GDPR (GENERAL DATA PROTECTION REGULATION)

GDPR (GENERAL DATA PROTECTION REGULATION)

GDPR is the General Data Protection Regulation, adopted on April 27, 2016, and it will be valid from May 25, 2018. The GDPR replaces the EU’s Data Protection Directive, and this method is mainly used by European Union member’s to protect their Data.GDPR is primarily used to control the Data Breach, Data portability on EU member’s and followed by this other countries are started to develop GDPR for their Data Protection but this method can also be used to store the personal data, or other data’s comes under the national security organisations.

DATA’S PROTECT UNDER GDPR:

• Necessary Identity information such as name, address and ID numbers
• Web Data such as location. IP address and cookie data
• Health and generic Data
• Biometric Data
• Political Opinion etc.

GDPR OVERALL ARCHITECTURE:

Here the overall architecture diagram of the GDPR is described, and it starts from the significant executive team followed by legal advisories (adopted by a required organisation to cross-check the process) and to the IT and software development of mainly follows. GDPR under CIA triad is called Confidentiality, Integrity and Availability to protect their required data.The outcome of the products is checked by the Product Development Team.Finally, CISO and information security follows data privacy method to process the data in a secured manner and later it gets process by the data analyst and reaches the market that’s the overall process of the GDPR takes place and  refer the below link  to follow the GDPR checklist for better data protection

Reference Link: https://www.taylorwessing.com/globaldatahub/article-gdpr-audit-checklist.html

GDPR IN CYBERSECURITY:

Most of the Cybersecurity Organization’s falls under the network, endpoint protections and they also prevent us from the unauthorised access, threat management, and Vulnerability assessment etc. and cybersecurity in GDPR takes place by its method called data encryption, and data pseudonymization. Data encryption is the process that collects the whole data and changes it to the code and stores it in an encrypted way. unless you entered the critical value, you could not access the data and data pseudonymization is the method to add additional data subject to your old data ’s, data masking for better security or hashing can be done here to protect your data’s

Data breaches in cybersecurity organisations can be controlled by GDPR and So, consider investing in Cyber Essentials, a certification scheme backed by the British government to help organisations to prevent online attacks and hacking. This will assist with compliance with the GDPR, as well as improving the security of your company, customers and partners.

Sans generates a compliance report for GDPR which has to be followed by every organisation to secure your data, and by this, you can also trap the path of where mainly data breaches take place

https://www.sans.org/reading-room/whitepapers/analyst/preparing-compliance-general-data-protection-regulation-gdpr-technology-guide-security-practitioners-37667

DETECT AND BLOCK THREATS IN ATTACK CYCLE:

Security tools used in the cybersecurity organisation is used to test your existing vulnerability and risks, and here by using GDPR you can set some conditions to protect your data, and they are by the below techniques as follows.

FIRST LOOK AT EXPOSED PRIVILEGED ACCOUNTS:

When unconstrained delegation has been enabled it leads an attacker to connect to your machine and by this ticket granting ticket will be stored and it leads to compromise and control a domain controller

IDENTIFY CONTROLS THAT CAN BYPASS PRIVILEGED ACCOUNT SECURITY:

How many of you know that all your privileged accounts are safe? First, you have to check for every privileged account and secure the required account with some password or with some encryption methods, and by then it will be difficult for an attacker to bypass your account.

IDENTIFY AUTHENTICATION FIELDS TO YOUR ACCOUNT:

Check for the authentication field in your account that can be easily bypassed, e.g. Kerberos authentication or another authentication process. These flaws attacker can easily access your account and can gather any information’s and also set encryption for your account to protect your data, and by this, it can also secure you from unauthorised access.

GDPR IN PENETRATION TESTING:

The Overall Cybersecurity breach of 2017 was about 61% holds personal data on their customers electronically, and about 46% of all UK business identified at least one cybersecurity breach or attack in the past 12 months. GDPR in CREST certificate launched for network infrastructure, and here by this, an attack can process the cardholder environment.

https://information.rapid7.com/gdpr-toolkit-2.html

Refer the above link to process GDPR toolkit guides to follow for every organisation to prepare GDPR data protection

OVERALL STATISTICS OF GDPR:

C GDPR is the official course offered by the IT governance and want to get certified in GDPR refer the link as follows.

https://www.itgovernance.co.uk/shop/product/certified-eu-general-data-protection-regulation-practitioner-gdpr-training-course

CONCLUSION:

I’m Sure that we have discussed something about GDPR data protection and also about its significant role in cybersecurity and follow the GDPR checklist to secure data protection for your organisation “are you waiting for the better data protection and we are also waiting for it.”

Reference Links:

https://www.itgovernance.co.uk/shop/product/certified-eu-general-data-protection-regulation-practitioner-gdpr-training-course

https://information.rapid7.com/gdpr-toolkit-2.html

AUTHOR

RamKumar

Security Engineer

BriskInfosec Technolagy And consulting PVT LTD

follow me @https://www.linkedin.com/in/ram-kumar-3439b511a/