Skip to main content
The [InfoSec] Stack

The [InfoSec] Stack

By City Network
We discuss, analyze, and educate in the field of information security. Our aim is to touch on all subjects, from regulatory compliance and new laws to current cases, leadership, and business culture.
Listen on
Where to listen
Apple Podcasts Logo

Apple Podcasts

Castbox Logo


Google Podcasts Logo

Google Podcasts

Overcast Logo


Pocket Casts Logo

Pocket Casts

Spotify Logo


Currently playing episode

H&M fined €35 million for GDPR violations, and risk assessments

The [InfoSec] Stack

As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series in 7 parts, we will talk about The Seven Elements of Trust.
November 25, 2020
Here is what you need to do if you just can't live without Microsoft 365
With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult. But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider? Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity. But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
November 23, 2020
GDPR class action lawsuits against Oracle and Salesforce worth €26bn
Today, we highlight one of the first, really big, cases of class action lawsuits brought against Oracle and Salesforce with the support of the GDPR. We're talking about ridiculous amounts of money and it will of course be extremely exciting to follow the development in both cases.
November 16, 2020
Unicorns for sale
We recently read a Swedish debate article written by the President of a Swedish interest group for IT and telecom companies, and feel the need to put our foot down on what exactly inhibits the digital transformation in our public sector. Spoiler: Contrary to what the article is trying to portray, it is not our laws and regulations - which in turn prevents from using American hyper scalers, that is the culprit.
November 9, 2020
Medical records from Finland on darknet, and a question about the right to review
Today we're talking about the case of the Finnish psychotherapy company Vastaamo who got hacked. When the scandal was made public a few days ago, it also emerged that individual patients have been blackmailed and that patient records are now being spread on the darknet. We also discuss a question that we received from one of our listeneres, about the right to review sub-contractors. "But does it ever happen in real life or is it just something that lawyers in their ivory towers think is going to happen?"
November 2, 2020
H&M fined €35 million for GDPR violations, and risk assessments
Today we're discussing a recent case in which the clothing retail company H&M has been fined €35 million for violations against GDPR in Germany. We also discuss risk assessments and why it's necessary to start looking beyond GDPR and towards other laws and ethics that puts personal integrity at risk.
October 26, 2020
After Brexit, the UK will be considered a third country
The deadline for the Brexit transition period is currently December 31, 2020. With current news evolving around the pandemic and other large events, it is easy to forget what's about to happen. In this episode we want to remind you all that Brexit is well underway and what it will mean for data transfers to the UK, with the current legislation in the EU and the UK.
October 19, 2020
Start making a wishlist for your personal development talks
Today we're discussing the value of investing in your coworkers' identity. As usual, this is of course tied to information security and you will learn how.  We also have a cliffhanger bout Brexit and a statement by the EU about data transfers to the UK.
October 12, 2020
Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield. The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly. With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes. "The Old Directive" as mentioned by Kim Transfer of data to a third country
October 5, 2020
BCD culture and information security
Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion.
September 28, 2020
The fall of Privacy Shield and the EDPB FAQ
On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite. Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30) European Data Protection Board publishes FAQ document on CJEU judgment Podcast webpage
September 21, 2020
Mental beer belly
The biggest challenge in information security is the human factor. This is why it is equally important to stay mentally active as it is physically. Join us for some discussions about sudden changes, leadership and mental training. Podcast webpage
September 17, 2020
Introduction to group dynamics
"People will always find a way to mess up both your tech and your procedures. So [information security] comes down to people." Join us as we discuss the different stages of group development and how group dynamics is tied to information security.'s_integrated_model_of_group_development Podcast webpage
September 17, 2020
What is information security?
Let's start this journey together by explaining what information security really is. Welcome to the first episode of The Information Security Stack! Podcast webpage
September 17, 2020
Trailer - The [InfoSec] Stack
After four years of teaching and discussing information security, regulatory compliance, and many other topics in Swedish, it is now time for us to reach out to a broader audience. Welcome to The [InfoSec] Stack where we will do our best to teach and discuss information security, regulatory compliance and many other topics.
September 17, 2020