.html]: a global standards body that publishes standards for performing just about every kind of human activity possible. Standards discussed on the show include:

-- The 9000 series: The Total Quality standards (sometimes referred to as “Total Quality Management (TQM),” or “Quality Management Systems (QMS),” collectively)

-- The 27000 series: Standards for information security, often referred to as the “Information Security Management System (ISMS),” which is actually the name of one of the standards in that series, 27001

- ISACA (originally the Information Systems Audit and Control Association, but has now legally changed its name to the abbreviation) [isaca.org]: Originally an American standards body that addressed information systems audit and security for manufacturing systems, but has since evolved into an international IT security and management standards body. Famous for:

-- Professional certifications, such as the CISA (certified information systems auditor) and CISM (certified information security manager) [full disclosure: Ben has the CISM certification]

-- Audit and governance standards, particularly the (unfortunately named) COBIT 19 standard (control objectives for information and related technologies)