September 2009
Intermediate to advanced
307 pages
7h 46m
English
Content preview from Unauthorised Access: Physical Penetration Testing For IT Security Teams
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
C.1.2. Data Protection Directive
As previously stated, there is very little legislation that penetration testers need to consider at the EU level as this is handled in its entirely by the relevant member state though local laws or through transposed laws brought about through an EU Directive. However, one area that should be discussed is the Data Protection Directive.
This directive, (officially Directive 95/46/EC) originally conceived in 1995, has now been transposed into local law by every member state. In some cases, the creation of new legislation was not necessary. For example, in the UK the Data Protection Act already contains many of the necessary provisions, as does the Personal Data Act in Finland.
Naturally, there are a number of provisions that don't directly concern security consultants however the following are of interest:
Notice – Data subjects should be given notice when their data is being collected.
Purpose – Data should only be used for the purpose stated and not for any other purpose.
Consent – Data should not be disclosed without the data subject's consent.
Security – Collected data should be kept secure from any potential abuses.
Disclosure – Data subjects should be informed as to who is collecting their data.
Access – Data subjects should be allowed to access their data and make corrections to any inaccurate data.
Accountability – Data subjects should have a method available to them to hold data collectors accountable for following the above principles.
By now, ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.