Supply Chain Risk Management is the name of a big security problem in the business world. It is so important that there isn't a single security framework that doesn't include Supply Chain Risk Management in its agenda, guidance, and suggested controls. NIST has a set of resources on the topic, but it is not the only organization that is addressing this problem.
In September 2018 (ISC)2 announced a Free GDPR course for members. What started as a single free course was very recently rebranded as the Professional Development Institute. The plans are for up to 30 (!!) new courses in 2019.
GDPR is supposed to let us take back control of our private data. In reality though many websites either don't allow that to happen through their selection of cookies, or constantly present to us the same requests until we accept the most invasive option. At the same time there is a known security risk related to every day broswing: browser - served malware, sometimes caused or enabled by the insane amount of 3rd party uncontrolled scripts that are served to us on the websites we visit. We need to find ways to browse securely and protecting our privacy as much as possible.
As you may have heard, Google+ is going to die. This is a good thing since there were some security / privacy issues last year. Google decided to kill the product instead of trying to fix it, which is understandable and a respectful decision.
I think we have all recentrly received one (and probably more) of these wonderful mails stating "we have your data, if you want us to keep talking to you let us know". In case you were wondering, this is a side effect of GDPR; and in my opinion an excellent one. Yet many people - including some respected and high profile GDPR experts and "experts" - take the opportunity to attack the senders. But I think this is the wrong reaction.
Everybody has something to say about the Facebook / Cambridge Analytica case. And I am annoyed by people saying that when you give your data to Facebook, you forego some parts of your privacy (true) so you should not be surprised (false). In simple terms, it was an actual data breach. Individuals who had not consented, had their data exposed. This was not supposed to happen. There are two aspects I would focus on regarding this issue: