Compliance

Compliance news, analysis, research, how-to, opinion, and video.

FTC website
oversharing

pci security compliance

Application security needs to be shored up now

In this first of a three-part series, we will explore the connection between PCI and application security. Parts 2 and 3 will detail how to ensure PCI compliance for all things application security.

locks

DRM could be making a comeback in the enterprise

Digital rights management might be coming back to the enterprise, experts say, as long as usability issues don't get in the way.

bank cloud

Banks balance security and workflow when encrypting in the cloud

When financial institutions store data in the cloud, they use different kinds of encryption depending on security and workflow requirements, according to a new report from CipherCloud.

japan location

Researchers improve de-anonymization attacks for websites hiding on Tor

Attackers controlling entry nodes on the Tor network could find the location of hidden services or unmask users visiting them

american justice courtroom gavel legal system law justice flag

FTC sues identity protection service LifeLock again

Identity protection service LifeLock said Tuesday it is prepared to go to court after the U.S. Federal Trade Commission filed a fresh lawsuit alleging the company has failed to protect its users' data and deceptively advertises its...

government columns

Regulators seek to limit security software exports

The comment period on Wassenaar ends next Monday, and the rules, as written, would severely restrict international sales, deployment, research and even discussion of cybersecurity tools and exploits, experts say.

beijing

China tightens grip over the Internet with new security law

U.S. trade groups are worried that China's security policies could stifle business in the country

Extreme Hacks to Be Paranoid About

Software developers are failing to implement crypto correctly, data reveals

Lack of specialized training for developers and crypto libraries that are too complex lead to widespread encryption failures

worried man

Do security leaders need to worry about the end of the QSA program?

Whether you need to comply with PCI or not, recent changes to the QSA program signal the need for security leaders to engage in two important discussions

caught in trap trapped

Why the dip in healthcare spending is actually a risky opportunity for security leaders

A new report that projects healthcare spending to dip also reveals a hidden risk for security leaders, unless they learn how to navigate it properly

bending over backwards

Agile security lessons from Aetna and the state of Texas

The move to agile development practices poses both challenges and opportunities to security teams -- with the challenges often dominating. But some organizations have found ways to make it work. What is agile security? And how can you...

money game

What a new survey on payment solutions reveals about your security leadership

Insights from a new briefing with some commentary on how it impacts your ability to lead security efforts through the evolving payment ecosystem

mobile payments

Five tips to comply with the new PCI requirements

At the end of June, merchants that accept payment cards have five new security requirements to comply with -- and significant fines and other costs if they don't

cracks in wall

SAFETY Act liability shield starts showing cracks

This week, Salted Hash has examined the Department of Homeland Security's (DHS) SAFETY Act, and FireEye's promise to customers that their certification under the act provides them protection from lawsuits or claims alleging that the...

security protection defending shield soldier battle warrior

FireEye offers new details on customer liability shields under the SAFETY Act

On Friday, Salted Hash explored the announcement from FireEye that their customers now have a liability shield due to being certified by the Department of Homeland Security (DHS) under the SAFETY Act. Now the company has released...

security protection defending shield soldier battle warrior

FireEye customers get liability shield thanks to SAFETY Act

Last week, the Department of Homeland Security (DHS) certified FireEye under the SAFETY Act, providing their customers protection from lawsuits or claims alleging that the products failed to prevent an act of cyber-terrorism.

4 approach

3 experts teach you how to properly scope your PCI assessment

When it comes to PCI, getting your scope right is more important than just getting a cheaper, faster assessment. Learn how to do it right with insights from 3 experts.

pci cloud

A CISO reveals why the cloud is your secret weapon for faster, better, and cheaper PCI audits

Combining cloud with PCI is the recipe Joan Pepin, CISO of SumoLogic, used to achieve compliance faster, cheaper, and better. Here is what she did.

Load More