Skip to main content
The [InfoSec] Stack

The [InfoSec] Stack

By Cleura

We discuss, analyze, and educate in the field of information security. Our aim is to touch on all subjects, from regulatory compliance and new laws to current cases, leadership, and business culture.
Where to listen
Apple Podcasts Logo

Apple Podcasts

Castbox Logo

Castbox

Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

Spotify Logo

Spotify

It's not all bad
It's not all bad
Not everything can be pitch black and negative around us. Today we are ending this season of The InfoSec Stack with some positive news and trends. Pod Sweet Pod: https://cleura.com/podcast
25:19
June 20, 2022
The FISA-problem in a nutshell
The FISA-problem in a nutshell
The questions continue to come our way regarding the current use of American cloud services. What is the big problem, especially in relation to human rights? Today we're trying to give the simplest possible explanation as to what the problem is, how difficult it is to overcome the problem and what alternatives are available to find a solution to the problem. Pod sweet pod: https://cleura.com/podcast
15:09
June 06, 2022
Bengt Johansson & Estonian digitalisation
Bengt Johansson & Estonian digitalisation
Kim and Daniel cover 2 completely different topics. Daniel pays homage to a great inspiration in swedish leadership, and Kim talks about one of the world's most advanced digital societies. https://e-estonia.com/ Pod sweet pod: https://cleura.com/podcast
12:41
May 30, 2022
Google’s IP anonymisation is a useless protection
Google’s IP anonymisation is a useless protection
Today we're discussing this: "After the groundbreaking decisions by the Austrian and French DPA that the use of Google Analytics is illegal, the Austrian DPA has now issued a second decision, going even further: It declared the use of Google’s IP anonymisation a useless protection measure for data transfers between the EU and the United States. The DSB further rejected the notion of a “risk based approach” that had been argued by Google." https://noyb.eu/en/update-noybs-101-complaints-austrian-dpa-rejects-risk-based-approach-data-transfers-third-countries Pod Sweet Pod: https://cleura.com/podcast
10:57
May 23, 2022
A Swedish pharmacy whispered to Facebook
A Swedish pharmacy whispered to Facebook
The Swedish, state owned pharmacy, Apoteket, whispered to Facebook about peoples purchases. We need to talk about this... Pod sweet Pod: https://cleura.com/podcast
14:18
May 16, 2022
Workchronicles
Workchronicles
Today we just have some fun and talk about our favourite comic strips from https://workchronicles.com/ Pod sweet pod: https://cleura.com/podcast
05:59
May 09, 2022
Von der Leyen VS Biden
Von der Leyen VS Biden
Calm down and stop spreading false information. As of right now, this "new data transfer deal" is nowhere near being a deal. Two politicians shook hands and said that they should solve this thing - that's it! Pod Sweet Pod: https://cleura.com/podcast
08:32
May 02, 2022
GDPR is a business opportunity
GDPR is a business opportunity
We often hear that GDPR stands in the way of starting up a business and it's time to address that ridiculous claim. Pod Sweet Pod: https://citynetwork.eu/podcast
06:04
March 28, 2022
The Swedish Customs Authorities and the €30K fine for using Google Photos
The Swedish Customs Authorities and the €30K fine for using Google Photos
The Swedish Customs Agency received a fine because some of their employees used Google Photos on their work phones. Wake up and smell the roses. Pod Sweet Pod: https://citynetwork.eu/podcast
07:24
March 21, 2022
Ukraine
Ukraine
Our thoughts on the war in Ukraine and how we all can contribute to better cybersecurity. https://citynetwork.eu/podcast
16:08
March 14, 2022
Mea Culpa
Mea Culpa
Kim comes clean about a mistake and statement he made earlier. Pod Sweet Pod: https://citynetwork.eu/podcast
06:54
March 07, 2022
Incompetence
Incompetence
Kim had a revelation when booking tickets to the theatre. How come IT projects aren't being handled as professionally as theatre shows? Pod sweet pod: https://citynetwork.eu/podcast
07:36
February 28, 2022
Fonts vs Analytics in relation to GDPR
Fonts vs Analytics in relation to GDPR
We love GDPR but why were we upset about the Google Fonts case, and not the Google Analytics cases? Let's explain... Pod sweet pod: https://citynetwork.eu/podcast
09:44
February 21, 2022
Transferring data to a third country
Transferring data to a third country
We're digging a bit deeper into the wonderful world of GDPR. Today we're talking about definitions and data transfers to a third country. https://www.imy.se/en/organisations/data-protection/this-applies-accordning-to-gdpr/transfer-of-data-to-a-third-country/ Pod sweet pod: https://citynetwork.eu/podcast
31:32
February 14, 2022
Let's talk some more about GDPR
Let's talk some more about GDPR
By popular demand we're back on the topic of GDPR. We thought we were kind of done, however done one can be with such a vast topic, but you still want more. Let's see where we stand three years after the law was taken into effect. Pod Sweet Pod: https://citynetwork.eu/podcast
38:15
February 07, 2022
How an app is Ops:ed
How an app is Ops:ed
Before the holidays we talked about apps and how they work. In this first episode of the season, we're taking things a bit further and explain how an app is running, or being Opsed as it might be known as in the future. https://en.wikipedia.org/wiki/Computer https://en.wikipedia.org/wiki/Hypervisor https://en.wikipedia.org/wiki/Kubernetes Pod Sweet Pod: https://citynetwork.eu/podcast
33:26
January 31, 2022
Happy new year!
Happy new year!
We'll end 2021 by giving you our best tips on books, podcasts and youtube channels you really should check out during the holidays. Daily Discipline podcast https://www.tbriankight.com/podcast The Cybersecurity Playbook https://www.audible.co.uk/pd/The-Cybersecurity-Playbook-Audiobook/1469074915?qid=1639145002&sr=1-1&ref=a_search_c3_lProduct_1_1&pf_rd_p=c6e316b8-14da-418d-8f91-b3cad83c5183&pf_rd_r=3RDKXYE3ZKD0K6F1Q1JX Jocko Podcast https://jockopodcast.com/ Algorithms to Live By https://www.audible.co.uk/pd/Algorithms-to-Live-By-Audiobook/B01D24I714?qid=1639145132&sr=1-1&ref=a_search_c3_lProduct_1_1&pf_rd_p=c6e316b8-14da-418d-8f91-b3cad83c5183&pf_rd_r=T8XQHG3009ZH4JXS2B6M Georgia Dow https://www.youtube.com/c/GeorgiaDow/featured
14:19
December 20, 2021
What is an app?
What is an app?
We are trying to be highly educational by popular demand and explain how an app works. We can't stress enough how important it is, especially for us who make IT-related decisions, to understand how things work in the digital world. https://citynetwork.eu/podcast
28:51
December 13, 2021
What is The EU Cybersecurity Act?
What is The EU Cybersecurity Act?
We explain the The EU Cybersecurity Act. Learn more about this ground breaking, EU-wide cybersecurity certification framework for ICT products, services and processes. https://citynetwork.eu/podcast https://digital-strategy.ec.europa.eu/en/policies/cybersecurity-act https://fn.se/wp-content/uploads/2016/07/eng.pdf
36:12
December 06, 2021
Betting on European suppliers instead of on the hyperscalers
Betting on European suppliers instead of on the hyperscalers
This episode is centered around the recent news that the Swedish eSam collaboration program, which comprises representatives from government authorities, municipalities and other public administrations, have tested and evaluated a number of different office suites that comply with the public sector’s security, regulatory and functionality requirements. The project is a direct result of announcements earlier this year by the Swedish Enforcement Authority and Swedish Tax Agency that they are planning to actively consider alternatives to Microsoft Teams as a collaboration platform due to privacy concerns. This ongoing trend of betting on European suppliers instead of the American and Chinese hyperscalers is a very interesting situation that seems to be on the verge of happening all across Europe. We also talk about the lack of European suppliers of core digital services, EDPB and data transfers. https://citynetwork.eu/podcast https://compliantoffice.eu
30:07
November 29, 2021
From the archives: A question to all taxpayers
From the archives: A question to all taxpayers
Originally published on 21 June, 2021. Is it possible to go through the digitalization without the three large, american hyperscalers? This is todays topic in The InfoSec Stack. https://citynetwork.eu/podcast
25:06
November 22, 2021
From head to toe - Episode 2
From head to toe - Episode 2
Today we're talking about how to succeed with your leadership when implementing change. https://citynetwork.eu/podcast https://citynetwork.se/podcast
30:11
November 15, 2021
From head to toe - Episode 1
From head to toe - Episode 1
Following our most recent mini-series about the technical sides of digital transformation, we now need to talk about the people responsible for making the change happen. https://citynetwork.eu/podcast https://citynetwork.se/podcast
27:33
November 08, 2021
From Start To Finish - Episode 3
From Start To Finish - Episode 3
The time has come to end the mini series "From Start To Finish" on the topic of digital transformation. At least for this time around. Now that we have learnt how to become digital from a technical point of view, we need to talk about efficiency and what the digitalization, and the entire change is supposed to lead to. https://citynetwork.eu/podcast https://citynetwork.se/podcast
23:50
November 01, 2021
From Start To Finish - Episode 2
From Start To Finish - Episode 2
In English: https://citynetwork.eu/podcast In Swedish: https://citynetwork.se/podcast We continue our mini series "From start to finish" and our take on Digital Transformation. Today we clarify what Front end, Back end and API's mean.
30:28
October 25, 2021
From Start To Finish - Episode 1
From Start To Finish - Episode 1
In English: https://citynetwork.eu/podcast In Swedish: https://citynetwork.se/podcast We are kicking off a miniseries called "From Start To Finish," in which we try to make sense of specific topics concerning the cloud industry. It's a miniseries in three episodes, and we start with the subject of Digital Transformation and where it all began.
21:53
October 18, 2021
Welcome back to another season of The [InfoSec] Stack!
Welcome back to another season of The [InfoSec] Stack!
ENG: https://citynetwork.eu/podcast SWE: https://citynetwork.se/podcast We're back in business after some well-deserved vacation! In today's episode, we round up what has happened in the world of GDPR during the summer. We also discuss the differences between American and UK ownership of a company or service after Brexit.
30:44
October 11, 2021
Summer reading tips
Summer reading tips
https://citynetwork.eu/podcast Thank you for joining us during another season of The Infosec Stack! It is now time for us to take some time off and recharge our batteries. In the mean time, enjoy these summer reading tips and we'll see you again soon! https://en.wikipedia.org/wiki/Factfulness:_Ten_Reasons_We%27re_Wrong_About_the_World_%E2%80%93_and_Why_Things_Are_Better_Than_You_Think https://en.wikipedia.org/wiki/Astrophysics_for_People_in_a_Hurry https://www.goodreads.com/en/book/show/42117336-you-are-worth-it
13:41
July 05, 2021
There are no unicorns!
There are no unicorns!
https://citynetwork.eu/podcast Today we're focusing on the EU Cloud Code of Conduct. Repeat after us: There are no unicorns! Despite what some may want you to believe..   https://www.codeofconduct.cloud/ https://eucoc.cloud/en/home.html
21:25
June 28, 2021
A question to all taxpayers
A question to all taxpayers
https://citynetwork.eu/podcast Is it possible to go through the digitalization without the three large, american hyperscalers? This is todays topic in The InfoSec Stack.
25:06
June 21, 2021
From the archives: Here is what you need to do if you just can't live without Microsoft 365
From the archives: Here is what you need to do if you just can't live without Microsoft 365
Originally published 23 November 2020. https://citynetwork.eu/podcast With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult. But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider? Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity. But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
21:53
June 14, 2021
Some good things about the IT industry
Some good things about the IT industry
https://citynetwork.eu/podcast We have been talking a lot about the negative aspects of the IT industry lately. It's always easier to be negative and criticise so we made ourselves come up with a couple of positive aspects in this weeks episode.
23:21
June 07, 2021
From the archives: BCD culture and information security
From the archives: BCD culture and information security
Originally published 28 September 2020. https://citynetwork.eu/podcast Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion.   https://www.youtube.com/channel/UCMctd-YoxlHTTjSU6-qkHJQ https://www.tbriankight.com/
31:12
May 31, 2021
Kim's quest
Kim's quest
https://citynetwork.eu/podcast Kim embarks on a quest in the spirit of digitalisation. The question is, can, and if so, how can a digital meeting be made equivalent to a physical encounter between people. Is he just old and incapable of understanding and absorbing what the youngsters seem to have down to an art, or is there a point in finding other ways?
12:40
May 24, 2021
What has become of the it-industry?
What has become of the it-industry?
https://citynetwork.eu/podcast Today we're discussing how skewed the it industry has become.
31:46
May 17, 2021
We met with Johan Magnusson, Assoc. Prof. at the Dept. of Applied IT, University of Gothenburg
We met with Johan Magnusson, Assoc. Prof. at the Dept. of Applied IT, University of Gothenburg
https://citynetwork.eu/podcast We recently interviewed Johan Magnusson, - Associate Professor, division director and researcher in balancing of efficiency and innovation in the governance of digitalization. This is a summary of that interview which we conducted in Swedish. About Johan Johan Magnusson is Associate Professor at the Department of Applied IT, University of Gothenburg, head of the Informatics division and director of SCDI Gothenburg. He earned his PhD in Business Administration (Accounting) at Gothenburg University in 2012 following his Licentiate degree in Informatics in 2005. Johans research concerns the balancing of efficiency and innovation in the governance of digitalization. He works closely with primarily executives to offer insights into how governance can be designed to enhance digital capabilities in large organizations, both in his research as well as in executive education. He is also highly active in the industrial community, with recurring keynotes and media appearances intended to increase the utilization of research findings. He is principal investigator in the Digital Government research consortium, where the researchers work with a research-based model for digital maturity in supporting the digitalization of the public sector. More information about Johan, his research, keynotes, and projects can be found here: https://scdi.se/researchers/johan-magnusson/ (info in english)
21:25
May 10, 2021
A question about data request reports from Microsoft Trust Center
A question about data request reports from Microsoft Trust Center
https://citynetwork.eu/podcast One of our audience members asked us if the number of requests for customer data, presented by Microsoft, can be trusted when gag orders are at play. Here is our take on the matter. Microsoft's U.S. National Security Orders Report: https://www.microsoft.com/en-us/corporate-responsibility/us-national-security-orders-report?activetab=pivot_1%3aprimaryr2 Microsoft Law enforcement request report: https://www.microsoft.com/en-us/corporate-responsibility/law-enforcement-requests-report Fisa court on Wikipedia: https://en.wikipedia.org/wiki/United_States_Foreign_Intelligence_Surveillance_Court#:~:text=The%20United%20States%20Foreign%20Intelligence,United%20States%20by%20federal%20law Our interview with André Catry: https://anchor.fm/the-infosec-stack/episodes/Summarising-our-chat-with-Andr-Catry-et5vom/a-a50ncqt
13:13
May 03, 2021
Rerun: The fall of Privacy Shield and the EDPB FAQ
Rerun: The fall of Privacy Shield and the EDPB FAQ
Originally published on September 21, 2020. On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite. Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30) European Data Protection Board publishes FAQ document on CJEU judgment Podcast webpage
41:18
April 26, 2021
Rerun: Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Rerun: Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Originally published October 5, 2020 Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield. The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly. With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes. "The Old Directive" as mentioned by Kim Transfer of data to a third country
46:49
April 19, 2021
How to measure group development
How to measure group development
https://citynetwork.eu/podcast This week we're talking about group development and how to measure it. As the nice people we are, we brought along Andrea, one of newest employees who started working for City Network on the same day we recorded this episode.
33:29
April 12, 2021
How big is your arena?
How big is your arena?
https://citynetwork.eu/podcast Today we're talking about behaviours, facades, and arenas. This episode is all about culture, values and unwritten rules and at the end, we tie it all together by explaining what all of this has to do with information security. https://en.wikipedia.org/wiki/Johari_window
25:44
April 05, 2021
Looking forward to the next episode
Looking forward to the next episode
https://citynetwork.eu/podcast We weren't able to publish this weeks episode but we look forward to the next.
00:48
March 29, 2021
Summarising our chat with André Catry
Summarising our chat with André Catry
https://citynetwork.eu/podcast He is one of Sweden's most prominent IT-security professionals, former world champion in hacking, and an author. The [InfoSec] Stack had the pleasure of chatting with André Catry to learn more about him and his thoughts on GDPR, FISA 702, espionage, digitalisation, digital sovereignty, and much more. The interview was done in Swedish and we are summarising it in English.
29:34
March 22, 2021
Regulations does not stop innovation, and business culture
Regulations does not stop innovation, and business culture
https://citynetwork.eu/podcast Today we're talking about regulations, and business culture. We mention monopolies in digitalisation, digital immaturity, and wether it's time to put our foot down. We also talk about decision making and how that process works. The question is what a compass, knife, sweater, rope and water has to do with business culture? Let's go!
34:18
March 15, 2021
Answering your questions and discussing differences in legal practice
Answering your questions and discussing differences in legal practice
Today we're answering questions about Google Analytics, have some follow-up on a Swedish news story and discuss legal practice in the US compared to elsewhere.
29:26
March 08, 2021
BRAVIN(G)
BRAVIN(G)
https://citynetwork.eu/podcast Today we have reached the final letter in our 7 part bonus series about The Seven Elements of Trust. https://daretolead.brenebrown.com
08:48
March 03, 2021
Google Analytics after the Schrems II ruling
Google Analytics after the Schrems II ruling
https://citynetwork.eu/podcast Today we share some ideas on what you need to do in order to be able to use Google Analytics in a time when GDPR is in effect, and the Schrems II ruling has been filed. In short, you CAN continue to use Google Analytics but it requires you to take a number of actions to use it legally - in terms of regulatory compliance. https://www.reuschlaw.de/en/news/dsk-adopts-minimum-requirements-for-the-use-of-google-analytics/ https://de.wikipedia.org/wiki/Konferenz_der_unabh%C3%A4ngigen_Datenschutzbeh%C3%B6rden_des_Bundes_und_der_L%C3%A4nder https://www.datenschutzkonferenz-online.de/media/dskb/20200526_beschluss_hinweise_zum_einsatz_von_google_analytics.pdf
18:15
March 01, 2021
Everything you've always wanted to know about certifications
Everything you've always wanted to know about certifications
https://citynetwork.eu/podcast Today we're diving deep into the world of information security certifications such as ISO, SOC, BSI C5 and other acronyms. We're explaining the different frameworks that we're familiar with and talk about what they are for, how they work and what you need to think about - both as a supplier and as a customer.
28:37
February 22, 2021
What is Infrastructure as a Service - IaaS
What is Infrastructure as a Service - IaaS
https://citynetwork.eu/podcast We recently explained different types of cloud services, the benefits of using multiple providers, the economy of cloud services and a lot of other aspects that makes cloud services so great. Today we're digging a little deeper to explain Infrastructure as a Service - IaaS.
26:03
February 15, 2021
A history lesson about City Network
A history lesson about City Network
https://citynetwork.eu/podcast Today we bring you a history lesson about the company we work for, City Network. Why we do the things we do, why we provide the services we do, and why we are passionate about regulatory compliance in the cloud. What started as a web hosting company, mainly aimed at individuals and small businesses, in 2002, has become something entirely different almost 20 years later. Today we explain how we got to where we are today!
32:24
February 08, 2021
BRAVI(N)G
BRAVI(N)G
https://citynetwork.eu/podcast In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
10:26
February 03, 2021
What is cloud?
What is cloud?
https://citynetwork.eu/podcast This week we're going back to the basics and talk about cloud services. What exactly is a cloud and what different types of cloud services are there? We also talk about the benefits of using multiple providers, the economy of cloud services and a lot of other aspects that makes them so great.
32:50
February 01, 2021
Does the Swedish interim report on government agencies' IT operations go against EDPB?
Does the Swedish interim report on government agencies' IT operations go against EDPB?
https://citynetwork.eu/podcast Today we're talking about the interim report on government agencies' IT operations, that was published by The Swedish Government Official Reports (summary available in English). There are a couple of extremely important assessments in that report that seems to go against the assessments and statements made by the supervisory authorities. We need to talk about this. Background: Last week the interim report on government agencies' IT operations was published by by The Swedish Government Official Reports. In short, their mission is to “create better conditions for access by public administration to secure and cost-effective IT operations"  According to the mission statement, the better conditions are to be accomplished "either through coordinated central government IT operations or through clearer legal conditions for being able to engage private suppliers of IT operations”. The interim report that has now been published, focuses on "clearer legal conditions for being able to engage private suppliers of IT operations”. The report is in Swedish but contains an english summary: http://www.sou.gov.se/wp-content/uploads/2021/01/SOU_2021_1_webb.pdf
26:32
January 25, 2021
BRAV(I)NG
BRAV(I)NG
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
07:57
December 23, 2020
Book suggestions for the winter holiday
Book suggestions for the winter holiday
The winter holiday is here and we want to hand over some book tips before we close shop and take little time out. Hubba! https://www.goodreads.com/book/show/23848190-extreme-ownership https://gettingthingsdone.com/ https://www.bokus.com/bok/9781544332956/creating-effective-teams/
18:46
December 21, 2020
BRA(V)ING
BRA(V)ING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
09:33
December 16, 2020
Answering your questions and Security by obscurity
Answering your questions and Security by obscurity
Today we answer a couple of your questions. We explain why it is not possible to categorically exclude certain services, just because they are delivered by an American companiy, hosted in American cloud services. We get into the difference between having secured as opposed to exposing personal data to unnecessary risks and what the GDPR thinks about that. Finally, a listener's question leads us to the subject of "security by obscurity". https://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act
25:43
December 14, 2020
BR(A)VING
BR(A)VING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
10:14
December 09, 2020
This is how Git replaces your paper archive
This is how Git replaces your paper archive
Today we are talking about a digital system that replaces your entire paper archive and physical signatures - Git! Stay tuned and we will tell you how you can solve decision-making procedures, changes, documentation, approvals and signatures completely digitally. https://en.wikipedia.org/wiki/Git
17:47
December 06, 2020
B(R)AVING
B(R)AVING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series, in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
11:45
December 02, 2020
Personal data incident in Karlskrona
Personal data incident in Karlskrona
This summer, Karlskrona municipality (Sweden), moved its email management to Microsoft 365. The rescue services in Karlskrona did not learn about the change until four months later, which is not entirely unproblematic. You see, the rescue service is part of Sweden's total defense, and in view of the fact that we have both a naval base and an air flotilla in Blekinge, this change entails a security risk. A risk that the rescue services in Karlskrona did not even have the opportunity to assess. The incident has now been reported to the Swedish Data Inspectorate as a personal data incident. https://www.blt.se/karlskrona/raddningstjansten-befarar-att-personuppgifter-kommit-i-fel-hander-anmaler-handelsen-b4449b80 (article in swedish) https://www.esamverka.se/download/18.1d126bc174ad1e6c39cac3/1542007824143/eSam%20-%20R%C3%A4ttsligt%20uttalande%20om%20r%C3%B6jande%20och%20molntj%C3%A4nster.pdf (in swedish)
19:05
November 30, 2020
(B)RAVING
(B)RAVING
As we are nearing the end of the year, we thought we'd switch things up a bit. In a bonus series in 7 parts, we will talk about The Seven Elements of Trust. https://daretolead.brenebrown.com
14:55
November 25, 2020
Here is what you need to do if you just can't live without Microsoft 365
Here is what you need to do if you just can't live without Microsoft 365
With the GDPR and the legal situation we have regarding data protection within the EU, we often talk about how difficult, if not impossible, it is to use some of the world's largest cloud services. The recent dilemma of the invalidation of the important, legal, mechanism - Privacy Shield - makes it all the more difficult. But what if one refuses to believe that there are any good alternatives? What if one firmly believes that the digital transformation can not be carried out with any other provider? Well, then one should probably, first and foremost, realise how much one is depending on one single supplier and think about how healthy that might be. First and far most from a business continuity perspective but also when it comes to ones' data subjects' personal integrity. But let's not be so negative all the time. We have really given this some thought and here are some tips for European companies who wants to, or just needs to, keep using Microsoft 365.
21:53
November 23, 2020
GDPR class action lawsuits against Oracle and Salesforce worth €26bn
GDPR class action lawsuits against Oracle and Salesforce worth €26bn
Today, we highlight one of the first, really big, cases of class action lawsuits brought against Oracle and Salesforce with the support of the GDPR. We're talking about ridiculous amounts of money and it will of course be extremely exciting to follow the development in both cases. https://citynetwork.eu/podcast https://www.computerweekly.com/news/252491537/GDPR-lawsuit-against-Oracle-and-Salesforce-moves-forward
22:35
November 16, 2020
Unicorns for sale
Unicorns for sale
We recently read a Swedish debate article written by the President of a Swedish interest group for IT and telecom companies, and feel the need to put our foot down on what exactly inhibits the digital transformation in our public sector. Spoiler: Contrary to what the article is trying to portray, it is not our laws and regulations - which in turn prevents from using American hyper scalers, that is the culprit.  https://citynetwork.eu/podcast https://computersweden.idg.se/2.2683/1.741729/osakerheten-pa-molnmarknaden-kostar-skattebetalarna-miljarder https://www.youtube.com/watch?v=mWVYBqZK-Tk https://www.youtube.com/watch?v=Go2MF0-3lCI
14:22
November 09, 2020
Medical records from Finland on darknet, and a question about the right to review
Medical records from Finland on darknet, and a question about the right to review
Today we're talking about the case of the Finnish psychotherapy company Vastaamo who got hacked. When the scandal was made public a few days ago, it also emerged that individual patients have been blackmailed and that patient records are now being spread on the darknet. We also discuss a question that we received from one of our listeneres, about the right to review sub-contractors. "But does it ever happen in real life or is it just something that lawyers in their ivory towers think is going to happen?" https://yle.fi/uutiset/osasto/news/vastaamo_board_fires_ceo_says_he_kept_data_breach_secret_for_year_and_a_half/11614603 https://en.wikipedia.org/wiki/Dark_web
20:14
November 02, 2020
H&M fined €35 million for GDPR violations, and risk assessments
H&M fined €35 million for GDPR violations, and risk assessments
Today we're discussing a recent case in which the clothing retail company H&M has been fined €35 million for violations against GDPR in Germany. We also discuss risk assessments and why it's necessary to start looking beyond GDPR and towards other laws and ethics that puts personal integrity at risk. https://www.bbc.com/news/technology-54418936
22:41
October 26, 2020
After Brexit, the UK will be considered a third country
After Brexit, the UK will be considered a third country
The deadline for the Brexit transition period is currently December 31, 2020. With current news evolving around the pandemic and other large events, it is easy to forget what's about to happen. In this episode we want to remind you all that Brexit is well underway and what it will mean for data transfers to the UK, with the current legislation in the EU and the UK. https://ukhumanrightsblog.com/2020/10/10/schrems-2-for-the-uk-cjeu-ruling-threatens-future-adequacy-talks/ https://www.infosecurity-magazine.com/news/postbrexit-digital-economy-risk-eu/ https://www.ucl.ac.uk/european-institute/news/2020/jun/eu-us-privacy-shield-brexit-and-future-transatlantic-data-flows https://www.datainspektionen.se/other-lang/in-english/the-general-data-protection-regulation-gdpr/transfer-of-data-to-a-third-country/
24:49
October 19, 2020
Start making a wishlist for your personal development talks
Start making a wishlist for your personal development talks
Today we're discussing the value of investing in your coworkers' identity. As usual, this is of course tied to information security and you will learn how.  We also have a cliffhanger bout Brexit and a statement by the EU about data transfers to the UK. https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-10/cp200123en.pdf
27:25
October 12, 2020
Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Best of luck with the Standard Contractual Clauses - The Privacy Shield saga continues
Today we're talking about data transfers to a third country with a focus on the U.S. due to the fall of Privacy Shield. The Swedish Data Protection Agency has produced an excellent guide on the matter and today we're covering it thoroughly. With the fall of Privacy Shield, everything regarding global digitalisation has turned upside down. Are we allowed to transfer, process and make data available to the U.S. Which legal mechanisms can you use to do so? What are Standard Contractual Clauses? We will of course not cover all of this in one go but rest assured that we'll come back to this subject in future episodes. "The Old Directive" as mentioned by Kim Transfer of data to a third country
46:49
October 05, 2020
BCD culture and information security
BCD culture and information security
Today we're discussing group culture, specifically how a Blame, Complain, and Defend-culture impacts information security. If you are one of those who thinks that information security is all about technical measures - tune in to this and listen to a different opinion. https://www.youtube.com/channel/UCMctd-YoxlHTTjSU6-qkHJQ https://www.tbriankight.com/ citynetwork.eu/podcast
31:12
September 28, 2020
The fall of Privacy Shield and the EDPB FAQ
The fall of Privacy Shield and the EDPB FAQ
On July 16, the Court of Justice of the European Union invalidated Privacy Shield as a mechanism for legal data transfers between the EU and the US. In this episode we're discussing this important ruling and a FAQ that the European Data Protection Board has compiled for stakeholders that are transferring personal data to cloud services such as Microsoft 365, Amazon AWS, Azure and Google G Suite. Video: Max Schrems at the Hearing of the European Parliament on EU-US Data Transfers (26:30) European Data Protection Board publishes FAQ document on CJEU judgment Podcast webpage
41:18
September 21, 2020
Mental beer belly
Mental beer belly
The biggest challenge in information security is the human factor. This is why it is equally important to stay mentally active as it is physically. Join us for some discussions about sudden changes, leadership and mental training. https://www.learning-mind.com/mental-laziness-causes-overcome/ Podcast webpage
29:29
September 17, 2020
Introduction to group dynamics
Introduction to group dynamics
"People will always find a way to mess up both your tech and your procedures. So [information security] comes down to people." Join us as we discuss the different stages of group development and how group dynamics is tied to information security. https://en.wikipedia.org/wiki/Group_development#Wheelan's_integrated_model_of_group_development https://ebrary.net/3071/management/wheelans_integrated_model_group_development Podcast webpage
31:24
September 17, 2020
What is information security?
What is information security?
Let's start this journey together by explaining what information security really is. Welcome to the first episode of The Information Security Stack! Podcast webpage
29:08
September 17, 2020
Trailer - The [InfoSec] Stack
Trailer - The [InfoSec] Stack
After four years of teaching and discussing information security, regulatory compliance, and many other topics in Swedish, it is now time for us to reach out to a broader audience. Welcome to The [InfoSec] Stack where we will do our best to teach and discuss information security, regulatory compliance and many other topics. https://citynetwork.eu/podcast
05:18
September 17, 2020