Compliance news, analysis, research, how-to, opinion, and video.

top 6 GRC certifications - intro title
security threat ninja hacker hacked

idg treglia article image 270586172

Compliant does not equal protected: our false sense of security

Having regulatory compliance laws in place helps hold organizations accountable and clearly places the onus on organizations to protect the sensitive data they store. So, with regulatory compliance standards in place, does this...

window washing transparent

Microsoft details takedown requests in expanded transparency report

Microsoft released its latest statistics on government requests for users' data on Wednesday, including a new report on requests to have information taken down from the company's services.

expiration date can

Expired certificates cost businesses $15 million per outage

The average global 5,000 company spends about $15 million to recover from the loss of business due to a certificate outage -- and faces another $25 million in potential compliance impact

threatening clouds

Doing tokenization and cloud computing the PCI way

In our previous 2 parts to this article, we discussed various aspects of application security and PCI compliance. We conclude our series with a discussion of tokenization and cloud computing, and how to do it to make your PCI QSA...

Citibank credit card with an EMV chip

Debit cards lag credit cards in EMV migration, putting banks at risk

Three times as many credit cards will be chip-enabled by the end of the year as debit cards, making the slower banks bigger targets for cybercriminals.

credit cards

EMV transition will still leave security gaps

This October, US merchants and payment providers are scheduled to switch to new, more secure, chip-based payments. But financial transactions aren't going to become safer overnight, since the majority of merchants are still not ready...

FTC website

Court: FTC can take action on corporate data breaches

The US Court of Appeals has ruled that the FTC mandate to protect consumers against fraudulent, deceptive and unfair business practices extends to oversight of corporate cybersecurity efforts -- and lapses. But security experts are...


Cyber sharing bill shares too much, critics say

There is general agreement between industry and government that sharing cyber threat information could improve defenses against ever-escalating and more sophisticated attacks. But critics of this year’s proposed legislation say it has...

pci security compliance

Application security needs to be shored up now

In this first of a three-part series, we will explore the connection between PCI and application security. Parts 2 and 3 will detail how to ensure PCI compliance for all things application security.


DRM could be making a comeback in the enterprise

Digital rights management might be coming back to the enterprise, experts say, as long as usability issues don't get in the way.

bank cloud

Banks balance security and workflow when encrypting in the cloud

When financial institutions store data in the cloud, they use different kinds of encryption depending on security and workflow requirements, according to a new report from CipherCloud.

japan location

Researchers improve de-anonymization attacks for websites hiding on Tor

Attackers controlling entry nodes on the Tor network could find the location of hidden services or unmask users visiting them

american justice courtroom gavel legal system law justice flag

FTC sues identity protection service LifeLock again

Identity protection service LifeLock said Tuesday it is prepared to go to court after the U.S. Federal Trade Commission filed a fresh lawsuit alleging the company has failed to protect its users' data and deceptively advertises its...

government columns

Regulators seek to limit security software exports

The comment period on Wassenaar ends next Monday, and the rules, as written, would severely restrict international sales, deployment, research and even discussion of cybersecurity tools and exploits, experts say.


China tightens grip over the Internet with new security law

U.S. trade groups are worried that China's security policies could stifle business in the country

Extreme Hacks to Be Paranoid About

Software developers are failing to implement crypto correctly, data reveals

Lack of specialized training for developers and crypto libraries that are too complex lead to widespread encryption failures

worried man

Do security leaders need to worry about the end of the QSA program?

Whether you need to comply with PCI or not, recent changes to the QSA program signal the need for security leaders to engage in two important discussions

caught in trap trapped

Why the dip in healthcare spending is actually a risky opportunity for security leaders

A new report that projects healthcare spending to dip also reveals a hidden risk for security leaders, unless they learn how to navigate it properly

Load More