May 25th, a historical day we've celebrated considering GDPR as a piece of cake. LSEC kicked off the official starting date of the GDPR (General Data Protection Regulation) offering its constuency experiences, technology and birthday cake. ForgeRock presented some considerations on using the core identity as the main architecture also for data protection. During the cases by FireEye, Excellium Services and BNP Paribas Fortis various views and perspectives were presented on how the transition has taken place, what the current actions and activities were and what the next steps are beyond the transition.

GDPR is a process that started years ago by many, and where adoption will continue over the years to come. Companies and organizations facing multiple challenges and developments. IBM and Symantec presented their ideas on identity, monitoring and data leakage prevention. Bitsensor presented a perspective on managing GDPR with DevOpps and agile in mind. CSI Tools presented a user management perspective from their experience in governance control for ERP-environments. Debates were held around ethics with Cathrin Sondergraard, future challenges, the state and development of the regulator. Ulrich Seldeslachts pointed to the challenging messages presented by the different DPA and the speed of ttransforming into national laws. 

If you missed it, presentation materials are now available for download from GDPR Birthday Event page or look for the 2018-05-25 event on the activities. 

April 26th, LSEC - and the Belgian Cyber Security Coalition (CSC) organised the an Experience Sharing day at the VBO / FEB in Brussels. Main topic was NIS and its developments. Especially for Belgian companies, the development of the NIS Directive which was published in June 2016, being transposed into Belgian law required an update. Thanks to the CCB (Center for Cybersecurity in Belgium), an update was presented on its current "under development" status, as this is the authority of the Belgian regulator. Many ingredients are taken from the Critical Infrastructure Protection (CIP)-legislation. The Operators of Essential Services (OES) have not yet been defined, but the list will be in line with the other Member States. Some indications were in any case presented during the day, some experiences from previous legislations shared amongst the attendees. FireEye opened the day with an overview of the relevance of NIS and Critical Infrastructure Protection from an adversary perspective, still (and increasingly) today. Forgerock presented some of its experiences and best practices from a GDPR perspective. Other talks were focused on the developments of GDPR (Jan Leonard of Orange Belgium and Willem De Beuckelaere of the developing Belgian DPA). Some a somewhat more practical challenging and concerns perspective, the other a somewhat more at ease point of view. 

If you missed it, presentation materials are now available for download from NIS, GDPR and PSD2 in Practice, LSEC & the Cyber Security Coalition page or look for the 2018-04-26 event on the activities. 

March 20th, LSEC - CSA Belux in collaboration with the Belgian Cyber Security Coalition and KPMG organised the Belux CSA (Cloud Security Alliance) Chapter Meeting at KPMG in Antwerp. Cloud Security has matured over the last decade, and recent trends indicate that over the next five years public clouds will be growing 20% annually. Organisations large and small, private and public are migrating from in house - on premise - hybrid, to public clouds. Most of the spent is on SaaS, and moving into public and that is quite a surprise to many Security practitioners. Experiences and Best practices were shared from KBC Belgium on how to manage cloud services from a service level and ICT-provisioning perspective, from Google Cloud on the application of security, by Laurie-Ann Bourdain on the practice of GDPR in Cloud Operations and by Hans Graux en Ulrich Seldeslachts on the developing Cloud Certification schemes also for GDPR Compliance. KPMG updated the attendees with a view on the developments of Belgian companies on GDPR. Sebastien Deleersnyder from Toreon opened the day by indicating some of the current threat models in the cloud development landscape. Many thanks to KPMG for hosting this activity. 

If you missed it, presentation materials are now available for download from Cloud Security 2018 - CSA Summit Belux page or look for the 2018-03-20 event on the activities. 

January 23rd, the first GDPR Salon in Brussels took place offering an insight on some major developments of GDPR technology in Belgium. The two hundred attendees and representatives from the public authorities and the partners of the organization being all enthusiastic on the setup and activities of the GDPR Salon calls for some additional events of interest, including a GDPR Salon 2019. The opening keynotes from both State Secretary on Privacy Philippe De Backer and Willem Debeuckelaere,  president of the privacy commission in Belgium, confirmed the additional activities requested from the Belgian DPA, extending its responsibilities and increasing its budget. 

If you missed it, presentation materials are now available for download from the GDPR Salon event page or look for the 2018-01-23 in our calendar. 

January 18th, already for the fifth time the annual LSEC Cyber Threat Intelligence seminar took place in Brussels. Focusing on the domains of Situational Awareness, threat detection and how to respond to it, Cyber Threat Intelligence includes the mechanism of collecting and dealing with cybersecurity threat information. Some of this information needs to acted upon. With a keynote by the CEO of G DATA Advisory and Advanced Malware Analysis team, and followed by some experience from within Airbus Cyber Security on how to treat Cyber Threat Intelligence within the organization. Wim Hafkamp, CISO Rabobank was challenged by 100kms of wind in the back but came and presented his view on the challenges of the financial services market. Key components related to regulations, software engineering and dealing with cyber threat intelligence. IBM, ATAR Labs - a very promising startup from Turkey -  capable of automating many tedious presidential tasks. Followed with an interesting perspective on Europe's biggest sharing platform, MISP (Malware Information Sharing Platform). 

If you missed it, presentation materials are now available for download from Cyber Threat Intelligence CTI-registration page or look for the 2018-01-27. 

On November 30th, LSEC organized its 8th GDPR activity in 2017, this time on Experiences Sharing in GDPR transformation, covering topics such as developments and state of play with guidelines, accountability, PIA's and DPIA's, Consent Management, Data Leakage Prevention technologies, compliance management, company wide data loss protection and overall privace management. Interesting debates with operational data protection coordinators and DPO's, participants from DPO offices managing the current challenges in the ongoing GDPR transformation. 

The majority of the participants have already been studying GDPR and its impact, but continue to struggle with the implementation. Guidance from the experts Nicholas Delcroix, Hans Graux, Laurie-Ann Bourdain and experiences from the iWelcome team, on privacy by design by Tommy Vandepittte, using SDLC for GDPR development by Toreon, practical experiences on use of DLP technologies from Symantec and Data Protection form IBM and finally from iGuards made it an informative and practical session for our attendees. For most of them, interpretation of the GDPR regulation continues to be challenge, debate and discussion. Best practices amongst attendees supports some of the ongoing developments on GDPR transformation.

If you missed it, presentation materials are now available for download from the GDPR events page and looking for November 30th event (or any of the other past sessions)..