A big earthquake at midnight last night on the Northern end of South Island New Zealand was a major incident with various implications for incident/disaster management. I'd like to pick up on a few security awareness aspects while the incident is fresh in my mind and still playing out on the NZ media as I write this. There is a lot of effort put into preparedness for such events, across the whole country. For instance, the central safety message " Drop, cover, hold " is simple, widely repeated and used consistently in a variety of media and situations. Even the iconic images and colours (lots of black-and-yellow, warning colours with a strong biological basis) are consistent. Schools run classroom teaching on it. Websites and public safety demonstrations repeat it, frequently. There are flyers and leaflets, plus local, regional and national exercises to practice the actions, with extensive media coverage. "Get ready, get thru" is a strong theme. Full marks!  [I ...

We're working hard on the next awareness module concerning privacy, in particular we're exploring the changes coming with GDPR (the EU General Data Protection Regulation ).   Two concepts from article 23 of GDPR caught my beady eye this afternoon: Privacy by design is the idea that privacy should be an integral or inherent part of the design of a new system, service or process, from the outset (as opposed to being tacked-on later, with all the compromises and drawbacks that normally entails); and Privacy by default - where there are options or alternative paths, the ones offering the greatest privacy should be selected automatically unless the user or data subject explicitly chooses otherwise.   It occurs to me that conceptually those are not a million miles from 'secure by design' and 'secure by default', two strategic approaches with substantial benefits for information security as a whole, including most of privacy ... which hints at the intriguing possibi...