I've really got to sort out tagging from posts made on the @posts account.
-
I've really got to sort out tagging from posts made on the @posts account. This is highly relevant for #EdTech #Privacy and #DigitalSecurity
-
I've really got to sort out tagging from posts made on the @posts account. This is highly relevant for #EdTech #Privacy and #DigitalSecurity
@simon @posts have you seen https://trust.instructure.com? Not defending the company, but we’ve been tracking as it also affects US primary/secondary schools - among many others.
-
@simon @posts have you seen https://trust.instructure.com? Not defending the company, but we’ve been tracking as it also affects US primary/secondary schools - among many others.
@douglevin @posts Interesting thanks! Rather brings into question the value of all those assessment processes.
-
@douglevin @posts Interesting thanks! Rather brings into question the value of all those assessment processes.
@simon @posts Can’t ever guarantee that you’ll not be a victim of cybercrime. 100% secure is simply not a thing.
We need to learn more about how they were comprised - and for how long - to better judge.
Having said that - to date - their response has seemed competent and quick and forthright, which is not something I see much (as someone who has tracked education cyber incidents for a decade).
As details emerge (the incident was discovered less than a week ago), I may of course revise my views.
-
@simon @posts Can’t ever guarantee that you’ll not be a victim of cybercrime. 100% secure is simply not a thing.
We need to learn more about how they were comprised - and for how long - to better judge.
Having said that - to date - their response has seemed competent and quick and forthright, which is not something I see much (as someone who has tracked education cyber incidents for a decade).
As details emerge (the incident was discovered less than a week ago), I may of course revise my views.
@douglevin @posts Oh for sure yeah. There's clearly value in going through good assessments even if something goes wrong later. I just mean it might make people question their value as marketing tools. As you say, knowing what went wrong is vital — would be bad if the compromise relates to something that was specifically evaluated under one of these programs.
-
@douglevin @posts Oh for sure yeah. There's clearly value in going through good assessments even if something goes wrong later. I just mean it might make people question their value as marketing tools. As you say, knowing what went wrong is vital — would be bad if the compromise relates to something that was specifically evaluated under one of these programs.
@simon @posts I take all those audits/assessments as signifiers of a potentially strong cybersecurity program, but none are perfect - and, in some cases, they are indeed simply performative. More about trying to manage risk - and even liability, if it comes that - than any sort of guarantee.
When regulators review the incident - at least here in the US - they’ll try to determine if the company took ‘reasonable, steps to safeguard the data in their care. That’s a slippery word - and one that keeps many a lawyer employed.
-
@simon @posts I take all those audits/assessments as signifiers of a potentially strong cybersecurity program, but none are perfect - and, in some cases, they are indeed simply performative. More about trying to manage risk - and even liability, if it comes that - than any sort of guarantee.
When regulators review the incident - at least here in the US - they’ll try to determine if the company took ‘reasonable, steps to safeguard the data in their care. That’s a slippery word - and one that keeps many a lawyer employed.
-
R relay@relay.infosec.exchange shared this topic
