Normally I enjoy learning and exploring new apps/tools especially tools that help me to ‘think’ and/or communicate or express my ideas visually.
Today I watched 14 YouTubes on NVivo. Nothing wrong with those ‘introductory’ videos. It’s just me. I learn by doing and experimenting. I don’t have plenty of time to learn any tools as I’m on very tight schedule to finish my Thesis. So I need to get up to FAST speed with NVivo. Arghhh…If I have a choice I would not use NVivo at all!
Maybe one day someone will research on wuxing for cyber warfare or cyber this & that. Anything is possible as long as one is prepared to go beyond the confine of ‘scientific thinking’.
Just reminiscing about the episodes of my interests in Chinese philosophy. Perhaps one day I will revisit wuxing and re-kindle my ‘mad/crazy’ interests.
My initial website on wuxing
I have created so many mindmaps using Freemind – my favorite tool for capturing & logging stuff.
Now I just need to revisit most of them and start writing up my Thesis.
In going through my many maps I came across the 1st map I did on ‘data’. Posting the
data map here.
Yesterday evening, 29th March 2018 I attended a BCS Law Specialist Group event – GDPR: Anonymisation,re-identification risk and GDPR profiling. The talk was presented by Dr. Amandine Jambert from the French Data Authority CNIL. The anonymisation slide is interesting.
I asked whether the WP29 thinking (& their opinions) about the 3 properties are for the ‘direct and indirect’ way of identification of the personal data. The answer was not in the method itself but that the properties are for ‘all data types’ i.e. any dataset. Her exact wordings ‘ use by anyone on any dataset’. Also, the DPA (DPO/Organisation?) needs to prove (or justify or show) that the dataset has indeed been anonymised (using any of the 2 options). My understanding is that the anonymisation if done (risk-based, database and/or algorithmic-driven) should not enable the direct and indirect re-identification of the individual(s).
As noted on this slide:
‘No single technique eliminates all risks’.
It’s near impossible to identify/isolate ‘all the direct/indirect re-identification risks’ associated with any dataset, assuming the dataset is available and not hidden in some Cloud and/or in a chain of hidden registers.
We really need to re-think personal data in terms of ‘the harm to individuals’ as there’s no absolutely sure way of preventing re-identification risks (i.e. singling out, linkability or inference/deduction etc.)
Overall a great talk.
I just noticed the slides and talk are available online: BCS Law talk 29th March 2018
I’m hopeless at making New Year Resolutions (& don’t believe in making them), so will just remind myself by posting this blog with this message:
I will finish my PhD by the end of October 2018
One nicety of being a research student is learning interesting stuff, stuff that other researchers have done, in particular in data visualisation (one of my many interests!).
Most recently I attended two seminars at City, both interesting in many ways. Their websites:
Microsoft researchers on data driven storytelling
Fanny CHEVALIER – Research Scientist at Inria
If I have spare time, I’ll blog about my own challenges (& less notable achievement but still an achievement in my own terms!) with data visualisation tools. Finding and getting a grip with ONE storytelling tool to do a nice, neat & brain-cracking (or mind-blowing) visualisation of what I THINK my intended users want to see from my research output is beyond my research domains.
Caught between three world views as described in this passage:
Scientific knowledge is constructed socially by subjective minds interacting with nature. It, therefore, seems obvious that we have to admit that our inner “subjective” world is as foundational a part of reality as “objective” external nature and “intersubjective” social worlds.
But western scientific culture lacks a transdisciplinary framework that can encompass all three worlds without reducing any of them to byproducts of the development of one of the others. We need such a non-reductionistic framework more than ever as our basic problems often arise in the gaps between the recognized disciplines.
Interdisciplinary work needs a transdisciplinary framework for mutual orientation and context determination.
A sort of common map, so to speak, on which to point out, recognize and understand each other’s territories..
Extracted from: ‘The necessity of Trans-Scientific Frameworks for doing Interdisciplinary Research’ by Professor Søren Brier
Now, how do I apply the theory and the transdiscipinary framework for my research on data breach incident response?
It seems that on initial exploration, Peirce’s work on Semiotics provided the necessary framework in the form of Firstness, Secondness, Thirdness – Peirce’s ternary.
It’s now June 2016…was supposed to complete my MPhil/PhD transfers by end of July 2016.
Schedule sifted again!
I’m hoping to finish all my interviews by end of June and hoping to do the transfers by end of September 2016.
A bit of my Sunday ranting..
Couple of weeks ago I called TalkTalk 3-times with a BIG hope to get an interview with them for my research interviews.
1st call: the HR Office was closed.
2nd call: asked for their IT Manager. After I spelled out the reasons for my calls, he slammed the phone down. How rude is that?! Just goes to show TalkTalk has no protocol or customer handling procedures. No wonder they’re hacked!
The 3rd call – no answers from the switch board. I think the company should change their name to NOTALK.
Also, some folks want to get my research findings but not interested or willing to participate in the interviews. Poor excuses with ‘non-disclosure or confidentiality’ agreements. It seems that declaration of the research ethics procedures/approval, and also with the consent form for participants are poor substitutes for getting folks to participate. Perhaps industry practitioners don’t know why researchers are doing interviews and also why their input are needed.
I’ve collected some sites/links on data breaches. Some are listed under ‘DataHub’ on the menus on the right columns of this site.
On my ToDo lists is an item to ‘somehow create/use visualisation tools’ to extract and represent the data breaches in the UK that have been reported in the press or elsewhere.
Here’re more links on data breaches (in no particular ordering) in the UK, including other notable data incidents (some requiring registration/account login):
Ecuadorian bank cyber thieves used HSBC accounts in Hong Kong
London NHS trust fined for HIV newsletter data breach
UK charity CALM hacked in ‘senseless’ attack
UK charity gets hacked twice in ‘motiveless’ attack
Scottish charity reports data loss due to unencrypted USB sticks
Data losses on USB sticks – it’s raining again
Third ICO fine in a week after sensitive information widely distributed by webmail
Nationwide fined £1m over laptop theft security breach
More than 170 law firms investigated by ICO over data breaches in 2014
The UK’s 11 most infamous data breaches 2015:
Nationwide Building Society (2006) -
Nationwide fine for stolen laptop
HM Revenue & Customs (2007) –
Another bad day for the database guys
HM Revenue & Customs Child Benefit Office (2008) -
Child benefit data loss: timeline of scandal
IPCC publishes report into missing HMRC data CDs (full version)
Sony PlayStation Network (2011) -
Sony admits huge PlayStation Network data breach
NHS Trust in Brighton (2012) –
NHS Trust receives largest ever data breach fine
Morrison’s supermarket (2014) -
Morrisons supermarket suffers major pay-roll data breach after insider attack
Staffordshire University (2014) -
Staffordshire University stolen laptop had student contacts details
Mumsnet (2014) -
Mumsnet falls to Heartbleed hackers as 1.5 million users reset passwords
Think W3 Limited (2014) -
Online travel services company exposes more than a million customer records to malicious hacker
Moonpig (2015) -
Moonpig Android app flaw puts THREE MILLION accounts at risk
TalkTalk (2014/2015) – various news:
TalkTalk hack: What to do if hackers have your data
TalkTalk: Hacked telecoms giant refusing to let customers leave without paying fees
TalkTalk profits halve after cyber attack
TalkTalk lost more than 100,000 customers after cyber attack
Interesting listing of books with titles on privacy, security, secrecy, surveillance, and more on this privacyandsecurityforum websites.
Wondering whether the books are indeed ‘non-fiction’.
I am looking for books written by non-US authors or written by US authors but from non-US ‘non-fiction’ accounts/compilations.
Latest report from ENISA on incident response and cyber crisis cooperation:
Strategies for incident response and cyber crisis cooperation
cyber crisis cooperation – ccc – a new acronym?
On processes and procedures:
Another aspect that is strongly connected to the human factor in the course of incident response is the
available processes and procedures. A clear, concise, well-documented incident response plan must be in
place that complies with the existing policy framework at organisational level as well as national level.
Overcomplicated response plans will delay the effectiveness of incident response and escalation
procedures. If policies are loose, the incident response team may lack autonomy to act responsibly. It is
vital that the personnel are available for the processes and procedures related to incident response. It is
just as vital that the constituents of the national and governmental CSIRTs are also aware of their parts in
the process of managing an incident.