Does your cybersecurity start at the heart?
Get a highly customized data risk assessment run by engineers who are obsessed with data security.
Articles by
Andy Green
Andy blogs about data privacy and security regulations. He also loves writing about malware threats and what it means for IT security.
Inside Out Security Blog
California Consumer Privacy Act (CCPA) Compliance Guide
The California Consumer Privacy Act (CCPA) is “the first consumer privacy act in the country,” as one California legislator put it. No other US state has provided its citizens with GDPR-like...
Insider Threats: Hard Lessons From WMI Eventing and Surveillance
Last time, we explored how a hypothetical insider could use the Windows Management Interface (WMI) and its eventing system to surveil other employees. No, I’m not the first person to...
A Practical Software Approach to Insider Threats
Insider data theft presents multiple challenges for traditional IT security. Insiders are employees who are entitled to be in the network unlike hackers. Standard perimeter security measures won’t work. But...
California Consumer Privacy Act (CCPA) and the Future of Data Security Standards
If you’ve been following the blog, you know that the California Consumer Privacy Act, or CCPA, is set to take effect on January 1, 2020. It will establish a new...
Insider Threats: Stealthy Hacking With WMI (Windows Management Instrumentation)
In looking at Windows features and tools from the perspective of a pen tester, it’s easy to lose sight that Microsoft’s operating system is really, wait for it, impressive. I...
Insider Threats: Stealthy Password Hacking With Smbexec
As we’ve been writing about forever, hackers are relying more on malware-free techniques to fly below the radar. They’re using standard Windows software to live off the land, thereby getting...
Frequently Asked Questions (FAQ): GDPR and HR/Employee Data
As I wrote in another post, HR records are considered personal data and covered under the General Data Protection Regulation (GDPR). Since I keep on hearing from people who should...
Data Security and Privacy Lessons From Recent GDPR Fines
We’re more than a year into the General Data Protection Regulation (GDPR) era, and we now have a few enforcement actions under our belts as data points. Earlier in 2019,...
NYS SHIELD Act: Updates to PII, Data Security, and Breach Notification
After the devastating Equifax incident, the New York State legislature introduced the Stop Hacks and Improve Electronic Data Security or SHIELD Act in order to update the existing breach rules....
Insights into User Entity Behavior Analytics (UEBA)
User Behavior Analytics or UBA was and still is the term for describing searching for patterns of usage that indicate unusual computing activities — regardless of whether it’s coming from...