Categories
Uncategorized

A Guide to Empowering Organizations with Cloud Data Processing Compliance

A Guide to Empowering Organizations with Cloud Data Processing Compliance

Empowering Organizations with Cloud Data Processing Compliance: A Guide by Information Security Architects Ltd

In an era dominated by digital transformation and data-driven decision-making, organizations are increasingly turning to cloud data processing solutions to streamline operations and unlock new opportunities for growth. However, with the proliferation of data comes heightened concerns about privacy, security, and regulatory compliance. In Ghana, where data protection laws are becoming increasingly stringent, navigating the complexities of cloud data processing while ensuring compliance with the Data Protection Act is paramount for organizations across all industries.

 

Information Security Architects Ltd (ISA) is proud to introduce a comprehensive guide designed to address these challenges head-on: “Navigating Cloud Data Processing in Ghana: A Compliance Guide.” As a leading provider of data protection, cyber, and information security consulting services in Ghana, ISA understands the importance of equipping organizations with the knowledge and tools necessary to navigate the intricacies of data protection regulations.

 

Drawing on over a decade of experience in the industry, this guide provides invaluable insights and practical advice tailored specifically to the Ghanaian business landscape. From understanding the key principles of cloud data processing to ensuring compliance with the Data Protection Act, this guide serves as a trusted resource for organizations, technologists, and compliance personnel alike.

 

At ISA, we recognize the unique challenges faced by organizations operating within Ghana’s diverse industries, including banking and finance, energy, hospitality, and education. Our mission is to empower organizations with robust solutions that not

only ensure compliance with regulatory requirements but also enhance overall data security and privacy practices.

 

As a testament to our commitment to excellence, ISA holds Cyber Security Authority Certificate No. CSA/493/T-1/123-41408 and Data Protection Commission Certificate No. 0004979, affirming our status as a trusted partner in the realm of data protection and cybersecurity.

 

With our guide on cloud data processing compliance, ISA reaffirms its position as a leader in the field, dedicated to providing organizations with the knowledge and support needed to thrive in today’s digital landscape. Whether you’re a small startup or a large enterprise, ISA is here to help you navigate the complexities of data protection and cybersecurity with confidence.

 

Click on this [link] to access our guide. While on our platform, we invite you to explore our range of services. For further inquiries or assistance, kindly contact us at business@isa.com.gh. Together, let’s empower organizations to embrace the opportunities of cloud data processing while safeguarding the privacy and security of their most valuable asset – data.

Categories
Uncategorized

Information Security Architects Limited (ISA) Secures Provisional License from CSA

Information Security Architects Limited (ISA) Secures Provisional License from CSA

Information Security Architects Limited (ISA) Secures Provisional License from CSA, Paving the Way for Enhanced Cybersecurity Services in Ghana

In a significant development for the cybersecurity landscape in Ghana, Information Security Architects Limited (ISA) is thrilled to announce that it has been granted a provisional license by the Cyber Security Authority (CSA). This milestone achievement not only underscores ISA’s commitment to excellence but also positions the company as a trusted partner in safeguarding digital assets and information.

Provisional License from CSA: A Testament to ISA’s Commitment to Security

The CSA’s rigorous evaluation process has culminated in the issuance of a provisional license to ISA, this regulatory approval acknowledges ISA’s dedication to maintaining the highest standards of information security.

With the newly acquired license, ISA is poised to offer a comprehensive suite of services to clients in Ghana, addressing the evolving challenges posed by cyber threats. The certificate number CSA/493/T-1/123-41408 serves as a symbol of the company’s adherence to the stringent cybersecurity regulations set forth by the CSA.

ISA’s Range of Services: Empowering Organizations in the Digital Age

ISA specializes in a variety of services designed to fortify organizations against the ever-growing threat landscape. As a trusted Information Security Consultancy, ISA works closely with clients to develop tailored strategies that align with their unique security needs and business objectives.

The company’s Cybersecurity Assessment and Testing services provide a thorough examination of existing security infrastructure, identifying vulnerabilities and ensuring robust defenses against potential threats. Leveraging state-of-the-art technology and methodologies, ISA helps clients build resilience in the face of evolving cyber risks.

ISA’s Managed Detection & Response (MDR) service is a proactive approach to cybersecurity, offering continuous monitoring, threat detection, and rapid response capabilities. This service ensures that any potential security incidents are identified and mitigated in real-time, minimizing the impact on the organization.

 

Vulnerability Management is another critical component of ISA’s offerings. Through systematic identification and prioritization of vulnerabilities, the company assists clients in implementing effective measures to reduce their risk exposure and enhance overall security posture.

 

Enterprise Endpoint Security, a cornerstone of ISA’s services, focuses on protecting endpoints, including desktops, laptops, and mobile devices. By employing cutting-edge solutions, ISA helps clients secure their network perimeter and prevent unauthorized access to sensitive information.

 

Recognizing the human element as a key factor in cybersecurity, ISA provides Security Awareness Training to educate and empower employees. This proactive approach equips organizations with the knowledge and skills needed to recognize and respond to potential threats, ultimately reducing the risk of human-induced security breaches.

Strategic Partnerships: Collaborating for Comprehensive Security Solutions

ISA’s commitment to delivering best-in-class cybersecurity solutions is further reinforced through strategic partnerships with industry leaders. The collaboration with Rapid7, a renowned cybersecurity analytics and automation company, ensures that ISA leverages advanced technologies to stay ahead of emerging threats.

 

ESET, a pioneer in proactive threat detection, complements ISA’s services by providing cutting-edge antivirus and antimalware solutions.

 

And also introducing CodeHunter, our incoming partner, a leading provider of automated malware analysis services, which enhances ISA’s capabilities in identifying and rectifying malware in software applications.

 

These partnerships underscore ISA’s dedication to offering clients the most innovative and effective cybersecurity solutions available in the market.

 

Conclusion: A New Era of Cybersecurity Excellence

 

The receipt of the provisional license from the CSA marks a pivotal moment for Information Security Architects Limited. As the company embarks on a new chapter, it remains steadfast in its mission to empower organizations in Ghana with robust, customized, and forward-looking cybersecurity solutions.

 

With a comprehensive portfolio of services and strategic partnerships with industry leaders, ISA is poised to play a crucial role in fortifying the digital landscape in Ghana. As the cybersecurity landscape continues to evolve, ISA stands ready to meet the challenges head-on, providing clients with

With a comprehensive portfolio of services and strategic partnerships with industry leaders, ISA is poised to play a crucial role in fortifying the digital landscape in Ghana. As the cybersecurity landscape continues to evolve, ISA stands ready to meet the challenges head-on, providing clients with the confidence and security they need to thrive in the digital age.

Categories
Apps Uncategorized

Corporate network protection: Kaspersky Endpoint Detection and Response (KEDR)

Corporate network protection: Kaspersky Endpoint Detection and Response (KEDR)

Share it:

Unlike single endpoint solutions, the EDR-class solution provides multi-host event visibility and “heavy” methods of detection (sandbox, deep learning models, event correlation) as well as expert tools for incident investigation, proactive threat hunting and attack response.

Kaspersky EDR is a cybersecurity solution for the protection of corporate IT systems. It adds endpoint detection and response (EDR) capacities to IT security:

Extract patterns of elaborate attacks, automatically and manually, from events on many hosts.
Respond to attacks by blocking their progress.
Prevent future attacks.

The need for EDR
Not long ago, a typical cyberattack would use mass malware. It would target separate endpoints and detonate within single computers. Mass malware attacks are automatic, they pick out random victims via mass emails, phishing websites, rogue Wi-Fi hotspots etc. The remedy was endpoint protection solutions (EPP), which would protect hosts from mass malware.

Facing the effective EPP-based detection, attackers switched to the more costly, but more effective, tactic of launching targeted attacks against particular victims. Due to high cost, targeted attacks are usually used against companies, with the aim of getting profit. Targeted attacks involve reconnaissance and are designed for penetrating the victim’s IT system and evading its protection. The attack kill chain involves many hosts of the IT system.

Due to the high variety of methods and their human-led, interactive nature, targeted attacks can evade EPP-based security:

EPPs rely on what they see on a single endpoint. But advanced attacks act on many hosts, making relatively unsuspicious actions on yet another endpoint. Even if host EPPs detect some of these actions, the attackers eventually build a multi-host kill chain. Traces of such attacks are scattered about many hosts.
As EPP verdict is automatic, the attackers can verify that their attack is not detected by victim’s EPP or other automatic security solutions. Attackers keep whole farms of antimalware just for this case.
Vendors cannot increase protection by just making EPP solutions more “paranoid” due to risk of false positives. So even when something ambiguous is happening on a host that could be a part of a kill chain as well as a legit action, EPP is designed not to interfere.
To address targeted attacks, cybersecurity vendors extend EPP solutions with endpoint detection and response (EDR) features:

Providing centralized visibility of events on many hosts for their manual and automatic correlation
Providing security staff with sufficient data about events
Creating tools for response and remediation, thus countering human-led attacks with human-led cyberdefense
In essence, EDR adds new layers of endpoint protection against advanced attacks.

Kaspersky EDR’s input into security
Kaspersky EDR adds protection power to an existing EPP solution. EPP specializes on simpler mass attacks (viruses, Trojans etc), while the EDR concentrates on advanced attacks. With this solution, analytics view malware activity as well as events with legit software in the context of an attack, uncovering the whole kill chain.

Kaspersky EDR is fully integrated with Kaspersky Enterprise Security EPP, and it can work with EPP solutions of other vendors. The EDR adds the following:

Multi-host event visibility: aggregation of attack traces scattered around the IT system
Detection with “heavy” methods, which require much computation power unavailable for regular user endpoints due to possible effect on regular user workflow: advanced pre-processing, sandbox, heavy machine learning models, including deep learning, and others. Heavy methods provide better-quality detection
Expert tools for incident investigation, proactive threat hunting and attack response

Kaspersky EDR design
Elements

Endpoint sensor: integrated with Kaspersky Endpoint Security in one-agent or standalone (for deployment with other EPP solutions)
On-premise servers (event storage; analytic engine; management module; optionally—a sandbox).On-premise location keeps the event data in full control of the customer
The KSN cloud or KPSN private cloud for detection enrichment in real time and prompt reaction to new threats
EDR as part of Kaspersky Threat Management and Defense

Kaspersky EDR, Kaspersky Anti Targeted Attack platform and Kaspersky Cybersecurity Service (KCS) make up a suit for advanced protection and threat intelligence:

Kaspersky Anti Targeted Attack Platform adds network-, web- and mail-based detection, extending the solution’s scope of targeted attack detection to “endpoint+network” level.
KCS adds expert support for customer IT security team: training, providing threat intelligence data, security operation center (SOC) management by Kaspersky Lab and other options.
Integration with Security information and event management (SIEM) systems

You can integrate our EDR with 3rd party SIEM systems (detect data is exported in common event format, CEF).

Features
Continuous centralized event aggregation and visibility. The EDR aggregates events from hosts in real time:

The EDR aggregates events continuously, regardless of their cause and suspiciousness. This makes EDR more effective against unknown malware. We could design it to aggregate only suspicious or malware events and thus save disk space on the central node (as some other EDR solutions do). But then legit actions of attackers with stolen credentials would not be logged, and new unrecognized threats won’t trigger logging as well.
The EDR central node uploads events feed from hosts to its storage on the central node. Some other vendors’ EDRs store events right on hosts. When the central node needs data about events, it requests log info from hosts. This design saves disk space on the central node, but makes search slower and connection-dependent, with host visibility depending on host’s availability in the network.
Automatic detection. Threats visible in the scope of a single host are detected by Kaspersky Endpoint Security with heuristic, behavioral and cloud detection (or with another EPP host application). Above this, the EDR adds layers of detection with a multi-host scope, based on correlation of events feed from multiple hosts.

Apart from event-based detection, EDR host agents automatically send suspicious objects or parts of memory to the central node for a deeper analysis with algorithms unavailable for regular host computation power, including heavy pre-processing, heuristics and machine learning algorithms, sandbox, extended cloud detection, detection based on Kaspersky Lab’s threat data feed, custom detection rules (Yara).

Manual detection, or threat hunting, is the proactive search by an operator for traces of attacks and threats. The EDR lets you “hunt” through the whole history of events from many hosts, aggregated in the storage:

You can search through the storage for traces of attacks and suspicious events and link them together to reconstruct the potential kill chain. Search queries in the database support compound filters (by hosts, detection technology, time, verdict, severity level etc).
You can upload new IOCs to the EDR and detect earlier undetected persisting threats.
You can manually send suspicious objects for deeper analysis by “heavy” detection methods.
If the company has enabled the KL TIP service (Kaspersky Lab Threat intelligence platform), you can request information about objects in threat database.
Response is actions that an operator can take when they detect a threat. These actions include:

Incident investigation, reconstructing events in the kill chain.
Remote operations on the host, including process kill, deleting or quarantining files, running programs and other actions.
Containment of the detected threat by hash-based deny of object execution.
The rollback of changes on hosts caused by malware activity relies on the EPP solution. For example, Kaspersky Endpoint Security undoes such malware actions.
Prevention is the policies that restrict object activities on endpoints:

Hash-based execution deny policies prevent running particular files (PE, scripts, office documents, PDF) throughout the whole IT system let you prevent attacks currently spreading around the world.
Automatic detection of objects or URLs on hosts, which have been previously detected in a sandbox as malware.
Application execution control (whitelisting, startup control, privilege control), policies of network access, USB drive access and others rely on the EPP solution. Kaspersky Endpoint Security EPP provides all these prevention features.
Management of Kaspersky EDR is role-based and provides workflow management: alert assignment, tracing alert status, logging alert processing. Email notifications are flexibly configured according to alert types and their combos (detect type, severity etc).

Use case: uncovering the kill chain
EDR host agents routinely send events to the in-house EDR server.

One of events received on the server is associated with execution of a file with unique occurrence in the corporate IT system (judging by its hash). The file has other suspicious traits as well.
The server triggers deeper investigation. It downloads the file itself for the automatized analysis by EDR analytical engines. The file is queued for automatic analytic procedures.
The sandbox detects file behavior as malware and alerts the operator.
The operator initiates manual investigation and checks the events possibly associated with the infection:

a. With standard administrator tools, finds that the infected machines had been accessed from a corporate web server, which is available from the Internet. Finds suspicious files and processes being executed on the server, creation of suspicious executables. Eventually, finds a web shell that attackers uploaded via a vulnerability on the server’s web site.

b. Identifies all command and control (C&C) servers for this attack.

The operator responds to the attack:
a. Blocks all detected C&Cs.
b. Kills malicious processes.
c. Blocks execution of malware files by their hashes.
d. Quarantines malware and suspicious files for later investigation.

Categories
Uncategorized

Do you want to learn how to analyze binary programs to detect Malware?

Add Your Heading Text Here

Share it:

In the month of August, we will begin a practical course on Linux binary analysis to help system/security engineers  learn how to analyze and detect hidden malware in binary programs running on Linux host.

You will need the following tools and knowledge to benefit greatly. We will add more tools or utilities as we progress:

  • gcc compiler
  • debian linux  (version 9)
  • can interpret basic Intel assembly code syntax
  • Understand basic linux commands
  • Vim friendly

Source:  ISA Security Team

Categories
Uncategorized

ISVM IS HERE AGAIN

Add Your Heading Text Here

Share it:

Cybersecurity is the latest trend in the I.T Industry and it is necessary for I.T professionals handling users or corporate data to be aware of modern day cyber-attacks.

Hence we invite you to be part of  our upcoming ISVM  training session specifically designed for security engineer, network engineers, penetration testers and IT professionals.

You can check the image below for further details

Categories
Uncategorized

Data-driven businesses and data selling: The case of the Electoral Commission of Ghana and BSystems

Add Your Heading Text Here

Share it:

It is true that today’s society is driven by data and no doubt many people have tagged data as the new oil, it is the crucial ingredient of what has come to be accepted globally as the information economy, but wait! How does this even makes any sense?

Good! Now wake-up to the new world order of data supremacy; data is valuable because it tells governments and companies about their audience’s interests, allowing them to improve their targets’ experiences.

Companies, industry players, regulators, law enforcement and enthusiasts can derive value from their own data and they can also purchase it from other sources where permissible.

If you have high-quality data, you can also sell it to create a more direct economic benefit but this in some jurisdictions is restricted especially where personal data is concerned.

The energy to push data to the limits is evidenced with the emergence of Data-as-a-Service model businesses which are data infrastructure that powers human connectivity delivering the right insight into the right people at the right time and with data analytics driving this model.

The benefits have been enormous within varied aspects of human interaction; take for example medical practice, big data analytics is playing a role in interrogating the patient electronic health record toward improved clinical decision support, in the legal practice arena the conversation is around data-driven justice to determine outcome of legal disputes and big data is making it much easier to track relevant precedents across the world for this purpose.

Now this brings me to a crucial point of the write-up and that is the kind of data used under these circumstances; this may be personal or non-personal data, in the aspect of personnel data there are vigorous efforts to regulate what is taken, when it is taken, how it is taken, used, stored and disposed off with the consent of people of whom this data is collected.

It is to be understood in plain terms that data is any attribute that directly identify a person or such collection of attributes from whom a person can be identified. Therefore a CCTV footage may contain personal data if the optical analytics can identify the persons in such audio-visual footage.

The name, age, address, nationality of a person in a driver’s license database is construed as personal data once a unique and definite identity can be made from it. Let me also add that in most jurisdictions it is a matter of law as to what personal data involves.

It’s no secret that your personal data is routinely bought and sold by dozens, possibly hundreds, of companies the world over. What’s less known is who those companies are, and what exactly they do. Sometime in the first quarter of 2019, the Vermont General Assembly passed an Act, H.764 (Act 171), relating to data brokers and consumer protection requiring companies that buy and sell third-party personal data to register with the Secretary of State and currently a list of 121 data brokers operating in the U.S have registered.

It’s a rare, rough glimpse into a bustling economy that operates largely in the shadows, and often with few rules. The Vermont law doesn’t require data brokers to disclose who’s in their databases, what data they collect, or who buys it nor does it require brokers to give consumers access to their own data or opt out of data collection the converse is what happens here in Ghana, the Data Protection Act 2012 (Act 843) provides under its sections 88 and 89 a prohibition for the purchase and sale of personal data and proceeds to make such acts punishable by fines and imprisonment.

It has been argued by data-driven businesses that this is retrogressive and infringes on innovation, to the extent that digitization is essential to collect, share, and aggregate large volumes of heterogeneous data to support the discovery of hidden patterns, one can make the inference that the digital transformation, one that Ghana as a country is ferociously pursuing in the area of e-Government services, digital addressing, health among others will call into action the use of data whether personal or non-personal and therefore data protection regulations must be properly understood and interpreted to industry and individual data subjects; in fact the regulator of the space in the name of the Data Protection Commission is enjoined by law to make it known, guidelines and frameworks that will promote the observance of good practice to ensure compliance, failure which industry players and citizens will not appreciate what the law provides them.

Well, so when do we know that a particular act amounts to sale of data? In Ghana the law is that explicit about sale and purchase of data, the enabling Act does not provide explicit definition however to what would amount to the sale of data or otherwise data selling activities. The law however defined “business” to include trade or profession. A good attempt will be to look at it this way, data selling can be done directly between the parties and in this case data controllers to themselves or data processors or even to individuals or it can be done through what is presently well-known in the industry as data brokers, such was the motivation for the Vermont law mentioned above.

The data brokers are entities that collect information about consumers, and then sell that data (or analytic scores, or classifications made based on that data) to other data brokers, companies, and/or individuals. Even when consumers are aware of both the existence of data brokers and the extent of data collected, it’s difficult to determine which data they can control, for example, some data brokers might allow users to remove raw data, but not the inferences derived from it, making it difficult for consumers to know how they have been categorized. Some data brokers store all data indefinitely, even if it is later amended. A friend once asked me “are they data controllers under the law?“ the simple answer is “Yes”. The industry is incredibly opaque, and data brokers have no real incentive to interact with the people whose data they are collecting, analyzing, and sharing.

These data brokers do not have a direct relationship with the people they’re collecting data on, so most people aren’t even aware that the data is even being collected. Once data is collected and stored via whatever means, the data is sold through the direct transfer mostly through electronic means to the purchaser, it gives the purchaser an absolute ownership of the data contemplated in the said data sale contract and this shifts the responsibility of the what the data is used for to the new data controller and depending on the contractual outcomes and obligations, the initial data controller may also retain some responsibility in controllers controller or controllers processor relationship.

By now you are getting the picture that data brokerage can be an integral part of data selling so let’s take a minute and identify the various kinds of data brokers; firstly there are people search sites, where users can input a piece of data, such as a person’s name (or a phone number, city/state, email address, social security number, etc.) and get personal information on that person either for free or for a small fee, example that comes to mind include places like Spokeo, PeekYou, PeopleSmart, Pipl, and many more. Secondly there are data brokers that focus on marketing, such as Datalogix (owned by Oracle), or divisions or subsidiaries of companies like Experian and Equifax. They develop dossiers on individuals which can be used to tailor marketing. And finally there are data brokers such as ID Analytics that offer risk mitigation products to verify identities and help detect fraud.

Well, having kept you on a mini-lecture which is the ground on which I will discuss the subject matter; let me hint that the subject matter of this article is whether the Electoral Commission of Ghana sold citizen data to a private company called B Systems. The background to the issue is that of a news article making the waves under the headline; EC sold voters data to private firm without an agreement – Auditor-General and reported on the 27th of June 2019 by the graphic online newspaper portal www.graphic.com.gh and other media outlets. The graphic online news portal captured the story in part as follows;

There was no Agreement between the Electoral Commission and Bsystems Limited who obtains Electoral Data from the Commission and offers it to the Financial Institutions for a fee. We further noted that, Bysystem Ltd. failed to remit the 20% commission due the Electoral Commission, in respect of charges for accessing the data, for the 2016 and 2017 financial years, the report noted.

According to the report, the EC, in response to the findings, stated that, a Memorandum of Understanding (MoU) was signed between the Commission and BSystems Limited; but the MoU was suspended in the third quarter of 2016.”

For starters or probably as an appetizer, let’s determine how the Electoral Commission and BSystems relationship is established, BSystems as a private business identified an opportunity via a regulator’s requirement for banks and regulated financial institutions to have a Know Your Customer (KYC) routine done on its customers and this included ensuring that any nationally accepted identification card presented is verified to avoid fraud among others. This led the private business to develop a solution called GVIVE.

GVIVE® is an online Identity Verification System that integrates with ID database systems enabling true and real-time verification of people to curb identity theft etc. By its design the integration is done at an Application Programming Interface (API) level which actually means the solution queries the database of whichever entity is the data controller holding and determining the ultimate use of the said data. At best such a service do not engage a direct transfer of the data from one entity to the other in whatever form or provide a direct custody of the data from the holding entity to the receiving entity.

As I have come to understand it, the GVIVE system queries the electoral ID database hosted by the Electoral Commission, when Voter ID cards are submitted to the banks for the primary purpose of verification as required by the regulator’s directive to the banks and regulated financial institutions. It is important to note that this model is termed value-added data services and it involves multiple entities who still own and keep their data but gives minimal electronic access to that data for specific data processing purposes, it involves a machine-read-only access to the system hosting the data. This service will be needless if the financial institutions or the national ID regulator for instance can integrate directly to the electoral or any other ID database required.

Let’s proceed to have our main course, which is quite brief having had such an almost bellyful appetizer, I start off with the relationship between the Electoral Commission and BSystems, this is a data controller and a data processor relationship, access and its intended use is determined at law by the Electoral Commission who for all intent and purposes is responsible for the ultimate data protection obligations under the laws of Ghana, BSystems is a processor of the said personal data as must be directed by the data controller. It is clearly established that the purpose here is to ensure verification of the data. At this point it is important to also highlight that when a customer presents an identity card to the bank he or she has impliedly consented to verification, the very essence of the service rendered by GVIVE.

The data processor in the name of BSystems is required to adhere to the requirements of the personal data protection laws of Ghana and to the contract under which it operates with data controllers in this specific case the Electoral Commission, the Commission is also required to ensure data protection best practices are visible requirements in its engagement with any processor or controller, for instance the registration of the other party under the law, evidence of a data protection program and policy, privacy impact assessment reports and possibly technical security assessment report of the system meant for this engagement, it must be the business of every regulator and/or private data controllers must make it a benchmark to demand and ensure data protection best practices when engaging entities in data-driven model business.

The primary question of whether data selling as taken place or data selling activities can be identified under the two breakdowns of data selling which is a direct BSystems of data between parties or the use of brokerage strategies, this cannot be said to have happened since BSystems has not received direct transfer of data and its model does not qualify as a brokerage. One is tempted to believe that BSystems operates on the third level of data brokerage which is that they offer risk mitigation products to verify identities and help detect fraud as done by GVIVE; the flaw with that argument is that BSystems on the current issues only integrates to the existing database and do not own it in any form, data brokers own their data.

Noteworthy to this article is the fact that the regulating bodies undoubtedly enjoy some exemptions under the Data Protection Act 2012 and these include the Electoral Commission; however let me sound a caveat found in the letter of the law, this is to the effect that exemption is given for the “processing of personal data”, which means the framers anticipates that whilst the exemption holds true an entity exempted will ensure that the protection mechanism are still in place for the personal data it holds. It will be an absurd interpretation of the law to say that because there is an exemption then an entity can for instance go out of its way and treat personal data with disdain, it defeats the spirit of Act 843 which was brought to life from the 1992 Constitution of Ghana and a matter of protecting fundamental human rights to privacy albeit the limitation of guaranteed rights under the Constitution.

I express the view that BSystems’ current model is one that is adding value to data stored without modifying or owning it; in this light the verification services rendered however as a data processor by BSystems is required under the laws to comply with data protection principles and ensuring that at all times it does not infringe on the privacy rights of individuals; the exemptions do not extend to BSystems as a value-add service provider . The Electoral Commission is however expected to have in place a data-transfer policy (where needed), data-use policy with its third-party service providers and without sounding unnecessarily legal the players in the industry must make the effort to shed some sunlight and transparency on an industry that’s traditionally been pretty opaque as it is the only way to balance the act of data protection regulations and data-driven business models which are heavily commercialized.

According to lotame.com an online data business portal, the world produces an estimated 2.5 exabytes, or 2.5 billion gigabytes, of data every day. Of that data, 90 percent was created in the last two years. The amount of information available to use is growing — and growing fast. That data comes from a variety of sources including online transactions, social media, search engines, web traffic and more. The data-driven business models are here to stay and will influence all other aspects of endeavors, equally privacy laws are not going away so long as individuals become more aware of the control and power they have to make determinations concerning the use of their data.

The balancing act is crucial between the data protection regulator, the data controllers, processors and data subjects.

Israel D. Esq 

Categories
Uncategorized

Should Linux Geeks Move to Windows ?

Add Your Heading Text Here

Share it:

Source: The Hackernews

Microsoft is taking another step forward to show its love for Linux and open source community by shipping a full Linux kernel in Windows 10 this summer.

No, that doesn’t mean Microsoft is making its Windows 10 a Linux distro, but the company will begin to ship an in-house custom built Linux kernel later this year starting with the Windows 10 Insider builds.

Microsoft announced the move in a blog post while unveiling Windows Subsystem for Linux version 2.0 (or WSL 2) that will feature “dramatic file system performance increases” and support more Linux apps like Docker.

So, to support this entirely new architecture for the WSL 2, Windows 10 will have its own Linux kernel.

Although this is not the first time Microsoft has shipped a Linux kernel as the company has already shipped its own custom Linux kernel on Azure Sphere last year, this is the first time a Linux kernel is shipped with Windows.

Unlike Windows Subsystem for Linux version 1.0 (WSL 1) which used a Linux-compatible kernel, the first WSL 2 release will be based on the latest long-term stable Linux release, i.e., version 4.19 of Linux at Kernel.org.

By making the switch to using the Linux kernel itself, Microsoft is getting all of Linux’s features like Docker containers for free and promising “noticeably faster” performance, with faster boot up and lesser use of memory.

You can see a preview of Windows Subsystem for Linux version 2.0 in the given video.

Categories
Uncategorized

Protect Your Docker Hosts With These Techniques

Add Your Heading Text Here

Share it:

Although docker has made it possible for engineers to build and deploy enterprise software without worrying about package dependencies, there are security problems related to docker technology due to the fact that instances of docker or docker containers share the same kernel.

In this brief post, we outlined five ways to protect your docker hosts from attacks such as DOS Attacks,  Image malware, illegal root privileges, and so on.

  • How to Avoid Kernel System Attacks In a Docker Ecosystem:

To avoid kernel system attacks, install and run docker on VM to avoid direct access to  the kernel. Installing docker on VM makes it difficult for attackers to get access to kernel and manipulate kernel security settings.

  •     How to Avoid Excessive Memory Usage by Programs Running on Containers

Some programs running on containers can use excessive memory instead of making use of allocated memory. This usually happen when malware reside on the same host with legitimate programs. You can make use of cgroups or control groups to limit containers or application instances to a number of resources.

Cgroups or Control groups is technology implemented in  Unix operating system.  You can use it to limit programs to a set of resources.

Make sure you are using the latest version of docker engine

  •   How to Avoid Container Attack Escalation

Usually docker containers run as root users or ‘admin’ users. Hence any malicious program that is able to get access to containers running on a docker host can move further to manipulate kernel security features. It is advisable to run and manage docker host on virtual machines.

Running docker host on virtual machines makes it extra difficult for attackers to escalate attacks to the kernel.

  •   The main concept of docker technology is to allow implementation of micro-service architecture. Hence, it is quite risky to run all services in a single container. You can separate services and run each service in a different container and make use of docker swarm to scale services to avoid impromptu ‘services shutdown’ .
  •   Finally you can make use of  Clair to assess container images. 
Categories
Uncategorized

OSX/Shlayer

Add Your Heading Text Here

Share it:

OSX/Shlayer is a potentially unwanted application that downloads and installs software on the computer.

Although malware that disguises itself as an update to Adobe Flash Player is nothing new, some of the latest incarnations of fake Flash Player installers have an unusual method of downloading additional content.

OSX/Shlayer spreads via BitTorrent file sharing sites, appearing as a fake Flash Player update when a user attempts to select a link to copy a torrent magnet link.

Torrent sites are notorious for distributing malware and adware, sometimes through misleading advertisements, and sometimes through Trojan horse downloads that claim to be “cracks” or that may contain infected copies of legitimate software.

Even if you don’t use torrent sites, you may encounter other sites that claim you need to update Flash Player; in most cases, this is actually an attempt to install malware on your computer.

BROWSER INDICATORS:

On some of the malware distribution pages, the fake Flash Player alerts are customized to your browser. If you’re using Mozilla Firefox, you may see an upward-facing arrow appear pointing to the browser toolbar that indicates that there is a recent download available to open.

If you’re using Google Chrome, you may see a pop-up message pointing to the bottom-left corner of the browser window where newly available downloads appear. Ironically, Google Chrome has its own built-in version of Flash Player that users don’t need to update manually; it gets updated automatically whenever Google issues an update for Chrome itself.

WHAT MALWARE DOES IF INSTALLED:

The primary goal of OSX/Shlayer is to download and install adware onto an infected Mac. Although “adware” may not sound like a big deal, it can be a lot more harmful than the name implies.

At least one variant of the malware also appears to exhibit an interesting behavior: It checks whether one of several Mac anti-virus products is installed.

HOW MAC USERS CAN PROTECT THEMSELVES FROM OSX/SHLAYER:

Avoid any “Flash Player” update alerts you may encounter on the Web; in most cases, these are actually false warnings intended to trick you into downloading and installing malware.

If you use Google’s Chrome browser, it already has a built-in version of Flash Player, so you’ll never need to obtain a newer version of the plugin from a third party.

If you use Apple’s Safari browser, or Mozilla Firefox or other third-party Web browsers, you should bookmark https://get.adobe.com/flashplayer/ and only obtain Flash Player updates via that bookmark—that is, if you even need Flash Player in the first place.

In fact, when you get a new computer the best practice is to avoid installing Flash Player in the first place. Few legitimate sites require Flash these days, and for the rare site that does, you can view the site in Google Chrome.

If you accidentally download a fake Flash Player update and it comes as a .dmg (Mac disk image) file, don’t double-click it!  Simply drag it to the Trash, and then from the Finder menu (in the top-left corner of the screen, next to the Apple menu) select “Empty Trash…

WHAT TO DO IF YOU’RE INFECTED:

If you suspect that your computer might be infected, you can download VirusBarrier Scanner (free) from the Mac App Store to scan your computer for an existing infection.

We recommend installing antivirus software with real-time scanning protection, such as Intego VirusBarrier X9 (part of the Mac Premium Bundle X9 utility suite), to help block malware before an infection can occur.

Author:  Jerry Amarteifio, systems and endpoint engineer 

Categories
Uncategorized

Citrix Intranet Hacked by Iridium

Add Your Heading Text Here

Share it:

Citrix Systems‘ internal network was hacked by international cybercriminals that may have accessed and downloaded business documents. The company acknowledged the hack in a blog post last Friday.

Stan Black, the chief security and information officer at Citrix, wrote that the company was contacted by the FBI last Wednesday. The FBI told Citrix that it had reason to believe there was a successful attack on the company’s network by foreign parties.

According to Black, no Citrix products or services were compromised.  “It appears that the hackers may have accessed and downloaded business documents. The specific documents that may have been accessed, however, are currently unknown,” Black wrote. He noted that the investigation into the hacks is ongoing.

In the fallout from the attack, Citrix said it has taken action by: starting a forensic investigation; hiring a cybersecurity firm to assist the company; taking steps to secure its internal network; and by continuing to cooperate with the FBI.

Black said that, while not yet confirmed, the FBI believes a technique called password spraying was used to gain access. Password spraying refers to a tactic used by hackers to exploit weak passwords. Once the hacker gains a foothold with limited access they can get around the additional layers of security.

“Citrix deeply regrets the impact this incident may have on affected customers,” wrote Black. He noted that Citrix will continue to post updates and work with law enforcement on understanding the details of the breach.

Last week, only a few days before it was contacted by the FBI, Citrix made several updates to its SD-WAN product to make it more secure.

Source:  sdxcentral