Skip to content

CyberLink Releases FaceMe® Security 7.0, Coining Game-Changing “VMR” Console and Introducing a Wealth of Enhancements to the Surveillance and Access Control Software

The new AI-based Video Monitoring and Recording (VMR) module, the first of its kind, brings a substantial overhaul to the console and related add-ons; and support of H.265 formats and DIDO I/O modules make the solution more relevant and accessible than ever

TAIPEI, TAIWAN — December 10, 2021 —CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technologies, today announced the newest update to FaceMe® Security, its premier facial recognition solution for surveillance and access control. Version 7.0 introduces the VMR Add-On, dramatically enhancing the software’s video management capabilities. The new module, a replacement to the Monitor Add-On, comes with gallery and floor plan view features that logically connect IP cameras and enable seamless, real-time video tracking of individuals’ journeys through the facilities. The updated version also introduces the ability to search for a person using an image of their face, and supports H.265 as well as DIDO I/O modules.

FaceMe® Security is a comprehensive AI-based surveillance solution integrating CyberLink’s market-leading facial recognition technology. It provides an expansive set of functionalities such as identity verification, time and attendance tracking, health check (mask detection and temperature measurement), live monitoring, and event-based alerts, for example, when detecting VIP or block-listed individuals. FaceMe® Security’s scalability and compatibility with most existing security system components and leading video management system (VMS) solutions make it the perfect value-adding complement to system integrators’ offerings, across any facility: from office, residential, and institutional buildings, to hotels, retail stores and warehouses, factories, and large industrial plants.

The latest FaceMe® Security (v7.0) update enhances four main areas:

VMR Add-On – Live Monitoring and Recording via IP Camera Video Streams

The VMR Add-On (replacing the Monitor Add-On) is a software module that connects to FaceMe® Security and integrates all the features essential to video monitoring and recording. The console allows security personnel to monitor multiple video streams in real time, receive instantaneous alerts, and search recorded videos.

The new VMR Add-On Floor Plan View capability overlays live video feeds from IP cameras to the uploaded facilities’ floor plans, intuitively locating potentially problematic situations, following individuals of interest, and quickly intervening to address security issues. The Gallery View allows users to select and monitor up to nine streaming video feeds concurrently, each with their own layout by floor, area, purpose, or other relevant criteria. Additional options and user interface enhancements include enlarged thumbnails with detailed information, camera numbering for better identification, and more.

FaceMe ® Security Central Management Console – Search People by Image, Customizable Groups

The FaceMe® Security Central module, running on on-premise servers, provides centralized access to face database management, visitor history, event logs, and system configuration. In the 7.0 update, FaceMe® Security Central adds a new Search by Image feature, which can locate the visiting history of a specific person (e.g., potential thief) by uploading an image of their face. The new release allows the creation of customized groups of individuals based on profiles and characteristics that match organizations’ unique security needs. Each group can be assigned a distinctive color and pattern to easily visualize the corresponding individuals on the video feeds.

End-to-end Support for the Latest H.265 Video Formats

H.265 is the video compression standard supported in most of the latest IP cameras. Compared to the legacy H.264 format, H.265 reduces file size by 50 to 75% for comparable video quality, dramatically increasing the number of hours of video recording that NVRs (network video recorders) can store. FaceMe® Security now provides end-to-end support for H.265 videos (when using hardware such as Intel CPUs’ Quick Sync decoder and NVIDIA GPUs,) for enhanced RTSP streaming, real-time face detection, feature extraction, and video recording retrieval.

Support for DIDO I/O Modules – Fully Integrated with the Control of Doors, Locks, and Lights

FaceMe® Security now supports select models of Advantech’s DIDO control modules, further expanding its compatibility with I/O devices to automatically control doors, locks, and lights when detecting the presence of authorized individuals.

For more information on FaceMe® Security, please visit: https://www.cyberlink.com/faceme/solution/security/overview

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

An unknown problem in the data center industry

The current global pandemic of Covid-19 has brought us a few gifts: global desolation, earaches from the rigid rubber bands of the FFP2 masks, applause for Health at eight in the afternoon on the balconies, fear of infected ones and staff shortage in the data center industry and shortage of IT professionals. In this article we will delve into this last topic.

*We will already devote a double-page report to the saw rubbers of the FFP2

Lack of staff in the data center industry

It is like that how our beloved pandemic has turned the world upside down, at so many levels that even the data center sector has noticed it. Data centers have received an unexpected amount of work due to the reinterpretation of the labor system and telecommuting. In fact, the size of the global data center industry has grown dramatically. This is a direct consequence of higher exposure and need for the Internet, which has come hand in hand with the confinement imposed by governments around the world to fight against infections. That way, it is estimated that the size of the world data center market will reach in the near future (2021-2026), nothing more and nothing less, than 251,000 million dollars.

Source: Uptime Institute Intelligence

And what is the growth of the global data center market leading to? Well, to a proportionally direct and parallel need of professionals in the sector. Estimates from the Uptime Institute, the long-standing champion of digital infrastructure performance, suggest that the number of staff required to manage data centers across the globe will rise from about two million today to nearly 2.3 million in three years.

This turns into countless new technical jobs for the data center industry. Of all types and sizes. With different requirements. From design to operation. And around the world.

You still don’t want to go send resumes?

Why the shortage of IT professionals and other personnel in the data center sector?

Well, just as remote regions are fighting for the repopulation of their villages, this sector is already dealing with the lack of personnel. It is not an easy subject. According to the Uptime Institute, it is very difficult to find suitable candidates for vacant positions at the moment, so if you want to look for a job in your domain, you must be prepared. Although, as it is often the case, in most positions, work experience, internships or work-study training may make up for a certain lack of skill and experience.

With much of the tech industry currently struggling to find qualified staff, data centers are finding it a bit more difficult to locate and hire professionals in high-demand roles. Like power systems technicians and analysts, facilities control specialists, or robotics technologists, or as I call them “Robotechnologists.”

If you’re serious about it and want to be one of the data centers, success in your quest requires a combination of special skills. Yes, exactly, like when you want to be a ninja or a neo noir detective. First, extensive infrastructure knowledge is required. If you have boards with mechanical or electrical equipment, the better. Programming, platform management, specific technological tools… Basic technological knowledge is also very important. In addition, as in the ninja world or in neo-noir crimes, data centers need specialists with practical determination and ample capacity to solve problems, critical thinking, a drive for business objectives, and, not least to know how to behave, both in teamwork and customer service. For all this string of skills and qualities it is making it difficult for them, in the data center industry, to find personnel. But, well, what can we do? There have also been few Fujibayashi Nagato (ninja) and Sam Spade (detective).

As a result, many data centers today are understaffed. They are overloaded, with more job vacancies than people ready to apply for them. And this without taking into account the high demand, outside the data center sector, for professionals with knowledge of computer science and software. The reality is like this, everyone needs a tech expert among their ranks, and sometimes you have to fight for them.

Source: Uptime Institute Intelligence

Debido al cataclismo mundial del Covid-19 y la recesión que ha traído, el estilo de trabajo ha cambiado, trayéndonos de súbito el teletrabajo y las operaciones remotas. Esto ha supuesto que los servicios de los centros de datos incrementen su rendimiento para que las empresas de todo el planeta pudieran operar. Los centros de datos están en un punto crítico. Tienen más trabajo pero menos personal especializado para realizarlo. Además, en estos tiempos, resulta bastante difícil encontrar a una plantilla a la altura. Quizá con la adopción de La Nube y nuevos avances en la tecnología digital se pueda cimentar un sistema,  post-Covid-19, que lleve a las empresas hacia un futuro próspero.

Some conclusions

Due to the global cataclysm of Covid-19 and the recession it has brought, work style has changed, suddenly bringing us telecommuting and remote operations. This has meant that data center services increase their performance so that companies around the world could operate. Data centers are at a critical point. They have more work but less specialized personnel to do it. In addition, these days, it is quite difficult to find a team to match. Perhaps with the adoption of the Cloud and new advances in digital technology, a system, post-Covid-19, can be established that will lead companies towards a prosperous future.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

CyberLink’s FaceMe® Brings Best-in-Class Facial Recognition to Bitkey’s Smart Office Platform, “workhub”

Bitkey integrated its cutting-edge workhub solution into the Tokyo Square Garden office tower, allowing each employee and visitor to experience the future of contactless smart offices

TAIPEI, TAIWAN — December 07, 2021 —CyberLink Corp. (5203.TW), a pioneer in AI and facial recognition technologies, today announced that its FaceMe® facial recognition solution has been successfully implemented by bitkey Inc. into “workhub,” a connected smart office platform. Workhub now integrates AI and facial recognition, enabling a seamless, contactless experience in the workplace. To the satisfaction of office tenants and visitors, workhub is now operational at the Tokyo Square Garden building complex and also showcased at bitkey’s headquarters.

Bitkey, founded in 2018, is a Japanese technology company that provides connected solutions for home, workspaces, and recreational facilities through its respective “homehub,” “workhub,” and “exphub” platforms. As of September 2021, bitkey was the #1 smart lock provider in the Japanese domestic market.

Bitkey’s workhub connected platform will shape the future of smart office connectivity. In addition to providing a complete access control solution that supports multiple authentication methods – IC cards, QR codes, and facial recognition, workhub uses AI-powered connected services to offer office workers a comprehensive, user-friendly experience.

Bitkey’s workhub includes three main features:

Self-Service, Contactless Reception for Visitors 

When an employee fills out the online form to invite visitors to the office, workhub sends them  invitation emails with a QR code that they will scan at a kiosk located at the entrance of the building, at the agreed-upon time. Upon finding the record corresponding to this QR code, visitors are asked to enroll their face in the system to enable facial recognition. Then they can proceed to their assigned meeting room, using their registered face to unlock doors, access elevators, and guide them to their hosts, all in one convenient, streamlined experience.

Self-Service, Contactless Reception for Visitors

Access to Assigned Booths and Meeting Rooms

The workhub Room Support uses facial recognition to manage workspaces, granting registered participants access to their meeting rooms and controlling the attribution of individual booths and cubicles.

Access to Assigned Booths and Meeting Rooms

Real-Time Monitoring of Congestion in Shared Spaces

Bitkey’s live showroom system functionality checks the occupancy of shared spaces and conference rooms in real time to improve space management and ensure comfort and safety.

Real-Time Monitoring of Congestion in Shared Spaces

CyberLink’s FaceMe® is optimized to run across hardware configurations, from high-end workstations to low-power chipsets frequently used in IoT and AIoT devices. It is the most versatile and adaptable facial recognition offering on the market today. FaceMe® provides solution builders and system integrators a fast, reliable, extremely precise, and flexible facial recognition technology that can be deployed across a number of scenarios, including security, access control, public safety, fintech, smart retail, and home protection.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About CyberLink
Founded in 1996, CyberLink Corp. (5203.TW) is the world leader in multimedia software and AI facial recognition technology. CyberLink addresses the demands of consumer, commercial and education markets through a wide range of solutions, covering digital content creation, multimedia playback, video conferencing, live casting, mobile applications and AI facial recognition.  CyberLink has shipped several hundred million copies of its multimedia software and apps, including the award-winning PowerDirector, PhotoDirector, and PowerDVD.  With years of research in the fields of artificial intelligence and facial recognition, CyberLink has developed the FaceMe® Facial Recognition Engine. Powered by deep learning algorithms, FaceMe® delivers the reliable, high-precision, and real-time facial recognition that is critical to AIoT applications such as smart retail, smart security, and surveillance, smart city and smart home. For more information about CyberLink, please visit the official website at www.cyberlink.com

HIPAA: Five Tips for Complying with The Certificate

What is HIPAA? Currently, this is one of the most frequently asked questions by many professionals working in the healthcare industry, especially in times of the Covid-19 pandemic.

But why is it so important and what are its benefits for healthcare companies? First, it is critical to comply with HIPAA to ensure that more secure procedures are in place regarding the handling of some critical information.

However, it must be emphasized that this law is North American. Based on this, there is no document or certificate in Brazil capable of attesting that your company is working following HIPAA.

Thus, working following HIPAA means working in accordance with the standards established by foreign law.

But following these guidelines is a movement that, fortunately, has been gaining many followers in Brazil.

It must be taken into account that HIPAA is extremely important, as it aims to ensure information security in all companies operating in the healthcare industry.

With that in mind, we have prepared an article with five fundamental tips to help your company work in compliance with this law. Check it out!

1. Know HIPAA in Detail

Why is it important to know all the details of HIPAA? To make sure all its points are met.

As mentioned, the Health Insurance Portability and Accountability Act (HIPAA) is a law of foreign origin and applicable in the United States.

So, it can be described as a group of standards aimed at companies in the healthcare industry.

The aim is to ensure data protection. Although HIPAA is legally applicable to the North American territory, this law has inspired many entities around the globe that are part of the healthcare universe.

These companies use various resources to adapt to the rules and guidelines set forth by this law.

The intention is to practice the procedures that guarantee enhanced security in relation to information that circulates in the healthcare sector.

As a result, customers are more confident in doing business with companies that adapt to this foreign law.

Therefore, you can increase the credibility of your brand in a market that is increasingly competitive.

Requirements to Be HIPAA Compliant

Certain requirements must be followed by all companies that aim to comply with HIPAA.

After all, they indicate the standards necessary to protect the electronic medical records of doctors and patients.

Based on this, one could say this law was created to cover several objectives, such as:

  • Offer improvements to the healthcare industry;
  • Ensure a high level of security of patient information and privacy;
  • Determine that healthcare companies provide medical records to patients whenever requested;

2. Assess Your Company’s Infrastructure According to HIPAA

One of the key issues for companies looking to comply with HIPAA standards is a thorough analysis of their IT structure.

For that, they must have a broad vision of the possible vulnerabilities and risks that may appear during the activities.

In this way, it will be possible to identify sensitive loopholes to fully comply with this law.

Another interesting aspect is to assess the information security practices present in the organization and understand if the level of security provided by them is within the ideal.

Thus, analyze whether these practices are capable of guaranteeing the confidentiality of health information, as well as the security of data considered more sensitive.

An effective tip is to observe the procedures being performed to obtain the resources capable of correcting current threats, thus conforming to HIPAA guidelines.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Absolutely no one is safe from security attacks

Software developers and manufacturers around the world are under attack by cybercriminals. It is not like we are in a time of the year in which they spread more and they barricade themselves in front of the offices, with their evil laptops seeking to blow everything up, no. They are actually always there, trying to violate information security, and in this article we are going to give you a little advice on the subject.

No one is safe from all threats

Whether it is a middling attack or sophisticated and destructive (as it happened to our competitors Solarwinds and Kaseya) evil never rests. The whole industry faces an increasingly infuriating threat landscape. Almost every day we wake up with some news of an unforeseen cyber attack that brings with it the consequent wave of urgent and necessary updates so that our system is safe… Nobody is spared, real giants have fallen over. The complexity of the current software ecosystem means that a vulnerability in a small library affects hundreds of applications. It happened in the past (openssh, openssl, zlib, glibc…) and it will continue to happen.

As we pointed out, these attacks can be very sophisticated or they can be the result of a combination of third-party weaknesses that make the client vulnerable, not because of the software, but because of some of the components in its environment. That’s why IT professionals should demand that their software vendors take security seriously, both from an engineering standpoint and from vulnerability management.

We repeat: No one is safe from all threats. The software vendor that took others out of business yesterday may very likely be tomorrow’s new victim. Yes, the other day it was Kaseya, tomorrow it could be us. No matter what we do, there is no 100% security, no one can guarantee it. The question is not to prevent something bad from happening, the question is how to manage that situation and get out of it.

Pandora FMS and ISM ISO 27001

Any software vendor can be attacked and each vendor must take the necessary additional measures to protect itself and its users. Pandora FMS encourages our current and future clients to ask their suppliers for more consideration in this matter. We include ourselves.

Pandora FMS has always taken security very seriously, so much so that for years we have had a public policy of “Vulnerability disclosure policy” and Artica PFMS as a company, is certified with the ISO 27001. We periodically employ code audit tools and maintain some modified versions of common libraries locally.

In 2021, in face of the security demand, we decided to go one step further, and make ourselves CNA of CVE, to give a much more direct response to software vulnerabilities reported by independent auditors.

Decalogue of PFMS for better information security

When a client asks us whether Pandora FMS is safe, sometimes we remind them of all this information, but it is not enough. Therefore, today we want to go further and prepare a decalogue of revealing questions on the subject. Because some software developers take security a little more seriously than others. Relax, these questions and their corresponding answers are valid for both Microsoft and Frank’s Software or whatever thing you may have. Since security does not distinguish between big, small, shy or marketing experts.

Is there a specific space for security within your software life cycle?

At Pandora FMS, we have an AGILE philosophy with sprints (releases) every four weeks, and we have a specific category for security tickets. These have a different priority, a different validation cycle (QA) and of course, a totally different management, since they involve external actors in some cases (through CVE).

Is your CICD and code versioning system located in a safe environment and do you have specific security measures to ensure it?

We use Gitlab internally, on a server in our physical offices in Madrid. People with name and surname, and unique username and password have access to it. No matter what country they are in, their access through VPN is individually controlled and this server cannot be accessed any other way. Our office is protected by a biometric access system and the server room with a key that only two people have.

Does the developer have an ISMS? (Security Incident Management System)

Artica PFMS, the company behind Pandora FMS, is certified with ISO 27001 almost from its beginnings. Our first certification was in 2009. ISO 27001 certifies that there is an ISMS as such in the organization.

Does the developer have a contingency plan?

We not only have one, we have had to use it several times. With COVID, we went from 40 people working in an office in Gran Via (Madrid) to each and everyone of them working at home. We had power outages (for weeks), server fires and many other incidents that put us to the test.

Does the developer company have a security incident communication plan that includes its customers?

It has not happened many times, but we have had to release an urgent security patch, and we have notified our clients in a timely manner.

Is there an atomic and nominal traceability on code changes?

The good thing about code repositories, like GIT, is that these kinds of issues have been solved for a long time. It is impossible to develop software professionally today if tools like GIT are not fully integrated into the organization, and not only into the development team, but also into the QA, support, engineering… teams.

Do you have a reliable update distribution system with digital certifications?

Our update system (Update Manager) distributes packages with digital certificates. It is a private system, duly secured and with its own technology. 

Do you have an open public vulnerability disclosure policy?

In our case, it is published on our website.

Do you have an Open Source policy that allows the customer to see and audit the application code if necessary?

Our code is open, anyone can review it at https://github.com/pandorafms/pandorafms. In addition, some of our customers ask us to audit the source code of the Enterprise version and we are delighted to be able to do so.

Do the components/third-party purchases meet the same standards as the rest of the parts of the application?

Yes they do, and when they do not comply, we maintain them ourselves.

BONUS TRACK:

Does the company have any ISO Quality certification?

ISO 27001 

Does the company have any specific safety certification?

National Security Scheme, basic level.

Conclusion

Pandora FMS is ready for EVERYTHING! Just kidding, as we have said, everyone in this sector is vulnerable, and of course the questions in this decalogue are elaborated with certain cunning, after all, we had solid and truthful answers prepared in advance for them, however, the real question is: Do all software vendors have answers to those questions?

Would you like to find out more about what Pandora FMS can offer you? Find out clicking here . If you have to monitor more than 100 devices, you can also enjoy a FREE 30-day Pandora FMS Enterprise TRIAL. Installation in Cloud or On-Premise, you choose !! 

Last but not least, remember that if you have a reduced number of devices to monitor, you may use Pandora FMS OpenSource version. Find more information here .

Do not hesitate to send your questions. The great team behind Pandora FMS will be happy to assist you! And if you want to keep up with all our news and you like IT, release and, of course, monitoring, we are waiting for you in our blog and in our different social networks, from Linkedin to Twitter through the unforgettable Facebook . We even have a YouTube channel , and with the best storytellers. Ah well, we also have a new Instagram channel ! Follow our account, we still have a long way to go to match that of Billie Eilish.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About PandoraFMS
Pandora FMS is a flexible monitoring system, capable of monitoring devices, infrastructures, applications, services and business processes.
Of course, one of the things that Pandora FMS can control is the hard disks of your computers.

How Does The LGPD Impact Companies?

Due to the growing technological development in the market, we can clearly see how much how consumers tend to buy products and services has changed. Through more practical technologies, such as cellphones, laptops, and tablets, for example, they are just a click away to connect with companies over the internet.

Realizing this new consumer behavior, brands uncovered the need to ensure a digital presence in order to conquer new audiences. As a result of this migration, there was a need to have digital marketing strategies to capture customers, and the collection of user information is among the most used strategies to generate conversions.

However, the LGPD was sanctioned in 2018 to make sure that this data collected by companies — whether an email, CPF, or telephone number — was stored and used securely and transparently.

Do you want to learn more about it? So, check out our post until the end and answer all your questions about the LGPD and how it can impact your business.

After All, What Is The LGPD?

Law 13.709/2018, popularly known as LGPD — an acronym for General Data Protection Law — ended up entering into force in 2018. Therefore, it was created so that the personal data users make available to companies become even more secure, that is, efficiently collected and stored.

In a practical way, it is known that this law offers users power over their data. In other words, it can define how companies can dispose of their sensitive data, and how it should be treated. Furthermore, these users can also simply deny sharing their information as they are not obligated to do so.

There is also a European law, popularly known as GDPR. It was from there that the LGPD based its main premises regarding the security of data and shared user information.

Following the LGPD’s practical line, users must be aware of how their personal information will be used and handled by the companies that collected it. Also, users can choose to remove their data from the database of such companies.

Do you want to stay on top of this subject? Download our free e-book right now and get access to exclusive information.

How Does The LGPD Impact Companies?

Looking at the business side, these new processes guided by the Law will insist that businesses be extremely careful and meticulous about the terms of use of the respective data. Therefore, brands need to explain very well all forms of use in relation to the information provided by users. Not to mention that these businesses must also promote actions so that the user can manage their information.

For these activities to be carried out efficiently, and above all, following the guidelines imposed by the LGPD, each company must pay attention to the main rules it guides regarding the collected data.

What has happened a lot in the business world is that brands have hired professionals to deal specifically with these processes, making the internal sectors that need personal data of customers and leads can work even more securely, and within the law.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.

Looking to protect a fleet of Windows on ARM PCs? Look no further than ESET Endpoint Security

The new ESET Endpoint Security v.9 brings a stable build for Windows 10 on ARM and Windows 11 on ARM-powered devices

After half a year of beta testing, ESET has released a stable build of ESET Endpoint Security ready to help businesses protect their investments into Windows on ARM-based devices. Unlike simpler applications that may only require recompiling the source code for the new hardware platform, reengineering ESET’s endpoint protection technology for ARM-powered devices required intense effort from our development teams. A key contribution to this project was the invaluable feedback of beta product testers and Qualcomm, whom ESET would like to thank.

Starting with version 9, the ARM64 builds of both ESET Endpoint Security and ESET Endpoint Antivirus are now available alongside the x86 (32-bit) and x64 (64-bit) builds. The new builds come with an ARM64 build of ESET Management Agent, making the management and deployment of endpoint protection for a fleet of ARM-based devices easy via the ESET PROTECT console.

ESET PROTECT offers IT admins a unified endpoint management solution that now extends to the ARM64 platform with the same powerful management capabilities and experience. Current ESET business customers can use their existing subscriptions to license the new ARM64 builds.

While the current ARM builds are stable and fully supported by ESET, a few features are currently unsupported compared to the x86 and x64 builds. ESET is working on adding these features in future releases. Nevertheless, thanks to its multi-layered approach to protection, ESET Endpoint Security for ARM still offers a slew of prevention and detection technologies. These range from real-time file system protection that scans files for malicious code whenever they are created, opened, or run, to web access protection that monitors HTTP and HTTPS traffic for malicious software, all the way to anti-phishing protection that detects illegitimate websites attempting to steal passwords or other sensitive data.

Businesses looking to migrate employees to an “Always On, Always Connected PC” model should be prepared for the accompanying risks of employees being always connected to the internet and able to access sensitive data from anywhere—hence the importance of a mature security suite. The pursuit of business effectiveness and an improved customer experience with ARM-powered hardware in employees’ hands entails a twofold dependency:

  • a sufficient growth of an ecosystem of high-performing native ARM applications; and
  • a reconfiguration of security policies and system hardening for “always on, always connected” employees.

Thus, whatever your use case for adopting or experimenting with ARM-based devices—from real-time GPS tracking, to running mobile point-of-sale software, to enabling anywhere access to data for essential services workers—a critical component of your move to ARM should undoubtedly be endpoint security.

For consumers on the lookout for a security solution compatible with their Microsoft Surface Pro X, HP Elite Folio, Lenovo Flex 5G, or other ARM-powered device, ESET provides a beta version available in the ESET Forum.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

Securing the hybrid workplace demands dynamic defense

Advanced preventive protection for cloud email, collaboration and storage

With the massive shift to working from home and large numbers of workers entering a hybrid workplace, cloud-based collaboration and productivity tools have become ubiquitous at businesses around the globe. Although long envisaged, the hybrid model has exposed the complexity of securing the workplace on a practical level.

Protocols, business processes and IT tools now have much more impact on good security, both for home and business networks, not to mention for mitigating increased risks from devices crossing between personal and business use.

The year 2021 saw plenty of news around the large-scale hack of business platforms like SolarWinds Orion and intrusion campaigns targeting IT services companies that ran outdated versions of the Centreon IT monitoring tool. For many businesses, these events should have driven home the point that cyberthreats are increasingly targeting cloud-based systems, collaboration platforms, their users and the IT admins tasked with making it all run smoothly. These have been the very means that enable businesses to find additional efficiencies throughout the pandemic.

While clearly critical, what few IT admins and budget holders may have counted on was the scale of risks unleashed when entire service platforms were targeted by threat actors. In March 2021, the exploitation of Microsoft Exchange, in which ESET researchers identified more than 10 different threat actors or groups that likely leveraged the vulnerability, became a feast on unpatched internet-facing servers that sent shock waves across the IT industry.

Are these large-scale threats distracting from threats closer to home?
ESET’s T2 2021 Threat Report demonstrates that employees working remotely and using remote access tools like Remote Desktop Protocol (RDP) to access company data, tools and IT help are at high risk. In T2 (May-August) 2021, ESET detected 55 billion new brute-force attacks (+104% compared to T1 2021) against networks with public-facing RDP services. This is a sign of how critical RDP has become in the home and hybrid workplace.

This also demonstrates how critical security practices are when setting up, configuring, and using collaboration tools, servers and other business systems. Security is a twofold responsibility: the first on the part of IT admins, who set the rules and monitor activity, and the second on the part of a business’s staff, who use the tools but may waver in their security practices.

Cybercriminals cannot always be stopped from knocking at the door with their false wares. Thus, it is no surprise that phishing and fraudulent messages dominated the T2 2021 email threat scene, with the most heavily impersonated brands being Microsoft, followed by logistics company DHL, electronic signature service DocuSign and file sharing service WeTransfer. However, in their defense, security solutions can be deployed to detect and block these threats.

Enterprise grade security for SMBs
With the security burden only increasing in the second half of 2021, ESET has upgraded ESET Cloud Office Security with a powerful enterprise grade tool, ESET Dynamic Threat Defense (EDTD), which directly addresses the problem of unknown threats with its zero-day threat prevention technology, including cloud sandboxing analysis. The threat landscape is not static, and new threats arise every day; employees need to stay productive without their machines being slowed down by heavy processing tasks from security solutions. Once EDTD is set up, there is no need for admins or users to take any further action. EDTD decides whether a suspicious or unknown sample is benign or malicious by sending it to a cloud-based sandbox for analysis.

The cloud-based sandbox is precisely where this solution can immediately show its value because it off-loads the processing power needed to detect new or unknown threats from employee machines to the cloud. Once in the cloud sandbox, suspicious samples are subjected to multiple machine learning models and robust detection techniques to determine a definitive outcome.

In the face of ever-present threats like phishing and malicious email attachments, organizations should keep track of news on the latest campaigns targeting corporate accounts and share this news with employees.

They should also deploy a cloud sandbox solution that provides a robust layer of protection, even against never-before-seen threats.

Image 1. ECOS dashboard view for ESET Dynamic Threat Defense

With EDTD engaged, ESET Cloud Office Security (ECOS) provides user-friendly administration and flexibility that is backed by enterprise grade protection.

New behaviors require new security 
Rewinding to just prior to the pandemic, when businesses were hunting for additional security solutions, we would find ESET introducing ECOS. Bolstering security for Microsoft 365, including OneDrive and Exchange Online, ECOS proved easy to implement and manage for SMB and enterprise customers alike. Within weeks of its launch, MSPs also offered ECOS in managed environments, simplifying security provision and reporting for cloud customers. 

ECOS has now been put through its paces, securing the very solutions intended to address operating costs, improve productivity and ensure business continuity. While the pandemic has cemented the use of many of these tools, increasing attention must be paid to securing them. Specifically, ECOS extends protection to Microsoft Teams and SharePoint Online. This is a big plus for SMBs which are operating in the cloud because it hardens protection for business continuity via the very tools that allow distributed work and collaboration. 

Try our interactive demo

What can ESET Cloud Office Security with EDTD do for SMBs?
While the onus of properly configuring and securing infrastructure like Teams, SharePoint Online and Outlook lies on both service providers and their clients, these tools impact any and all of their users. When security incidents do occur on large platforms, which are now heavily used even at SMBs, we can expect super blooms of ransomware and other malicious campaigns seeking to leverage extensive periods of vulnerability and access exposed networks.

If you use powerful tools like Teams, SharePoint and Exchange Online, you have signed up for a role in securing your environment. While not all attacks and disruptions faced by organizations have stemmed from large-scale events, mitigating the impacts mirrors practices employed against common threats, and comes down to addressing the “what can be controlled” in a business’s own environment. Considering the near-universal uptake of productivity tools, a product like ECOS goes a long way in adding immediate protections for the most popular tools.
 
Spam and malware 
For the benefit of IT admins who need to manage protection for 25 seats or more, ECOS delivers an effective multitenant and scalable service, protecting all major Microsoft 365 cloud services against malware, phishing and spam emails.  

ECOS checks all incoming emails delivered to a customer’s Microsoft 365 inbox. Our award-winning antispam technology works as the first layer, filtering out spam messages with near-100% accuracy. The second layer is our malware scanner, which detects malicious or suspicious attachments. The third layer protects against phishing (anti-phishing). Learn more about these features here

Every file that is uploaded to OneDrive, shared via SharePoint or transferred via Teams is checked using our powerful malware detection engine, which leverages the same technology as ESET’s endpoint solutions. If the engine detects a dangerous file, it is placed in quarantine, where it is accessible only by administrators; the user remains protected. 

To back that up, admins benefit from ECOS’s easy-to-use cloud console, which gives an overview of quarantined items and immediately notifies them when a detection occurs.

Images 2-3. ECOS dashboard views of detections and quarantined items

What else has ESET Cloud Office Security seen in its first year? 
Many businesses that have onboarded these indispensable productivity tools have enjoyed the confidence of knowing that the built-in security provided by Microsoft is sufficient to maintain business continuity, and, more broadly, to keep their systems safe. By Microsoft’s own account, a lot of “us” are on Microsoft 365 and Teams. As of Q3 2020, Microsoft reported 258 million monthly active Microsoft 365 business users and 75 million daily active Teams users. That’s on top of the 1.2 billion active users of Microsoft Office. 

Their success also means the platforms are targeted in various ways from malicious macros in Word documents sent via Outlook emails to incidents of exploitation of Microsoft Exchange servers. Neither security by design nor Microsoft’s native security have completely stopped these security challenges. This is to be expected for such large infrastructure and their outsized user numbers.  As such, use of these key Microsoft products strongly warrants users adding further security measures. ECOS is cost-effective, rapid to deploy and scalable across the entire range of business and institutional sizes.

Images 4-6. ECOS dashboard views for Exchange, Teams and SharePoint

In 2021, via ECOS’s many dashboards, IT admins were able to see threat types that slipped by Microsoft’s native security: 

  1. HTML/Fraud: A detection name covering a diversity of HTML-based content, distributed with the aim of gaining money or other profit from the victim’s involvement. This includes scam websites, as well as HTML-based emails and email attachments. 
  2. HTML/Phishing.Agent: A detection name for malicious HTML code often used in a phishing email’s attachment. When such an attachment is opened, a phishing site is opened in the web browser, posing as an official banking, payment service or social networking website. The website requests credentials or other sensitive information, which is then sent to the attacker.  
  3. DOC/Fraud: A detection name mainly covering Microsoft Word documents with various types of fraudulent content, primarily distributed via email. The goal of this threat is to profit from the victim’s involvement, often by persuading the victim to disclose online account credentials or sensitive data. Documents often contain links to websites where victims are asked to fill in personal data. 

While malicious documents vectoring from email and malicious websites still comprise the largest proportion of threats to business ecosystems, we shouldn’t forget that these also track to newer SharePoint-based features that mushroomed in popularity under COVID-19. These files can and do make their way to SharePoint. 

ECOS for hybrid work
Security culture, IT admin skills and  system settings are critical to address the security demands brought by both hybrid work and the large uptick in collaboration and productivity platforms, as well as RDP. These realities mean more security is essential. The addition of EDTD now ensures immediate protection via additional cloud technology to protect not only computers within the company perimeter, but also employees connecting from home offices or other remote locations. Via the analysis of unknown samples by EDTD, not only does the PC encountering the sample remain better protected, but all endpoints within the company perimeter proactively receive the same detection and protection.

If a company requires improved security now, but its IT department is overwhelmed with work, simple automation of security is a key requirement. ECOS + EDTD supplies that.

To find out more, try our interactive demo of ECOS here

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

ESET Research analyzes malicious frameworks targeting air-gapped networks; dissects 15 years of nation-state efforts

  • ESET researchers revisit 17 malicious frameworks used to attack air-gapped networks. The frameworks comprise all those known to date.
  • An air-gapped network is one that is physically isolated from any other network. As air-gapping increases security, such networks are commonly used for the most sensitive systems, such as industrial control systems that run pipelines, power grids, and nuclear centrifuges, and voting systems.
  • These critical systems are of high interest to APT groups that are typically sponsored or part of nation-state efforts. Ultimately, if an air-gapped system is infiltrated, these threat actors can intercept confidential data and spy on countries and organizations.
  • In the first half of 2020 alone, four malicious frameworks designed to attack air-gapped networks were detected and publicly revealed, bringing the total number to 17.
  • ESET Research offers security tips to improve air-gapped network defenses.

BRATISLAVA, MONTREAL — December 1, 2021 — ESET researchers present their analysis of all malicious frameworks used to attack air-gapped networks known to date. An air-gapped network is one that is physically isolated from any other network in order to increase its security. This technique can help protect the most sensitive of networks: industrial control systems (ICS) running pipelines and power grids, voting systems, and SCADA systems operating nuclear centrifuges, just to name a few. Naturally, systems that run critical infrastructure are of high interest to numerous attackers, including any and all APT groups. APT groups are typically sponsored by or part of nation-state efforts. Ultimately, if an air-gapped system is infiltrated, these threat actors can intercept confidential data in order to spy on countries and organizations.

In the first half of 2020 alone, four previously unknown malicious frameworks designed to breach air-gapped networks emerged, bringing the total number to 17.

Discovering and analyzing this type of framework poses unique challenges as sometimes there are multiple components that all have to be analyzed together in order to have the complete picture of how the attacks are really being carried out. Using the knowledge made public by more than 10 different organizations over the years, and some ad hoc analysis to clarify or confirm some technical details, ESET researchers led by Alexis Dorais-Joncas put the frameworks in perspective to see what history could teach cybersecurity professionals and, to a certain extent, even the wider public about improving air-gapped network security and our abilities to detect and mitigate future attacks. They have revisited each framework known to date, comparing them side by side in an exhaustive study that reveals several major similarities, even within those produced 15 years apart.

“Unfortunately, threat groups have managed to find sneaky ways to target these systems. As air-gapping becomes more widespread, and organizations are integrating more innovative ways to protect their systems, cyber-attackers are equally honing their skills to identify new vulnerabilities to exploit,” says Alexis Dorais-Joncas, who leads ESET’s security intelligence team in Montreal.

“For organizations with critical information systems and/or classified information, the loss of data could be hugely damaging. The potential that these frameworks have is very concerning. Our findings show that all frameworks are designed to perform some form of espionage, and all the frameworks used USB drives as the physical transmission medium to transfer data in and out of the targeted air-gapped networks,” explains Dorais-Joncas.

With the risks identified, ESET has put together the following list of detection and mitigation methods to protect air-gapped networks against the main techniques used by all the malicious frameworks publicly known to date:

  • Prevent email access on connected hosts — Preventing direct access to emails on connected systems would mitigate this popular compromise vector. This could be implemented with browser/email isolation architecture, where all email activity is performed in a separate, isolated virtual environment.
  • Disable USB ports and sanitize USB drives — Physically removing or disabling USB ports on all the systems running in an air-gapped network is the ultimate protection. While removing USB ports from all systems may not be acceptable for all organizations, it might still be possible to limit functional USB ports only to the systems that absolutely require it. A USB drive sanitization process performed before any USB drive gets inserted into an air-gapped system could disrupt many of the techniques implemented by the studied frameworks.
  • Restrict file execution on removable drives — Several techniques used to compromise air-gapped systems end up with the straight execution of an executable file stored somewhere on the disk, which could be prevented by configuring the relevant Removable Storage Access policies.
  • Perform regular analysis of the system — Performing a regular analysis of the air-gapped system to check for malicious frameworks is an important part of security in order to keep data safe.

In addition, it is worth noting that endpoint security products are generally able to detect and block several exploit classes, so having such technology not only deployed but also kept up to date could have a positive impact.

“Maintaining a fully air-gapped system comes with the benefits of extra protection. But just like all other security mechanisms, air gapping is not a silver bullet and does not prevent malicious actors from preying on outdated systems or poor employee habits,” comments ESET researcher Alexis Dorais-Joncas.

For more technical details about malicious frameworks used to attack air-gapped networks, read the white paper “Jumping the Air Gap: 15 years of nation-state effort” and the accompanying blogpost on WeLiveSecurity. Make sure to follow ESET Research on Twitter for the latest news from ESET Research.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About ESET
For 30 years, ESET® has been developing industry-leading IT security software and services for businesses and consumers worldwide. With solutions ranging from endpoint security to encryption and two-factor authentication, ESET’s high-performing, easy-to-use products give individuals and businesses the peace of mind to enjoy the full potential of their technology. ESET unobtrusively protects and monitors 24/7, updating defenses in real time to keep users safe and businesses running without interruption. Evolving threats require an evolving IT security company. Backed by R&D facilities worldwide, ESET became the first IT security company to earn 100 Virus Bulletin VB100 awards, identifying every single “in-the-wild” malware without interruption since 2003.

What Is the Difference Between IAM and PAM?

It is important to know the differences between IAM (Identity & Access Management) and PAM (Privileged Access Management). However, this theme still raises doubts for some people.

First, it is necessary to understand that the need to obtain an identity is essential. 

After all, it is important to know that it is not defined only based on personal documents anymore. 

In fact, identity is constituted through several characteristics capable of affirming who we are and the types of activities we perform.

Thus, several issues make up our identification such as name, biometrics, among other attributes that help build a unique identity.

Based on this, without detecting these characteristics, it would be impossible to recognize a person among the large number of individuals that inhabit planet Earth.

Regarding this aspect, have you ever imagined what would be the routine of an online system in which all users had the same identity?

So, imagine the following situation: Leo owns a company. When logging into the system, he seeks access to information relating to all employees in the organization.

Laura, who also works at the company, needs to enter the same platform to obtain information about the work she will perform, without necessarily seeking information regarding the clients.

But how will the system be able to provide the necessary information if it cannot recognize the identity of each one?

And how will the platform be able to identify authentic access?

This reality would also make it impossible to select the people who can have access to certain functions within the system in question.

Interesting, isn’t it?! So, I invite you to keep reading this article.

IAM: What Is It?

Based on the concern regarding identity issues, IAM has emerged, which can be understood as Identity and Access Management.

This system makes it possible to manage the most diverse identities and accesses related to company resources.

These resources can be understood as devices, environments, applications, network files, among other possibilities.

In other words, through IAM, it is possible to have optimal management and definition of the activities each user will be able to perform within the system.

These users can be clients, internal employees, third-party workers, or some applications.

One can see that, regardless of the type of user, IAM systems defend the concept that each individual must have their own virtual identity.

Therefore, it must be unique and needs to be monitored based on its life cycle, thus considering its creation, use, and exclusion stages.

From this perspective, the virtual identity presents the username, a password, and the activities carried out virtually.

IAM contains certain application models. One of the most common is the system as a service.

It is called IDaaS (Identity as a Service).

This process occurs when the authentication infrastructure is supported and managed by third parties.

Generally speaking, there are many application models today. However, every IAM system must have:

  • An efficient database to store information from the most diverse users.
  • Tools that provide the ability to enable and disable accounts.
  • Features capable of granting and revoking access rights to users.

In other words, IAM systems can manage digital identities.

The goal is to ensure access permission to users who, in fact, have authorization.

About Version 2 Limited
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.