<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=2019184968353592&amp;ev=PageView&amp;noscript=1">

Solutions II Blog

Kalyan Krishnaswamy

Recent Posts

Privacy / Security by Design

Posted by Kalyan Krishnaswamy on Oct 3, 2017 1:25:41 PM

Why regulations, such as GDPR, are valuable to adhere to - even if you are not mandated to follow it.


  1. The term "privacy" denotes a socially defined ability of an individual (or organization) to determine whether, when, and to whom personal (or organizational) information is to be released.
  2. The term "security" describes techniques that control who may use or modify the computer or the information contained in it.
  3. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). It also addresses the export of personal data outside the EU. The primary objectives of the GDPR are to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995. The regulation was adopted on 27 April 2016. It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by national governments and is thus directly binding and applicable.**

Privacy by Design

Privacy by design (PbD): a framework described by Dr. Ann Cavoukian, promoted the concept while acting as the Information and Privacy commissioner in Ontario, Canada and an advocate of default online privacy. She is currently the Executive Director of the Privacy and Big Data institute at Ryerson University.

PbD, a framework that has been around since the 90’s evangelizes a user centric (openness and transparency) approach to privacy, by keeping the user and their data at the center of all things important, theorizes 7 foundational principles to control the effects of information and communication technologies. They are:

Read More

Topics: Security

WAF Happened at Equifax?

Posted by Kalyan Krishnaswamy on Sep 18, 2017 12:00:00 PM

Pardon the pun 😊. Although the ‘official’ root cause for the hack hasn’t been published yet, there is a lot of chatter about the reasons for the breach. The current contender suggests that the likely cause for the breach is a previously known exploit of Apache Struts, a popular open source framework to develop Java web applications. See below for relevant links on the source of the vulnerability.

Read More

Topics: Security, Security Breach, Cybercrime

CIS Controls and Ransomware

Posted by Kalyan Krishnaswamy on May 23, 2017 11:00:00 AM

I “wannacry” (couldn’t help it) when I think about the proliferation of the recent ransomware attack that affected over 200,000 systems in over 100 countries. Ruthlessly, this malware brought down rail and hospital systems alike. This is where it gets “real” and forces organizations of any size to evaluate their ability to mitigate such invasive and life-threatening attacks.

Read More

Topics: Security, Ransomware