Cybersecurity Archives - ComplexDiscovery

What is ComplexDiscovery?

ComplexDiscovery is an online publication that highlights data and legal discovery insight and intelligence ranging from original research to aggregated news for use by business, information technology, and legal professionals. The highly targeted publication seeks to increase the collective understanding of readers regarding data and legal discovery information and issues and to provide an objective resource for considering trends, technologies, and services related to electronically stored information.

ComplexDiscovery OÜ is a technology marketing firm providing strategic planning and tactical execution expertise in support of data and legal discovery organizations. Registered as a private limited company in the European Union country of Estonia, one of the most digitally advanced countries in the world, ComplexDiscovery OÜ operates virtually worldwide to deliver marketing consulting and services.

Contact us today to learn more.

Only a Matter of Time? HaystackID Launches New Service for Data Breach Discovery and Review

According to HaystackID’s Chief Innovation Officer and President of Global Investigations, Michael Sarlo, “With the prevalence of data breaches in today’s business world, it is only a matter of time before an organization faces the challenge of a post-data breach incident response. While there are many different solutions for specific incident response tasks, our new ReviewRight Protect service allows us to help companies address these tasks with an integrated service managed by a team of proven data and legal discovery and review experts. Leveraging HaystackID’s extensive data discovery and compliance reporting experience, the new service helps companies quickly identify sensitive data, promptly assess safe and at-risk data, and rapidly respond and report to mitigate data-breach associated risk.”

January 12, 2021
3 minute read

Playing NICE? A Workforce Framework for Cybersecurity from NIST

According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”

November 30, 2020
3 minute read

New Rules? The European Regulation on Data Governance

According to the European Commission, the proposed Regulation on Data Governance (Data Protection Act) will create the basis for a new European way of data governance that is in line with EU values and principles, such as personal data protection (GDPR), consumer protection and competition rules. It offers an alternative model to the data-handling practices of the big tech platforms, which can acquire a high degree of market power because of their business models that imply control of large amounts of data.

November 26, 2020
4 minute read

[Annual Update] The Intersection of International Law and Cyber Operations: An Interactive Cyber Law Toolkit

The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 19 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia. Its first general annual update was published on October 2, 2020.

October 31, 2020
7 minute read

From Proactive Detection to Data Breach Reviews: Sensitive Data Discovery and Extraction with Ascema

A steady rise in the number of sensitive data discovery requirements driven by events ranging from Data Subject Access Requests (DSARs) to data breaches are adding to the current ‘where’s my data’ problem; a problem increasingly complicated by enormous amounts of unstructured data widely spread across organizational systems. The ability to rapidly locate information across an organization’s digital estate and to easily review, collate, and extract that data into one central repository, is essential when faced with regulatory time constraints. Ascema, a sensitive data discovery and extraction platform from UK-based cybersecurity provider GeoLang, may be able to help eDiscovery professionals as they consider proactive detection and reactive data breach review of data.

October 28, 2020
3 minute read

New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)

NIST has released NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.

October 23, 2020
2 minute read

From Metadata to Mass Surveillance? European Data Retention Revisited

This new report, “Data Retention Revisited,” published by the EDRi, critically revisits the question of data retention and concludes that the ongoing aspirations to reintroduce a data retention obligation in the EU remain in violation of EU law as long as the strict necessity of data retention is unproved and no genuinely targeted retention obligation is considered.

October 3, 2020
2 minute read

Collaborative Cyber Defense: The U.S. Army and Estonia Sign Historic Agreement

“Estonia is a cyber country of excellence with a robust cyber defensive system in terms of technology and people. Given their deep expertise, I believe they will have substantial lessons to share, which will be enormously helpful in finding efficiencies in our science and technology efforts while understanding how best to defend against cyber warfare,” said Robert Kimball, the C5ISR Center’s senior research scientist for cyber security. Kimball also noted Estonia is home to the NATO Cyber Defense Center and Cyber Range.

September 24, 2020
3 minute read

Socially Acceptable? EDBP Guidelines on the Targeting of Social Media Users

According to the recently published EDPB guidelines on the targeting of social media users, the term “targeter” is used to designate natural or legal persons that use social media services in order to direct specific messages at a set of social media users on the basis of specific parameters or criteria. What sets targeters apart from other social media users is that they select their messages and/or their intended audience according to the perceived characteristics, interests, or preferences of the individuals concerned, a practice which is sometimes also referred to as “micro-targeting.” Targeters can engage in targeting to advance commercial, political, or other interests.

September 18, 2020
3 minute read

Considering the Challenge of Cloud Forensics? A New Publication from NIST

According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.

September 1, 2020
3 minute read