John Kyriazoglou


Wired Workplace

Technology Abuse in the Wired Workplace


Inspired by ancient Greek Wisdom


By John Kyriazoglou

Liability risks, productivity losses, service shutdowns, financial losses, brand and reputational damage, customer data and personal data breaches and large security gaps, to state only a few of the after-effects of intrusions are causing many board directors and managers to wonder what kind of ‘Pandora’s box’ they opened when their companies and organizations entered the electronic age by connecting to the Internet and carrying out their operations primarily via the Web and other e-Commerce platforms and applications.

In ancient Greek mythology, the story of ‘Pandora’s Box’ goes like this: ‘Pandora (Greek for ‘all-gifted’) was the first woman on earth. Zeus (the master of gods) ordered Hephaistus, the god of craftsmanship, to create her and he did it, using water and earth. The gods endowed her with many talents: Aphrodite gave her beauty, Apollo music, Hermes persuasion, and so forth. Hence her name: Pandora, ‘all-gifted’. When Prometheus (ancient Greek for ‘Forethought’) stole fire from heaven, Zeus took vengeance by presenting Pandora to Epimetheus (ancient Greek for ‘Afterthought’), Prometheus' brother. With her, Pandora had a jar which she was not to open under any circumstance. Impelled by her natural curiosity, Pandora opened the jar, and all evil contained escaped and spread over the earth. She hastened to close the lid, but the whole contents of the jar had escaped, except for one thing which lay at the bottom, and that was Hope’.

Full details are available, at:





So we see that up to this day, whatever evils are upon us, hope never entirely leaves us; and while we have that, no amount of other ills can make us completely wretched.


I think the meaning of this story is that we have to manage technology and its impact (contained in Pandora’s jar) in all aspects of our personal and business life to benefit, as much as possible, the greater society2.


Coming back to the central issue of ‘how to manage these impacts better while gaining the benefits of the Internet technology’, the questions are:


Is the company making best use of IT systems, personnel and resources?


Are corporate managers prepared for both the tremendous responsibility and liability this places on both the board and the IT department?


Has the company implemented the best business management and IT controls to mitigate the intrusion and other risks while managing the debilitating effects of hacking and avoiding the huge fines imposed by the regulatory authorities on personal data and other breaches?



Full details are available, at:



GDPR and Data Privacy Protection and Security Mehanisms

GDPR and Data Privacy Protection and Security Mechanisms 


By John Kyriazoglou


1. Description of the GDPR


The EU General Data Protection Regulation (GDPR) 

(Regulation (EU) 2016/679) is a regulation by which the European Commission intends to strengthen and unify data protection for individuals within the European Union (EU).

More details at:

It also addresses export of personal data outside the EU. The Commission's primary objectives of the GDPR are to give citizens back the control of their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.


When the GDPR takes effect, it will replace the official Directive 95/46/EC from 1995. The regulation was adopted on 27 April 2016. It enters into force 25 May 2018 after a two-year transition period and, unlike a directive, it does not require any enabling legislation to be passed by local (national) governments.


2. Security Measures and Controls

The GDPR requests (see articles 32 to 34 and recitals 39, 49, 52, 53, 71, 73, 75, 78, 81, 83, 85 to 88, 91 and 94) the company controller and the processor engaged in collecting, processing, storing and transferring personal data to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk and establish a uniform data breach notification requirement to inform, within defined time limits,  both the data protection authority as well as the data subject involved, in the event of a data breach leading to the loss, access or disclosure of personal data, etc.

The following controls, methods and techniques may be utilized for the analysis, design, implementation, assessment and evaluation of your threat strategy and measures required to protect the personal data and other valuable IT assets, in any type of organization.


More details at: