Compliance

How a digital design firm navigated its SOC 2 audit

L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits.

By Alex Levin

28 Nov 202311 mins

CertificationsCompliance

Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements

By Michael Hill

03 Oct 20234 mins

RegulationComplianceVulnerabilities

Articles

TrustCloud adds new tools to automate GRC frameworks

The suite of new capabilities includes framework customization with AI, new APIs, and evidence-collection integrations.

By Shweta Sharma

06 Jul 2023 3 mins

IT Governance FrameworksIT Governance FrameworksIT Governance

Resilience at the core of the current and future Biden administration cybersecurity plans

The Biden administration's cybersecurity initiatives broadly aim to improve cybersecurity resilience, with recent regulations and other actions designed to foster a "defensible, resilient ecosystem."

By Cynthia Brumfield

05 Jul 2023 7 mins

GovernmentCompliance

No consensus on creating a unified US cyber incident reporting framework

Comments submitted to CISA regarding its creation of cyber incident and ransom payment reporting requirements underscore how tough it will be for the agency to create a one-size-fits-all framework.

By Cynthia Brumfield

29 Jun 2023 10 mins

RegulationRegulationRegulation

Vanta adds new SaaS capability to address growing concerns over vendor security

Vanta’s new offering aims to help customers streamline third-party security with automated workflows for vendor security reviews and compliance.

By Shweta Sharma

03 May 2023 3 mins

ComplianceRisk ManagementVendor Management

Battle could be brewing over new FCC data breach reporting rules

An expanded data breach definition and the telcos’ desire to link notifications to “concrete harm” are among the most controversial aspects of the proposed FCC data breach reporting rules.

By Cynthia Brumfield

11 Apr 2023 8 mins

RegulationData BreachCompliance

Obsidian launches new SaaS security and compliance tools

Obsidian’s multimodule security posture management offering comes with tools to secure SaaS interactions and ensure associated compliances.

By Shweta Sharma

05 Apr 2023 4 mins

ComplianceRisk ManagementSaaS

Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation.

By Jon Gold

04 Apr 2023 3 mins

RegulationData PrivacyCompliance

Software liability reform is liable to push us off a cliff

Regulatory mandates for software security like those in the Biden Administration's National Cybersecurity Strategy could cause more problems than they solve.

By Andy Ellis

02 Mar 2023 6 mins

Application SecurityComplianceOpen Source

At least one open source vulnerability found in 84% of code bases: Report

Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

By Apurva Venkat

23 Feb 2023 4 mins

ComplianceOpen SourceVulnerabilities

DNA Diagnostic Center fined $400,000 for 2021 data breach

The DNA testing lab said it was not even aware that the legacy databases existed in its systems at the time of the breach.

By Apurva Venkat

21 Feb 2023 4 mins

Data BreachCompliance

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Digital forensics and incident response teams face increasing workloads amid evolving cyberattacks, recruiting and hiring challenges, and a lack of effective automation.

By Michael Hill

16 Feb 2023 5 mins

Incident ResponseInvestigation and ForensicsCompliance

DLA Piper’s GDPR and Data Breach survey shows a 50% increase in fines in the last 12 months. Data protection authorities turning their focus to artificial intelligence.

By Michael Hill

17 Jan 2023 4 mins

RegulationData PrivacyCompliance