cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Contributor II

Re: guarantee my life for cissp

Yes, they are in here, as the real name of a person is attached to the screen name / avatar and can be found easily by clicking the screen name. As I'm a EU resident and (ISC)² has a European HQ my personal data should be handled according to the rules in the GDPR, so in fact (ISC)² needs my explicit permission to publish my personal data. I can't remember having given that to (ISC)², but that's probably somewhere in the T&C. But it may become an issue if the GDPR will be enforced (May 25th 2018).

 

a.png

,

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E SCI
Community Champion

Re: guarantee my life for cissp

I wa taknking more generally about screenames and avatars, just in terms of proving you could work back.

 

But even if isc2 didn’t have  any EU HQ they’ve still collected you’re personal data via whatever mechanism - limited exploit purpose with consent is needed to comply. That last  box might need a look.

Highlighted
Newcomer III

Re: guarantee my life for cissp

Hi

Could you tell me what about? any problem with me?

Community Champion

Re: guarantee my life for cissp

No we’re just talking about the privacy implications of screennames and a last point around if processing EU resident data subjects personal data - what if say a US company with no enrich in the EU that does a big old data slurp and starts processing that persononal data as if there is no tomorrow. Does GDPR have provision for this or not? Is there legal recourse through international courts? Does it go diplomatic, are trade restrictions deployed by the EU?

Contributor II

Re: guarantee my life for cissp

 

You asked: "what if say a US company with no enrich in the EU that does a big old data slurp and starts processing that persononal data as if there is no tomorrow"

 

Usual caveats apply; I'm not a lawyer and this should not be considered legal advice etc.

 

That being said: the EU explicitly does not allow processing of my personal data without permission. Yes, (ISC)² would be held responsible if that happened (they are seen as the data controller) and I could even hold the data processor (the staff that runs this board) responsible. It would then be up to them to sue (ISC)²: no more trying to blame each other while I sit here waiting. And no, is is not sufficient if there is something vaguely worded in the T&C to allow it - the EU laws are very explicit: this needs to be made clear to me in clear, understandable (I'd say: at least 15 pt size font Smiley Very Happy ) wording.

 

I think that it would be wise - especially for (ISC)² - to ensure compliance with the GDPR ASAP. The GDPR will become effective on May 25th, 2018 and especially security related companies should ensure they have their act together before that date.

 

 

 

--
Heinrich W. Klöpping, MSc CISSP CCSP CIPP/E SCI
Community Champion

Re: guarantee my life for cissp

Yeah, I think ISC2 has that covered there was a live chat on this. Agreed on all fronts for requirements for collection, controllers. 

 

However, let's say a company in a Third Country carries on allowing EU based Natural Persons to use their website for services, processes personal data, processes special categories of personal data, because  - why not? Could they do so with impunity? What would be the ramifications?

 

Tinder could be seen as a possible test case for this:

 

https://www.theguardian.com/technology/2017/sep/26/tinder-personal-data-dating-app-messages-hacked-s...

 

Not sure if they have offices in the EU/presence there but folks certainly use the service.

 

 

Viewer II

Re: guarantee my life for cissp

I think you can target the following : 

 

once you finish CISSP , you can  have  job trails and no need to wait to complete all certifications you mentioned.

 

2. Understanding on any cloud platform like AWS will be more  helpful , you can plan for certification( AWS security engineer etc)  in parallel.

 

3. Getting additional insight on Azure platform will give you more benefit  , I recommend you to go through Microsoft University i.e https://mva.microsoft.com/  which is  free platform to learn.

 

4. In Long term, you plan to groom as an Auditor after completion of CISA etc. 

 

5. Initially you can try  as  SOC engineering and Cloud Security Engineer 

 

6. Have a good understanding on Penetration and VAPT tools which will be very helpful to get the job rather waiting to complete too many certifications.

 

7. Explore more tools like  opensource SIEM , alertlogic , threndmicro ,FIM etc 

Advocate II

Re: guarantee my life for cissp

Please see added advice inspired by this thread over in the Career area, in Listing Credentials on LinkedIn & Resumes

 

 

Dr. D. Cragin Shelton, CISSP
Dr.Cragin@iCloud.com
https://CraginS.blogspot.com/
My Community Profile
My LinkedIn Profile