6
Ghostery is just one example of a tool that you could be using. It is an open source privacy and security-related browser extension and mobile browser application. By installing this browser add on, you are alerted to what information is being collected about you by each site as you visit it. Recommended by Edward Snowden. An example of what Ghostery exposes as captured data is shown.
Data Collected:
Anonymouse (Ad Views, Analystics, Browser Information, Cookie Data, Date/Time, Demographic Data, Hardware/Software Type, Internet Service Provider, Interaction Data, Page Views, Serving Domains)
Pseudonymous (IP Address (EU PII), Location Based Data, Clickstream Data, Devide ID (EUPII))
Data Sharing:
Aggregate data is shared with 3rd parties, Anonymous data is shared with 3rd parties. PII data is shared with 3rd parties
Data Retention:
As long as necessary to fulfill a business need or as required by law
One approach hackers take is to setup a website, link a “Free iPad giveaway” on Facebook, Linkedin, email etc. Watch the people roll in and then troll you and your data. Once enough victims have been fooled, the most promising targets are chosen. They then track all of their social media accounts using things like Namechk, Zapier, Google Docs to automatically collect information. They use this data to compromise your account(s) and reap the rewards.
In another recent example, three groups of hackers wiped around 26,000 MongoDB databases and demanded victims to pay
$650 to have them restored. The attackers claim to hold a copy that can be purchased for between 0.2BTC and 1BTC, but there's no guarantee the data is actually available if a payment is made. Most people unintentionally have allowed this to happen.
ITIL & RESILIA synergies
RESILIA is built on ITIL, having all of the same lifecycle stages, Strategy through to Continual Improvement. The processes are the same other than some additional cyber resilience related disciplines, but the perspective of these processes is cyber resilience not ITSM. This doesn’t mean you are learning the ITIL course all over again. The course has been designed to integrate with other Best practice methods to ensure a holistic approach.
I will give you an example of how a RESILIA process would be used. If your company was compromised by the Mongo DB hack above, would you send a blanket email out to all stakeholders notifying them that you’ve been hacked? Probably not; and you wouldn’t want to be working out who to notify on the fly.