Compliance news, analysis, research, how-to, opinion, and video.

american justice courtroom gavel legal system law justice flag 000000804982
government columns


China tightens grip over the Internet with new security law

U.S. trade groups are worried that China's security policies could stifle business in the country

Extreme Hacks to Be Paranoid About

Software developers are failing to implement crypto correctly, data reveals

Lack of specialized training for developers and crypto libraries that are too complex lead to widespread encryption failures

worried man

Do security leaders need to worry about the end of the QSA program?

Whether you need to comply with PCI or not, recent changes to the QSA program signal the need for security leaders to engage in two important discussions

caught in trap trapped

Why the dip in healthcare spending is actually a risky opportunity for security leaders

A new report that projects healthcare spending to dip also reveals a hidden risk for security leaders, unless they learn how to navigate it properly

bending over backwards

Agile security lessons from Aetna and the state of Texas

The move to agile development practices poses both challenges and opportunities to security teams -- with the challenges often dominating. But some organizations have found ways to make it work. What is agile security? And how can you...

money game

What a new survey on payment solutions reveals about your security leadership

Insights from a new briefing with some commentary on how it impacts your ability to lead security efforts through the evolving payment ecosystem

mobile payments

Five tips to comply with the new PCI requirements

At the end of June, merchants that accept payment cards have five new security requirements to comply with -- and significant fines and other costs if they don't

cracks in wall

SAFETY Act liability shield starts showing cracks

This week, Salted Hash has examined the Department of Homeland Security's (DHS) SAFETY Act, and FireEye's promise to customers that their certification under the act provides them protection from lawsuits or claims alleging that the...

security protection defending shield soldier battle warrior

FireEye offers new details on customer liability shields under the SAFETY Act

On Friday, Salted Hash explored the announcement from FireEye that their customers now have a liability shield due to being certified by the Department of Homeland Security (DHS) under the SAFETY Act. Now the company has released...

security protection defending shield soldier battle warrior

FireEye customers get liability shield thanks to SAFETY Act

Last week, the Department of Homeland Security (DHS) certified FireEye under the SAFETY Act, providing their customers protection from lawsuits or claims alleging that the products failed to prevent an act of cyber-terrorism.

4 approach

3 experts teach you how to properly scope your PCI assessment

When it comes to PCI, getting your scope right is more important than just getting a cheaper, faster assessment. Learn how to do it right with insights from 3 experts.

pci cloud

A CISO reveals why the cloud is your secret weapon for faster, better, and cheaper PCI audits

Combining cloud with PCI is the recipe Joan Pepin, CISO of SumoLogic, used to achieve compliance faster, cheaper, and better. Here is what she did.

cloud head

Your guide to compliance in the cloud

You can ensure cloud compliance with PCI DSS, HIPAA and other regulatory requirements, but it takes investigation and persistence to get the answers and documentation you need to prove it.


‘Compliance fatigue’ sets in

With compliance frameworks expanding, becoming more complicated and covering more things, some organizations say they are overwhelmed with trying to keep up. Experts are sympathetic, but say the alternative is to increase the risk of...

pci security compliance

Verizon report: Security testing compliance down from last year

Compliance rates between audits increased substantially across all PCI DSS requirements except for security testing, according to a report released Wednesday by Verizon. In particular, the ratio of companies compliant on Requirement...

Detail view of organized medical files    87333166

Anthem accused of avoiding further embarrassment by refusing audit

Anthem Inc., the nation's second largest health insurer, has refused a request for an IT Security audit citing corporate policy. This is the second time the organization has refused an audit request from the Office of Personnel...

box marketing

Box offers customers better data protection with Enterprise Key Management

Box rolled out EKM (Enterprise Key Management) this week to enable business customers to control and manage their own encryption keys.


Report says security breaches don't hurt business

A new report presents evidence that calls commonly held assertions about breaches into question. Here are some key findings with suggestions for discussion.

Load More