{"id":649,"date":"2018-03-14T17:50:26","date_gmt":"2018-03-14T17:50:26","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=649"},"modified":"2020-05-06T10:27:07","modified_gmt":"2020-05-06T17:27:07","slug":"part-4-4-practical-advice-to-network-and-security-operations","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/","title":{"rendered":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance"},"content":{"rendered":"<p>This is the final part of a four-part blog series. Check out Part 1 \u2013\u00a0<a href=\"\/community\/part-1-4-practical-advice-to-network-and-security-operations\/\" target=\"_self\" rel=\"noopener noreferrer\">Introduction<\/a>, Part 2 \u2013\u00a0<a href=\"\/community\/part-2-4-practical-advice-to-network-and-security-operations\/\" target=\"_self\" rel=\"noopener noreferrer\">Architecture Review<\/a>, and Part 3 \u2013\u00a0<a href=\"\/community\/part-3-4-practical-advice-to-network-and-security-operations\/\" target=\"_self\" rel=\"noopener noreferrer\">Security Operations<\/a>.<\/p>\n<h2 id=\"toc-hId--1333279523\">Part 4 &#8211; DDI Data &amp; GDPR<\/h2>\n<p>So is DDI data personal information and hence should be handled according to the GDPR? The short answer is &#8220;it depends&#8221;. If it can be attributed or identified to a data subject, either on its own or in conjunction with other data, then it is within the GDPR.<\/p>\n<p>What would affect a data subject in the context of DDI? Activity from an IP address that can be attributed to an individual. For instance, if an ISP records that a particular public IP is allocated to Jim and Jim uses the ISP&#8217;s DNS servers, then if the ISP logs Jim&#8217;s DNS queries it must get Jim&#8217;s active consent. The DNS queries Jim makes could have an impact on him if exposed; these would show what bank Jim uses, for example.<\/p>\n<p>As the &#8220;controller&#8221; who &#8220;determines the purposes and means of the processing of personal data&#8221; in GDPR terms you are responsible for use of that data, even if you use a third party as a processor. So, you need to conduct a data inventory of the DDI information you hold in order to determine what would fall under the GDPR.<\/p>\n<h3 id=\"toc-hId-2041736991\">Use Cases<\/h3>\n<p>This is easier to consider by example as the GDPR is not clear on this and the boundaries haven\u2019t been tested. Certainly, a MAC address would be identifiable and possibly an IP address in some cases. Below are two examples to assess whether DDI information constitutes personal data under the GDPR. This isn\u2019t legal advice\u2014be sure to consider the circumstances of your particular network and use of data, and seek counsel in determining the application of GDPR to your organization<\/p>\n<p>For a guest wireless network user, you collect the following data:<\/p>\n<ul>\n<li>No traffic is monitored (the network just provides DHCP &amp; DNS caching services + basic firewall and bandwidth).<\/li>\n<li>A device MAC address is only used for the purposes of providing connectivity (via DHCP) and only while connected.<\/li>\n<li>IPs given to users are from RFC1918 address space and any traffic from the guest network is NATed. Hence there is no public IP address that can be identified with an individual.<\/li>\n<li>DNS queries are not logged and hence there is no way to correlate queries to an IP and MAC and hence an individual data subject.<\/li>\n<\/ul>\n<p>This would not appear to fall under GDPR.<\/p>\n<p>For internal DDI for employees you keep the following data:<\/p>\n<ul>\n<li style=\"list-style-type: none;\">\n<ul>\n<li>IP addresses and the IPAM, DNS and DHCP data associated with them.<\/li>\n<li>Username associated with an IP from AD authentication events.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<p>MAC from DHCP.Location (from IPAM).DNS query logs. Your organisation can correlate this with who had what IP address at what time. Historical information for security forensics, e.g. what device had this IP address at what time and what individual is it associated with.<\/p>\n<p>That\u2019s personal! It is okay to capture this data, but your use must be GDPR compliant. You\u2019ll need to state the reasons you keep this data (IT security) and only use the information for this purpose. The DDI data, in this case, should be stored securely and you should be able to selectively delete any archived data. Also, note that data privacy statements may also be required before collection of any personal data.<\/p>\n<h3 id=\"toc-hId--1365726624\">Retaining DNS Query Data<\/h3>\n<p>DNS query data is very useful for network security. In fact, the GDPR states in Article 6 section 1(d) that one of the reasons personal data can be processed is if \u201cprocessing is necessary in order to protect the vital interests of the data subject or of another natural person\u201d. Maintaining a secure network is certainly in everyone\u2019s interests who works within an organisation, and its customers\u2019 interests.<\/p>\n<p>Why keep DNS query data? Let\u2019s take a scenario to help with assessment, security forensics, and notification. This is the \u201cwe don\u2019t know what we don\u2019t know\u201d problem of security evident in the \u201carms race\u201d of security tools vs. vulnerabilities and hacking techniques.<\/p>\n<p>In order to find out what we don\u2019t know DNS can provide some valuable clues and this is one of the reasons for keeping query data. Suppose we do the following:<\/p>\n<ol>\n<li>Capture DNS query logs<\/li>\n<li>Strip out internal domains<\/li>\n<li>Strip out the top public domains (e.g. use Alexa top domains)<\/li>\n<li>Look at the top\/bottom of what&#8217;s left<\/li>\n<\/ol>\n<p>The top of the what remains could be shadow IT or trusted third parties. These can be blocked if the former or added to the top public domains to ignore in the report if it is the latter. Working from the bottom up of what remains may lead you to think \u201cWhy are my employees resolving queries for .ru when we have no customers nor business partners there\u2014is this malware?\u201d. At this point you hopefully have authoritative DDI data to find out the \u201cwho?\u201d within your organisation, the threat intelligence to assess\/prioritise and then you can ask the person the \u201cwhy?\u201d. You may even block\/redirect the domain and see who shouts or what appears in your honeypot. If the query is for a malicious domain name having historical query logs will help determine other devices that have also attempted the same query.<\/p>\n<p>This may be personal data and hence cannot be kept indefinitely unless pseudonymised (relaxed GDPR requirements) or anonymised (outside the scope of GDPR). Remember you can keep data for a legitimate use and only use it for that specific purpose, as outlined in the GDPR. You should though be prepared for selective deletion.<\/p>\n<p>Is this scenario valid? In short yes, security vendors use what is known as passive DNS data for research purposes. For use within an organisation it is a clue to help keep up with the arms race and watch out for the unknown.<\/p>\n<h2 id=\"toc-hId-1329231520\">DDI Data Checklist<\/h2>\n<p>This is a checklist for the DDI data your organisation keeps:<\/p>\n<ul>\n<li>Data inventory\n<ul>\n<li>Review DDI data as part of your GDPR data inventory process.<\/li>\n<li>What is personal on its own or in combination with other data managed by your organisation?<\/li>\n<\/ul>\n<\/li>\n<li>Policy for DDI data\n<ul>\n<li>Issue data privacy statements before collection of personal data, where applicable.<\/li>\n<li>Data retained (and only used) for network security purposes<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2 id=\"toc-hId--2078232095\">Summary<\/h2>\n<p>Returning to the Forrester report titled &#8220;<a href=\"https:\/\/www.forrester.com\/report\/Brief+You+Need+An+Action+Plan+For+The+GDPR\/-\/E-RES136242\" target=\"_self\" rel=\"nofollow noopener noreferrer\">You Need An Action Plan for The GDPR<\/a>&#8221;\u00a0and what we know based on experience and our problem domain, here is a summary under three of their five core rules requiring attention.<\/p>\n<p><strong>#2 \u201cThe Data Breach Notification requirement will be a game-changer\u201d<\/strong><\/p>\n<p>Incident response is more critical and difficult, there is also an increase in urgency. Better foundational information about \u201cwhat?\u201d, \u201cwho?\u201d, and \u201cwhere?\u201d on the network, management processes and automation based on DDI will help. This is not only to assist with any assessment, but as a part of mitigating any risk of a breach in the first place.<\/p>\n<p>Using threat intelligence data and tools will help network security, whether this is deployed on a DNS choke point, firewalls, web proxies or email relays. The same data can be used to help security assessment, whether this is manual or automated, and in responding appropriately within 72 hours.<\/p>\n<p><strong>#3 \u201cPrivacy-by-design will be the biggest challenge to address\u201d<\/strong><\/p>\n<p><strong>#5 \u201cProviding evidence of risk mitigation counts as much as securing data\u201d<\/strong><\/p>\n<p>Perform an architecture review and take a risk-based decision on how you will secure the known risks around DNS. Network communication, including malware, starts with DNS.<\/p>\n<p>Consider whether automated compliance checking against standards such as PCI will help demonstrate \u201cstate of the art\u201d as the GDPR terms it and provide the audit records to show privacy is built in by design and by default.<\/p>\n<p>Questions or comments? Want Infoblox to\u00a0<a href=\"https:\/\/www.infoblox.com\/company\/contact\/?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_self\" rel=\"nofollow noopener noreferrer\">help<\/a>\u00a0with assessing your\u00a0<a href=\"https:\/\/www.infoblox.com\/products\/secure-dns\/?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_self\" rel=\"nofollow noopener noreferrer\">DNS security<\/a>?<\/p>\n<h2 id=\"toc-hId--1190728414\">References<\/h2>\n<p>1 &#8211; <a href=\"https:\/\/www.forrester.com\/report\/Brief+You+Need+An+Action+Plan+For+The+GDPR\/-\/E-RES136242\">Forrester Report &#8211; You Need An Action Plan for The GDPR by Enza Iannopollo<\/a><\/p>\n<p>2 &#8211; <a href=\"\/security\/podcast-cricket-liu-and-paul-vixie-take-a-deeper-dive-on-dns-and\">Cricket Liu and Paul Vixie Take a Deeper Dive on DNS and RPZ <\/a><\/p>\n<p>3 &#8211; <a href=\"https:\/\/lnkd.in\/gYjWPFA\">\u201cDelivering on the Promise of Modern Data Centers: A focus on DNS and IPv6\u201d by Tom Coffeen<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is the final part of a four-part blog series. Check out Part 1 \u2013\u00a0Introduction, Part 2 \u2013\u00a0Architecture Review, and Part 3 \u2013\u00a0Security Operations. Part 4 &#8211; DDI Data &amp; GDPR So is DDI data personal information and hence should be handled according to the GDPR? The short answer is &#8220;it depends&#8221;. If it can [&hellip;]<\/p>\n","protected":false},"author":213,"featured_media":590,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[3],"tags":[28,43,15],"class_list":{"0":"post-649","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-community","8":"tag-ddi","9":"tag-gdpr","10":"tag-security","11":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance<\/title>\n<meta name=\"description\" content=\"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance\" \/>\n<meta property=\"og:description\" content=\"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-14T17:50:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-05-06T17:27:07+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"413\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jim Mozley\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jim Mozley\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/\"},\"author\":{\"name\":\"Jim Mozley\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/0b615219b32a2c6209c9028af8b9ea10\"},\"headline\":\"[Part 4\\\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance\",\"datePublished\":\"2018-03-14T17:50:26+00:00\",\"dateModified\":\"2020-05-06T17:27:07+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/\"},\"wordCount\":1363,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"keywords\":[\"DDI\",\"GDPR\",\"Security\"],\"articleSection\":[\"Community\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/\",\"name\":\"[Part 4\\\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"datePublished\":\"2018-03-14T17:50:26+00:00\",\"dateModified\":\"2020-05-06T17:27:07+00:00\",\"description\":\"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/good-hygiene-securing-dns.jpeg\",\"width\":600,\"height\":413},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/community\\\/part-4-4-practical-advice-to-network-and-security-operations\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Community\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/community\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"[Part 4\\\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/0b615219b32a2c6209c9028af8b9ea10\",\"name\":\"Jim Mozley\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_213_1744659534-96x96.jpg\",\"url\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_213_1744659534-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/blogs.infoblox.com\\\/wp-content\\\/uploads\\\/avatar_user_213_1744659534-96x96.jpg\",\"caption\":\"Jim Mozley\"},\"description\":\"Jim Mozley has managed TLD and Protective DNS services that are part of the UK Critical National Infrastructure and TLDs for major global tech companies and brands. Jim has a long history with DNS (and DHCP &amp; IP Address Management), working with customers on implementation, migrations, education, bespoke development, integration, and DNS related threat intelligence. In his current role, Jim works on supporting customers in the intersection of security, regulatory compliance and technical standards. He truly believes that it always starts with DNS and Jim is passionate about using it as a foundational layer of network security. It might be the firewall, but it\u2019s probably DNS.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/jim-mozley\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance","description":"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/","og_locale":"en_US","og_type":"article","og_title":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance","og_description":"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.","og_url":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/","og_site_name":"Infoblox Blog","article_published_time":"2018-03-14T17:50:26+00:00","article_modified_time":"2020-05-06T17:27:07+00:00","og_image":[{"width":600,"height":413,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","type":"image\/jpeg"}],"author":"Jim Mozley","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Jim Mozley","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/"},"author":{"name":"Jim Mozley","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/0b615219b32a2c6209c9028af8b9ea10"},"headline":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance","datePublished":"2018-03-14T17:50:26+00:00","dateModified":"2020-05-06T17:27:07+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/"},"wordCount":1363,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","keywords":["DDI","GDPR","Security"],"articleSection":["Community"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/","url":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/","name":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","datePublished":"2018-03-14T17:50:26+00:00","dateModified":"2020-05-06T17:27:07+00:00","description":"This is the final part of a four-part blog series. Check out Part 1 \u2013 Introduction, Part 2 \u2013 Architecture Review, and Part 3 \u2013 Security Operations.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/good-hygiene-securing-dns.jpeg","width":600,"height":413},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/community\/part-4-4-practical-advice-to-network-and-security-operations\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Community","item":"https:\/\/www.infoblox.com\/blog\/category\/community\/"},{"@type":"ListItem","position":3,"name":"[Part 4\/4] Practical Advice to Network and Security Operations Pros Regarding GDPR Compliance"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/0b615219b32a2c6209c9028af8b9ea10","name":"Jim Mozley","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_213_1744659534-96x96.jpg","url":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_213_1744659534-96x96.jpg","contentUrl":"https:\/\/blogs.infoblox.com\/wp-content\/uploads\/avatar_user_213_1744659534-96x96.jpg","caption":"Jim Mozley"},"description":"Jim Mozley has managed TLD and Protective DNS services that are part of the UK Critical National Infrastructure and TLDs for major global tech companies and brands. Jim has a long history with DNS (and DHCP &amp; IP Address Management), working with customers on implementation, migrations, education, bespoke development, integration, and DNS related threat intelligence. In his current role, Jim works on supporting customers in the intersection of security, regulatory compliance and technical standards. He truly believes that it always starts with DNS and Jim is passionate about using it as a foundational layer of network security. It might be the firewall, but it\u2019s probably DNS.","url":"https:\/\/www.infoblox.com\/blog\/author\/jim-mozley\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/649","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/213"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=649"}],"version-history":[{"count":4,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/649\/revisions"}],"predecessor-version":[{"id":1548,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/649\/revisions\/1548"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/590"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=649"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=649"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=649"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}