Category Archives: General

Data privacy is an established discipline which deals with the protection of people’s personal information, to protect the individuals themselves. Information about people’s ethnicity, religion, gender, political affiliations, nationality, diseases, physical disabilities, age, and other things, can be used to unfairly target or persecute people. Information related to a person’s financial status, workplace, place of residence, banking information, national identifiers, and biometric information can also be used to perform ID theft and other crimes against persons. Data privacy regulations thus try to influence how such information is collected, protected, shared, and disposed of. Data privacy is a practice heavily reliant on laws and regulations, and as such has traditionally been championed by legal practitioners. Data security (which can be considered to be essentially the data aspect of Information Security), on the other hand, relates to the protection of data. Particularly, it deals with the confidentiality, integrity, and availability of data.…

Read more

The following was posted by the Nation News on March 11th, 2022 [The] Government was forced to shut down its entire information technology (IT) platform yesterday after ransomware found its way through several vulnerable holes in the system. Ransomware is malware that employs encryption to hold a victim’s information at ransom. A user or organisation’s critical data is encrypted so that they cannot access files, databases, or applications. A ransom is then demanded to provide access. Ransomware is often designed to spread across a network and target database and file servers and can thus quickly paralyse an entire organisation. The ransomware that attacked yesterday forced the Ministry of Innovation, Science and Technology to take its overall Internet service offline so the issues could be identified. In an interview with the Weekend Nation even as a special team was still investigating the matter yesterday, Minister of Innovation, Science and Technology Davidson…

Read more

NIST’s National Cybersecurity Center of Excellence (NCCoE) has released the NIST Interagency or Internal Report (NISTIR) 8374, Cybersecurity Framework Profile for Ransomware Risk Management. Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. In some instances, attackers may also steal an organization’s information and demand additional payment in return for not disclosing the information to authorities, competitors, or the public. Ransomware can disrupt or halt organizations’ operations. This report defines a Ransomware Profile, which identifies security objectives from the NIST Cybersecurity Framework that support preventing, responding to, and recovering from ransomware events. The profile can be used as a guide to managing the risk of ransomware events. That includes helping to gauge an organization’s level of readiness to mitigate ransomware threats and to react to the potential impact of events.

At the February 2022 Chapter Meeting of the ISSA Barbados Chapter, we had a presentation titled, “The Metaverse – A Safe Space(?)” was by Christopher Derrell Jnr. Chris (aka Chris Jnr/CJ/upgraded Chris 2.0) is an award-winning software developer who manages UX, architecture, and development to create practical and aesthetic websites. He has 7 years of experience in Software Development and holds a Bachelor of Science (Hons.) in Computer Science and Economics from the University of the West Indies (UWI), Mona. He leads a team of web developers at Adtelligent, and also co-leads Youth Can Do IT, a social enterprise teaching youth the power of data and code. You can view the recording of his presentation below or on YouTube. We’d like to once again thank Chris for agreeing to present and engage with us for our discussion.

Symptai Consulting Limited hosted a webinar with Jamaica’s Information Commissioner (equivalent to the role of Data Protection Commissioner under GDPR) for a very engaging conversation around the impact of the Jamaica Data Protection Act which came into effect on December 1, 2021. This marked the start of a 2 year transition period within which Data Controllers must familiarise themselves with the Act, their role and enforce practices that ensure compliance. You can view the recording of the webinar below or read a summy of the Act here.

The February 9th, 2022 issue of Barbados Today had a column that discussed the impact of the Barbados Data Protection Act on HR personnel, titled “Dear HR . . . Does data protection law affect my role in HR?“. The article explained why data protection is important, outlines the role of data controllers, how HR staff are impacted and key components of the Act. You can read the entire article here.

Ethical hackers who find vulnerabilities on government or private websites in Jamaica could face a $3-million fine and three-year prison sentence if a provision in the Cybercrimes Act, 2015, remains and receives the nod from Parliament. That threat could penalise actors such as Zack Whittaker, the security editor at American online newspaper TechCrunch who, last February, revealed that a cloud-storage server with uploaded documents had been left unprotected on the JamCOVID website. Read the full article here.

The National Institute of Standards and Technology (NIST) has published an update to its SP 800-53A standard, “Assessing Security and Privacy Controls in Information Systems and Organizations.” The publication provides a methodology and set of procedures for conducting assessments of security and privacy controls employed within systems and organizations within an effective risk management framework. The assessment procedures, executed at various phases of the system development life cycle, are consistent with the security and privacy controls in NIST Special Publication 800-53, Revision 5. The SP 800-53A assessment procedures are flexible, provide a framework and starting point for control assessments, and can be tailored to the needs of organizations and assessors. SP 800-53A facilitates security and privacy control assessments conducted within an effective risk management framework. The revision includes new assessment procedures that address newly added and updated privacy and supply chain risk management controls in SP 800-53 Revision 5. SP…

Read more

The Inter-American Development Bank (IDB) has released its Q3 2021 Caribbean Quarterly Bulletin focusing on the evolving economic and human consequences of the ongoing COVID-19 outbreak for countries in the Caribbean region. For Barbados, the report outlines the following regarding Digital Infrastructure: Barbados requires an estimated investment of US$10.6 million to close the digital infrastructure gap The gap for mobile broadband amounts to US$10.3 million, while the gap for fixed broadband is less significant at US$286,163. Closing this gap is crucial to increase employment and contribute to sustainable economic growth. Barbados is making good progress in its digital transformation of public sector administration and in improving service quality. The IDB – supported project aims to achieve (1) greater use of digit al channels by individuals and companies to access public services; (2) greater efficiency in public sector administration; and (3) strengthened public sector skills to operate in a digital economy.…

Read more

One week into January 2022 and a ransomware group is already claiming a successful attack in #Barbados.