Author: Peter Geelen

https://be.linkedin.com/in/pgeelen - Peter Geelen is owner and managing consultant at Quest For Security. Over the years Peter built a strong experience in enterprise security, enterprise architecture, identity and access management, including information protection, cybersecurity, corporate security policies, security hardening and cloud security. Committed to continuous learning, Peter holds renowned security certificates as CCSK, CISSP, CISSP-ISSAP and CISA. Peter is also MCT (Microsoft Certified Trainer), MCSA, MCTS, MCSE:Security,and MCSA:Security, plus ITIL & PRINCE2 foundation certified. Since 2005 his technical focus is Microsoft identity and access solutions: MIIS, ILM, FIM 2010 and MIM 2016 and related platforms like PKI, UAG, ADFS, single sign-on & security solutions,… Peter strives to spend time on helping the Microsoft community both online as offline: - Taking care of Governance and administration of TechNet Wiki: http://aka.ms/wiki - TechNet Wiki Blog: http://aka.ms/wikiblog - Publishing articles and white papers at TN Wiki and TN Gallery: http://aka.ms/pgpage - Founder and community lead of the Belgian Microsoft Security User group (http://www.winsec.be) You can find his personal blog at http://blog.identityunderground.be. MVP Enterprise Mobility (Identity and Access) (2016) former Microsoft MVP on FIM (Forefront Identity Manager) (2008 - 2012) Living in Leuven

Note-to-self: prepping for CSA CCSK v4 upgrade

Note-to-self: extended reprint of a LinkedIn post…

I might have mentioned it already, but if you have passed the CCSK exam before, better logon to your CCSK profile on the CSA website and check if you still have an exam token left.

By default you get 2 tokens each exam registration, so…

If you pass your exam the first time, the “second try” backup token is left unused in your profile.

And (if not yet expired) you can use it to upgrade your CCSK to v4.

Tokens stay valid for 2 years after purchase.

More info: https://ccsk.cloudsecurityalliance.org/en/faq

On that page you can also find the required study material for the exam.

You can download the CCSK v4 prep kit from : https://downloads.cloudsecurityalliance.org/ccsk/CCSKv4_Exam_Preparation_Kit.zip

It’s an online exam and thus open book exam, using the below reference guides.

But realise:  60 questions in 90 minutes still is hard work, so better do some prep work up front to maximize your chances.

Once you pass this one, you can go for the (ISC)² CCSP with more confidence…

Advertisements

#MIM2016 Troubleshooting: SQL Connection issues

On TNWiki you’ll find my latest article on MIM 2016 troubleshooting.

MIM 2016 Troubleshooting: SQL Connection issues

This week I got (dragged into/) involved in a MIM 2016 performance troubleshooting, on a test / dev server, facing a large bunch of errors.

The first detection happened on the sync server, but apparently rather it’s twin brother was causing the issues.

It became pretty quickly obvious that MIM was not able to connect to (one of) it’s databases on the SQL server, so the sync engine was unable to pull information from the MIM service.

Also bizar, we could still work on the MIM sync GUI, but almost any MA action in the GUI failed…

Furthermore the Portal did not respond and finally the “MIM Service” service, didn’t behave as expected, not willing to start.

The event viewer contained the obvious amount of errors…

Finally,  the SQL DBA to the rescue.

I’ve added a lot of significant technical event info into the article, to make it easy to search for you, for later reference.

Read the tech details in: MIM 2016 Troubleshooting: SQL Connection issues

Updated: Useful resources for GDPR starters

ICYMI: Update to Useful resources for GDPR starters

Added:

Vocabulary / Grammar

Do not get confused: European Council vs  Council of the European Union vs Council of Europe

More info at:

 

Full text at: Useful resources for GDPR starters

 

 

Note-to-self: #MIM2016 product feedback

Just in case you want to dump some frustrations or constructive feedback on the MIM 2016 product, eg requests & suggestions for features, you should bookmark this feedback forum:

https://feedback.azure.com/forums/169401-azure-active-directory?category_id=171231

 

Note-to-self: #MIM2016 Strategy and Roadmap

ICMY, a few days ago, Mark Wahl and David Steadman hosted an online session on the Microsoft Identity Manager Strategy and Roadmap (VIR956PAL).

You can watch it over here: https://infopedia.eventbuilder.com/view?eventid=m7e7v6

Over the years, competition and non-believers of Microsoft Identity Management have been advocating it’s death… The phrase is returning now and then, pretty much in sync with the usual MS product lifecycle…

Of course, products and features change, the business is changing… the product is changing..
But the MS team is investing significant effort to keep track of these business requirements.

So, get this:

MIM… is … NOT … dead.

 

 

Note-To-Self: ICYMI, #MIM2016 Support for SQL Always On Availability groups

Based on a recent customer support experience with MIM (migrating from MIM 2016 RTM to SP1 latest hotfix), I ran into a few issues…

They have been documented here:

And also

While investigating the MIM Performance, we bumped into some SQL configuration issues, seriously impacting the MIM performance.
Finally ending up with staging the latest hotfix on MIM… (which is in general always a good idea and best practice).

But, talking the SQL performance, in that troubleshooting exercise another question popped up, again: Always on Availability groups.

And while this has been an issues for long time, the good news is : as of MIM 2016 SP1 (4.4.1459.0 or Later), Always On Availability groups are now supported.

You can find the announcement here: https://blogs.technet.microsoft.com/iamsupport/2017/03/22/microsoft-identity-manager-2016-sp14-4-1459-0-or-later-support-for-sql-2016-always-on-availability-groups/

Strangely enough it’s not mentioned in the KB article for the hotfix: SP1 March 2017 Hotfix (4.4.1459.0),

Still, the page on SQL Server availability solutions for Microsoft Identity Manager services databases, is not mentioning AoA, see here: https://support.microsoft.com/en-us/help/3200896/sql-server-availability-solutions-for-microsoft-identity-manager-servi

So, you need to keep that one in your MIM knowledge backpack.

Useful resources for GDPR starters

I realise, this braindump will never be finished, so come back once in a while to check for updates. Work in progress…

But let’s turn around the thing a bit, you certainly must have smart ideas or articles on GDPR for starters that belong on this list! Let me know and I’ll add it to the list.
Of course, with the proper credits!

DISCLAIMER: These resources are provided / authored by different people, companies, vendors, each of them copyrighted by the original owner.
The resources below are just a collection or interesting documentation, need to have, without any preference or commercial interest for any party.

Table of contents

First of all, before you start with GDPR you must have read the GDPR text.
It’s not as bad (you mean: legalese) as you might suspect.

GDPR official text

You might want to have it a bit more condensed to start.

Vocabulary / Grammar

Do not get confused: European Council vs Council of the European Union vs Council of Europe

More info at:

http://www.caneurope.org/publications/blogs/1295-what-is-the-european-council-or-the-council-of-the-european-union%C2%A0

https://www.coe.int/en/web/about-us/do-not-get-confused

GDPR Table of contents

Once you get through the legal texts… you’ll quickly understand that the GDPR text itself at least lacks 1 important thing: A table of contents (TOC).

This TOC by Intersoft Consulting might help: bookmark https://gdpr-info.eu/

It provides a nice overview of the GDPR Recitals (= reasons the articles of the GDPR have been adopted).

There are 173 recitals, the and the TOC provides a quick topic overview at https://gdpr-info.eu/recitals/.

Also the site provides an overview of the GDPR structure

  • 11 Chapters
  • Sections per chapter
  • 99 Articles (spread over sections / chapters

GDPR Adequacy decisions

Working Party 29

http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:31995L0046

“The composition and purpose of Art. 29 WP was set out in Article 29 of the Data Protection Directive, and it was launched in 1996.”

https://en.wikipedia.org/wiki/Article_29_Data_Protection_Working_Party

The European Data Protection Board (EDPB) will replace the Article 29 Working Party under the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679).

WP29 articles

Newsroom overview: http://ec.europa.eu/newsroom/article29/news.cfm
Guidelines: http://ec.europa.eu/newsroom/article29/news.cfm?item_type=1360

WP 29 Advisory

The Article 29 Working Party Issues Final Guidelines on Data Protection Officers (“DPO”) is available here.

More info

  • Bird & Bird article, explaining
    1. Accountability means that DPO assessments need to be kept up-to-date and can be requested at anytime
    2. No “a la carte” DPO appointments
    3. Big data now an example of ‘regular and systematic monitoring’
    4. Preferably, the DPO should be located within this EU
    5. There can only be one DPO, but supported by a team
    6. Duty to ensure the confidentiality of communications between the DPO and employees
    7. Senior managers including Head of HR, Marketing or IT individuals are barred from serving as the DPO
    8. The GDPR does not prevent the DPO from maintaining records of processing
  • For a redline comparison with the earlier draft, click here.

ISO Standards related to GDPR

ISO29100 (Privacy Framework)

PIA: ISO 29134

http://standards.iso.org/ittf/PubliclyAvailableStandards/c045123_ISO_IEC_29100_2011.zip

ISO27001 (Information Security)

Mandatory ISO27001 documents: ISMS mandatory documentation checklist

Mapping GDPR to ISO27001 schema

Implementing GDPR with ISO27001

https://pecb.com/oldwebinar/26-may-2018-from-gdpr-to-sustainable-gdp

GDPR at a glance

https://www.twobirds.com/~/media/pdfs/gdpr-pdfs/bird–bird–guide-to-the-general-data-protection-regulation.pdf (Credits for Moritz Anders).

Data access request

As published on LinkedIn: The Nightmare Letter: A Subject Access Request under GDPR (By: Constantine Karbaliotis)

You can download the docx Word version in EN (here) and in NL translated version (here).

Useful Tools

Open Source

Monarc – Risk Assessment: http://Monarc.lu

CNIL – DPIA Tool 

CNIL guides for PIA: https://www.cnil.fr/en/PIA-privacy-impact-assessment-en

 

Visualisation sheet

Have a look what Jonas Holdensen has published, a marvelous sheet to provide a visualization on GDPR.

Also he has provided a nice overview on the DPO requirements & tasks under GDPR.

If you prefer the file in pdf or word, then download the file here: www.kortlink.dk/rhpx

GDPR Privacy Courses (work in progress)

Region Provider Course URL
WW IAPP CIPT, CIPP/E, CIPM, https://iapp.org/train/gdprready/
WW PECB PECB Certified Data protection Officer https://pecb.com/en/education-and-certification-for-individuals/gdpr
BE DP Institute Data Protection Officer Certificatie Training https://www.dp-institute.eu/nl/opleidingen/
WW IT Governance GDPR https://www.itgovernance.co.uk/data-protection-dpa-and-eu-data-protection-regulation
WW Cranium GDPR & Privacy

And some more

Legislative background