Skip to main content
The [InfoSec] Stack

The [InfoSec] Stack

By City Network
We discuss, analyze, and educate in the field of information security. Our aim is to touch on all subjects, from regulatory compliance and new laws to current cases, leadership, and business culture.
Listen on
Where to listen
Apple Podcasts Logo

Apple Podcasts

Castbox Logo

Castbox

Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

Spotify Logo

Spotify

Currently playing episode

Trailer - The [InfoSec] Stack

The [InfoSec] Stack

1x
Betting on European suppliers instead of on the hyperscalers
This episode is centered around the recent news that the Swedish eSam collaboration program, which comprises representatives from government authorities, municipalities and other public administrations, have tested and evaluated a number of different office suites that comply with the public sector’s security, regulatory and functionality requirements. The project is a direct result of announcements earlier this year by the Swedish Enforcement Authority and Swedish Tax Agency that they are planning to actively consider alternatives to Microsoft Teams as a collaboration platform due to privacy concerns. This ongoing trend of betting on European suppliers instead of the American and Chinese hyperscalers is a very interesting situation that seems to be on the verge of happening all across Europe. We also talk about the lack of European suppliers of core digital services, EDPB and data transfers. https://citynetwork.eu/podcast https://compliantoffice.eu
30:07
November 29, 2021
From the archives: A question to all taxpayers
Originally published on 21 June, 2021. Is it possible to go through the digitalization without the three large, american hyperscalers? This is todays topic in The InfoSec Stack. https://citynetwork.eu/podcast
25:06
November 22, 2021
From head to toe - Episode 2
Today we're talking about how to succeed with your leadership when implementing change. https://citynetwork.eu/podcast https://citynetwork.se/podcast
30:11
November 15, 2021
From head to toe - Episode 1
Following our most recent mini-series about the technical sides of digital transformation, we now need to talk about the people responsible for making the change happen. https://citynetwork.eu/podcast https://citynetwork.se/podcast
27:33
November 8, 2021
From Start To Finish - Episode 3
The time has come to end the mini series "From Start To Finish" on the topic of digital transformation. At least for this time around. Now that we have learnt how to become digital from a technical point of view, we need to talk about efficiency and what the digitalization, and the entire change is supposed to lead to. https://citynetwork.eu/podcast https://citynetwork.se/podcast
23:50
November 1, 2021
From Start To Finish - Episode 2
In English: https://citynetwork.eu/podcast In Swedish: https://citynetwork.se/podcast We continue our mini series "From start to finish" and our take on Digital Transformation. Today we clarify what Front end, Back end and API's mean.
30:28
October 25, 2021
From Start To Finish - Episode 1
In English: https://citynetwork.eu/podcast In Swedish: https://citynetwork.se/podcast We are kicking off a miniseries called "From Start To Finish," in which we try to make sense of specific topics concerning the cloud industry. It's a miniseries in three episodes, and we start with the subject of Digital Transformation and where it all began.
21:53
October 18, 2021
Welcome back to another season of The [InfoSec] Stack!
ENG: https://citynetwork.eu/podcast SWE: https://citynetwork.se/podcast We're back in business after some well-deserved vacation! In today's episode, we round up what has happened in the world of GDPR during the summer. We also discuss the differences between American and UK ownership of a company or service after Brexit.
30:44
October 11, 2021
Summer reading tips
https://citynetwork.eu/podcast Thank you for joining us during another season of The Infosec Stack! It is now time for us to take some time off and recharge our batteries. In the mean time, enjoy these summer reading tips and we'll see you again soon! https://en.wikipedia.org/wiki/Factfulness:_Ten_Reasons_We%27re_Wrong_About_the_World_%E2%80%93_and_Why_Things_Are_Better_Than_You_Think https://en.wikipedia.org/wiki/Astrophysics_for_People_in_a_Hurry https://www.goodreads.com/en/book/show/42117336-you-are-worth-it
13:41
July 5, 2021
There are no unicorns!
https://citynetwork.eu/podcast Today we're focusing on the EU Cloud Code of Conduct. Repeat after us: There are no unicorns! Despite what some may want you to believe..   https://www.codeofconduct.cloud/ https://eucoc.cloud/en/home.html
21:25
June 28, 2021
A question to all taxpayers
https://citynetwork.eu/podcast Is it possible to go through the digitalization without the three large, american hyperscalers? This is todays topic in The InfoSec Stack.
25:06
June 21, 2021
From the archives: Here is what you need to do if you just can't live without Microsoft 365
Originally published 23 November 2020. https://citynetwork.eu/podcast With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult. But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider? Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity. But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
21:53
June 14, 2021
Some good things about the IT industry
https://citynetwork.eu/podcast We have been talking a lot about the negative aspects of the IT industry lately. It's always easier to be negative and criticise so we made ourselves come up with a couple of positive aspects in this weeks episode.
23:21
June 7, 2021
From the archives: BCD culture and information security
Originally published 28 September 2020. https://citynetwork.eu/podcast Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion.   https://www.youtube.com/channel/UCMctd-YoxlHTTjSU6-qkHJQ https://www.tbriankight.com/
31:12
May 31, 2021
Kim's quest
https://citynetwork.eu/podcast Kim embarks on a quest in the spirit of digitalisation. The question is, can, and if so, how can a digital meeting be made equivalent to a physical encounter between people. Is he just old and incapable of understanding and absorbing what the youngsters seem to have down to an art, or is there a point in finding other ways?
12:40
May 24, 2021
What has become of the it-industry?
https://citynetwork.eu/podcast Today we're discussing how skewed the it industry has become.
31:46
May 17, 2021
We met with Johan Magnusson, Assoc. Prof. at the Dept. of Applied IT, University of Gothenburg
https://citynetwork.eu/podcast We recently interviewed Johan Magnusson, - Associate Professor, division director and researcher in balancing of efficiency and innovation in the governance of digitalization. This is a summary of that interview which we conducted in Swedish. About Johan Johan Magnusson is Associate Professor at the Department of Applied IT, University of Gothenburg, head of the Informatics division and director of SCDI Gothenburg. He earned his PhD in Business Administration (Accounting) at Gothenburg University in 2012 following his Licentiate degree in Informatics in 2005. Johans research concerns the balancing of efficiency and innovation in the governance of digitalization. He works closely with primarily executives to offer insights into how governance can be designed to enhance digital capabilities in large organizations, both in his research as well as in executive education. He is also highly active in the industrial community, with recurring keynotes and media appearances intended to increase the utilization of research findings. He is principal investigator in the Digital Government research consortium, where the researchers work with a research-based model for digital maturity in supporting the digitalization of the public sector. More information about Johan, his research, keynotes, and projects can be found here: https://scdi.se/researchers/johan-magnusson/ (info in english)
21:25
May 10, 2021
A question about data request reports from Microsoft Trust Center
https://citynetwork.eu/podcast One of our audience members asked us if the number of requests for customer data, presented by Microsoft, can be trusted when gag orders are at play. Here is our take on the matter. Microsoft's U.S. National Security Orders Report: https://www.microsoft.com/en-us/corporate-responsibility/us-national-security-orders-report?activetab=pivot_1%3aprimaryr2 Microsoft Law enforcement request report: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report Fisa court on Wikipedia: https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court#:~:text=The%20United%20States%20Foreign%20Intelligence,United%20States%20by%20federal%20law Our interview with André Catry: https://anchor.fm/the-infosec-stack/episodes/Summarising-our-chat-with-Andr-Catry-et5vom/a-a50ncqt
13:13
May 3, 2021
Rerun: The fall of Privacy Shield and the EDPB FAQ
Originally published on September 21, 2020. On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite. Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30) European Data Protection Board publishes FAQ document on CJEU judgment Podcast webpage
41:18
April 26, 2021
Rerun: Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Originally published October 5, 2020 Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield. The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly. With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes. "The Old Directive" as mentioned by Kim Transfer of data to a third country
46:49
April 19, 2021
How to measure group development
https://citynetwork.eu/podcast This week we're talking about group development and how to measure it. As the nice people we are, we brought along Andrea, one of newest employees who started working for City Network on the same day we recorded this episode.
33:29
April 12, 2021
How big is your arena?
https://citynetwork.eu/podcast Today we're talking about behaviours, facades, and arenas. This episode is all about culture, values and unwritten rules and at the end, we tie it all together by explaining what all of this has to do with information security. https://en.wikipedia.org/wiki/Johari_window
25:44
April 5, 2021
Looking forward to the next episode
https://citynetwork.eu/podcast We weren't able to publish this weeks episode but we look forward to the next.
00:48
March 29, 2021
Summarising our chat with André Catry
https://citynetwork.eu/podcast He is one of Sweden's most prominent IT-security professionals, former world champion in hacking, and an author. The [InfoSec] Stack had the pleasure of chatting with André Catry to learn more about him and his thoughts on GDPR, FISA 702, espionage, digitalisation, digital sovereignty, and much more. The interview was done in Swedish and we are summarising it in English.
29:34
March 22, 2021
Regulations does not stop innovation, and business culture
https://citynetwork.eu/podcast Today we're talking about regulations, and business culture. We mention monopolies in digitalisation, digital immaturity, and wether it's time to put our foot down. We also talk about decision making and how that process works. The question is what a compass, knife, sweater, rope and water has to do with business culture? Let's go!
34:18
March 15, 2021
Answering your questions and discussing differences in legal practice
Today we're answering questions about Google Analytics, have some follow-up on a Swedish news story and discuss legal practice in the US compared to elsewhere.
29:26
March 8, 2021
BRAVIN(G)
https://citynetwork.eu/podcast Today we have reached the final letter in our 7 part bonus series about The Seven Elements of Trust. https://daretolead.brenebrown.com
08:48
March 3, 2021
Google Analytics after the Schrems II ruling
https://citynetwork.eu/podcast Today we share some ideas on what you need to do in order to be able to use Google Analytics in a time when GDPR is in effect, and the Schrems II ruling has been filed. In short, you CAN continue to use Google Analytics but it requires you to take a number of actions to use it legally - in terms of regulatory compliance. https://www.reuschlaw.de/en/news/dsk-adopts-minimum-requirements-for-the-use-of-google-analytics/ https://de.wikipedia.org/wiki/Konferenz_der_unabh%C3%A4ngigen_Datenschutzbeh%C3%B6rden_des_Bundes_und_der_L%C3%A4nder https://www.datenschutzkonferenz-online.de/media/dskb/20200526_beschluss_hinweise_zum_einsatz_von_google_analytics.pdf
18:15
March 1, 2021
Everything you've always wanted to know about certifications
https://citynetwork.eu/podcast Today we're diving deep into the world of information security certifications such as ISO, SOC, BSI C5 and other acronyms. We're explaining the different frameworks that we're familiar with and talk about what they are for, how they work and what you need to think about - both as a supplier and as a customer.
28:37
February 22, 2021
What is Infrastructure as a Service - IaaS
https://citynetwork.eu/podcast We recently explained different types of cloud services, the benefits of using multiple providers, the economy of cloud services and a lot of other aspects that makes cloud services so great. Today we're digging a little deeper to explain Infrastructure as a Service - IaaS.
26:03
February 15, 2021
A history lesson about City Network
https://citynetwork.eu/podcast Today we bring you a history lesson about the company we work for, City Network. Why we do the things we do, why we provide the services we do, and why we are passionate about regulatory compliance in the cloud. What started as a web hosting company, mainly aimed at individuals and small businesses, in 2002, has become something entirely different almost 20 years later. Today we explain how we got to where we are today!
32:24
February 8, 2021
BRAVI(N)G
https://citynetwork.eu/podcast In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
10:26
February 3, 2021
What is cloud?
https://citynetwork.eu/podcast This week we're going back to the basics and talk about cloud services. What exactly is a cloud and what different types of cloud services are there? We also talk about the benefits of using multiple providers, the economy of cloud services and a lot of other aspects that makes them so great.
32:50
February 1, 2021
Does the Swedish interim report on government agencies' IT operations go against EDPB?
https://citynetwork.eu/podcast Today we're talking about the interim report on government agencies' IT operations, that was published by The Swedish Government Official Reports (summary available in English). There are a couple of extremely important assessments in that report that seems to go against the assessments and statements made by the supervisory authorities. We need to talk about this. Background: Last week the interim report on government agencies' IT operations was published by by The Swedish Government Official Reports. In short, their mission is to “create better conditions for access by public administration to secure and cost-effective IT operations"  According to the mission statement, the better conditions are to be accomplished "either through coordinated central government IT operations or through clearer legal conditions for being able to engage private suppliers of IT operations”. The interim report that has now been published, focuses on "clearer legal conditions for being able to engage private suppliers of IT operations”. The report is in Swedish but contains an english summary: http://www.sou.gov.se/wp-content/uploads/2021/01/SOU_2021_1_webb.pdf
26:32
January 25, 2021
BRAV(I)NG
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
07:57
December 23, 2020
Book suggestions for the winter holiday
The winter holiday is here and we want to hand over some book tips before we close shop and take little time out. Hubba! https://www.goodreads.com/book/show/23848190-extreme-ownership https://gettingthingsdone.com/ https://www.bokus.com/bok/9781544332956/creating-effective-teams/
18:46
December 21, 2020
BRA(V)ING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
09:33
December 16, 2020
Answering your questions and Security by obscurity
Today we answer a couple of your questions. We explain why it is not possible to categorically exclude certain services, just because they are delivered by an American companiy, hosted in American cloud services. We get into the difference between having secured as opposed to exposing personal data to unnecessary risks and what the GDPR thinks about that. Finally, a listener's question leads us to the subject of "security by obscurity". https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act
25:43
December 14, 2020
BR(A)VING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
10:14
December 9, 2020
This is how Git replaces your paper archive
Today we are talking about a digital system that replaces your entire paper archive and physical signatures - Git! Stay tuned and we will tell you how you can solve decision-making procedures, changes, documentation, approvals and signatures completely digitally. https://en.wikipedia.org/wiki/Git
17:47
December 6, 2020
B(R)AVING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
11:45
December 2, 2020
Personal data incident in Karlskrona
This summer, Karlskrona municipality (Sweden), moved its email management to Microsoft 365. The rescue services in Karlskrona did not learn about the change until four months later, which is not entirely unproblematic. You see, the rescue service is part of Sweden's total defense, and in view of the fact that we have both a naval base and an air flotilla in Blekinge, this change entails a security risk. A risk that the rescue services in Karlskrona did not even have the opportunity to assess. The incident has now been reported to the Swedish Data Inspectorate as a personal data incident. https://www.blt.se/karlskrona/raddningstjansten-befarar-att-personuppgifter-kommit-i-fel-hander-anmaler-handelsen-b4449b80 (article in swedish) https://www.esamverka.se/download/18.1d126bc174ad1e6c39cac3/1542007824143/eSam%20-%20R%C3%A4ttsligt%20uttalande%20om%20r%C3%B6jande%20och%20molntj%C3%A4nster.pdf (in swedish)
19:05
November 30, 2020
(B)RAVING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
14:55
November 25, 2020
Here is what you need to do if you just can't live without Microsoft 365
With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult. But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider? Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity. But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
21:53
November 23, 2020
GDPR class action lawsuits against Oracle and Salesforce worth €26bn
Today, we highlight one of the first, really big, cases of class action lawsuits brought against Oracle and Salesforce with the support of the GDPR. We're talking about ridiculous amounts of money and it will of course be extremely exciting to follow the development in both cases. https://citynetwork.eu/podcast https://www.computerweekly.com/news/252491537/GDPR-lawsuit-against-Oracle-and-Salesforce-moves-forward
22:35
November 16, 2020
Unicorns for sale
We recently read a Swedish debate article written by the President of a Swedish interest group for IT and telecom companies, and feel the need to put our foot down on what exactly inhibits the digital transformation in our public sector. Spoiler: Contrary to what the article is trying to portray, it is not our laws and regulations - which in turn prevents from using American hyper scalers, that is the culprit.  https://citynetwork.eu/podcast https://computersweden.idg.se/2.2683/1.741729/osakerheten-pa-molnmarknaden-kostar-skattebetalarna-miljarder https://www.youtube.com/watch?v=mWVYBqZK-Tk https://www.youtube.com/watch?v=Go2MF0-3lCI
14:22
November 9, 2020
Medical records from Finland on darknet, and a question about the right to review
Today we're talking about the case of the Finnish psychotherapy company Vastaamo who got hacked. When the scandal was made public a few days ago, it also emerged that individual patients have been blackmailed and that patient records are now being spread on the darknet. We also discuss a question that we received from one of our listeneres, about the right to review sub-contractors. "But does it ever happen in real life or is it just something that lawyers in their ivory towers think is going to happen?" https://yle.fi/uutiset/osasto/news/vastaamo_board_fires_ceo_says_he_kept_data_breach_secret_for_year_and_a_half/11614603 https://en.wikipedia.org/wiki/Dark_web
20:14
November 2, 2020
H&M fined €35 million for GDPR violations, and risk assessments
Today we're discussing a recent case in which the clothing retail company H&M has been fined €35 million for violations against GDPR in Germany. We also discuss risk assessments and why it's necessary to start looking beyond GDPR and towards other laws and ethics that puts personal integrity at risk. https://www.bbc.com/news/technology-54418936
22:41
October 26, 2020
After Brexit, the UK will be considered a third country
The deadline for the Brexit transition period is currently December 31, 2020. With current news evolving around the pandemic and other large events, it is easy to forget what's about to happen. In this episode we want to remind you all that Brexit is well underway and what it will mean for data transfers to the UK, with the current legislation in the EU and the UK. https://ukhumanrightsblog.com/2020/10/10/schrems-2-for-the-uk-cjeu-ruling-threatens-future-adequacy-talks/ https://www.infosecurity-magazine.com/news/postbrexit-digital-economy-risk-eu/ https://www.ucl.ac.uk/european-institute/news/2020/jun/eu-us-privacy-shield-brexit-and-future-transatlantic-data-flows https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/transfer-of-data-to-a-third-country/
24:49
October 19, 2020
Start making a wishlist for your personal development talks
Today we're discussing the value of investing in your coworkers' identity. As usual, this is of course tied to information security and you will learn how.  We also have a cliffhanger bout Brexit and a statement by the EU about data transfers to the UK. https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf
27:25
October 12, 2020
Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield. The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly. With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes. "The Old Directive" as mentioned by Kim Transfer of data to a third country
46:49
October 5, 2020
BCD culture and information security
Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion. https://www.youtube.com/channel/UCMctd-YoxlHTTjSU6-qkHJQ https://www.tbriankight.com/ citynetwork.eu/podcast
31:12
September 28, 2020
The fall of Privacy Shield and the EDPB FAQ
On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite. Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30) European Data Protection Board publishes FAQ document on CJEU judgment Podcast webpage
41:18
September 21, 2020
Mental beer belly
The biggest challenge in information security is the human factor. This is why it is equally important to stay mentally active as it is physically. Join us for some discussions about sudden changes, leadership and mental training. https://www.learning-mind.com/mental-laziness-causes-overcome/ Podcast webpage
29:29
September 17, 2020
Introduction to group dynamics
"People will always find a way to mess up both your tech and your procedures. So [information security] comes down to people." Join us as we discuss the different stages of group development and how group dynamics is tied to information security. https://en.wikipedia.org/wiki/Group_development#Wheelan's_integrated_model_of_group_development https://ebrary.net/3071/management/wheelans_integrated_model_group_development Podcast webpage
31:24
September 17, 2020
What is information security?
Let's start this journey together by explaining what information security really is. Welcome to the first episode of The Information Security Stack! Podcast webpage
29:08
September 17, 2020
Trailer - The [InfoSec] Stack
After four years of teaching and discussing information security, regulatory compliance, and many other topics in Swedish, it is now time for us to reach out to a broader audience. Welcome to The [InfoSec] Stack where we will do our best to teach and discuss information security, regulatory compliance and many other topics. https://citynetwork.eu/podcast
05:18
September 17, 2020