Compliance news, analysis, research, how-to, opinion, and video.

security log monitoring
yahoo headquarters

Cyber security breach attack on monitor with binary code

IT audits must consider the cyber kill chain and much more!

Its not enough to perform an IT audit to achieve compliance alone, Today's threat landscape includes sophisticated APT's, Advanced Persistent Threats, Remote access Trojans and Ransomeware to name a few, In order for an IT audit to...

gottfried leibbrandt ceo swift sibos 2016

Swift CEO reveals three more failed attacks on banking network

Banks stopped three new attempts to abuse the Swift financial transfer network this summer, its CEO Gottfried Leibbrandt said Monday, as he announced Swift's plan to impose tighter security controls on its customers.

rich banker cigar money fire greed

Cybersecurity: is it really a question of when, not if?

Can you imagine your banker saying “it’s not a question of if I lose your money, but when will I lose your money”?

it wasnt me i dont know what unsure

Friend or foe? Bank regulator issues new information security exam procedures

Financial institution regulatory agency issues revised examination handbook that communicates enhanced regulatory expectations on how institutions should better manage cybersecurity risks. Some new and some enhanced requirements will...

02 bank teller

NY regulation aims to raise bank security standards

Next week, New York State will begin a 45-day public comment period on its new financial industry cybersecurity regulation -- and, so far, security experts have a favorable view of the proposal

hpe media gallery image 3

Plan now for the EU's privacy regulation revolution, says HPE exec

The cost of complying with the European Union's General Data Protection Regulation might seem like something best deferred until it enters force in 2018 -- but working on compliance could boost profit, not reduce it, say some vendors....

museum showcase

How to protect your mission-critical information

A new report by the Information Security Forum (ISF) outlines the steps you can take to determine your mission-critical information assets &and create customized plans for protecting them.

stack papers legal documents

CISO Desk Reference Guide

A practical guide for CISOs belongs on the desk of every Chief Information Security Officer and wannabe.

Identity and SDLC

Identity governance and admin: beyond basic access management

IGA solutions go beyond traditional identity management by allowing deep insight into access, providing data owners, auditors, and security teams with valuable information needed for timely management decisions and response.

space launch systems

NASA CIO allows HPE contract's authority to operate to expire

In the wake of continued security problems, NASA's CIO is sending a no-confidence signal to Hewlett Packard Enterprise, which received a $2.5 billion contract in 2011 to address problems with the agency's outdated and insecure...

pixelated clouds reflecting on building windows

Experts challenge Skyhigh's patent for cloud-based encryption gateway

Skyhigh Networks, Inc., announced today that it has received a patent for using a hosted gateway to encrypt and decrypt data moving between users and cloud services such as Office 365, but some experts say that the technology is...

point of sale credit card pci

EMV transition involves many moving parts

There's a lot of finger pointing going around about why the transition is going so slowly, but the bottom line, according to experts, is that the United States has a more complicated infrastructure than other countries and the...

business person holding a briefcase 152121278

Update to risk management framework should be taken seriously

COSO, that same organization that sponsors that internal control framework for Sarbanes-Oxley control compliance, recently issued a long awaited exposure draft update to their Enterprise Risk Management framework. By translating the...

online security hacker

A pen test a day keeps hackers away

Penetration testing has evolved from a nice to have test to a mandatory test, Besides compliance a PEN test will tell you just how secure your organizations data really is. Your network is being scanned and attacked daily, don't wait...

point of sale credit card pci

PCI DSS 3.2: The evolution continues

The payment card industry security standard continues to “evolve” in the word of experts, in minimizing the most obvious risks of breaches and fraud. Merchant groups remain critical of what they see as too much of a “blame game”...

maze complex complexity

Infosec16: keep your cybersecurity strategy simple to win

Infosecurity Europe 2016 highlighted a great variety of emerging cybersecurity threats. Keeping things simple can help CISOs a lot.

01 checklist

SIEM: 14 questions to ask before you buy

Today's SIEM technology boasts more brain power than ever, but many organizations fail to realize its full promise. Here are the key questions you need to ask to ensure the solution you choose will deliver.

twitter cages

Twitter official says 'Automate or die'

At a recent Open Web Application Security Project (OWASP) meetup in San Francisco, Twitter Trust and Info Sec Officer (TISO), Michael Coates put it bluntly, “Automate or Die. This is the biggest thing I stick by in this day and age.”...

Load More