Business Operations
Business Operations | News, how-tos, features, reviews, and videos
PayPal sued for negligence in data breach that affected 35,000 users
Alleged data breach victims have sued PayPal in federal court for failing to safeguard their personal data, and are asking for class-action certification.
Malicious package flood on PyPI might be sign of new attacks to come
The PyPI package flood is just the latest in a string of attacks on public repositories with the intent to plant malicious code.
EU parliamentary committee says 'no' to EU-US data privacy framework
Progress on ratifying the Trans-Atlantic Data Policy Framework hit a snag, as a parliamentary committee rejected a draft decision to adopt the pact, saying it did not comply with the EU's GDPR privacy regulations.
What CISOs need to know about the renewal of FISA Section 702
Section 702 of the Foreign Intelligence Surveillance Act sets out the rules for the US intelligence community around gathering information abroad—but is it inadvertently being used at home too?
New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
The OSC&R Framework aims to help security professionals better understand and measure software supply chain risk.
US DOJ applies carrot-and-stick approach to Foreign Corrupt Practices Act policy
Corporations (and their CISOs) that discover wrongdoing or corruption within their own business are well-advised to self-report such activities and cooperate with prosecutors. The stakes are high for those who don’t.
US Supreme Court leak investigation highlights weak and ineffective risk management strategy
The court’s inability to find out who leaked the draft decision and how they did it is a cautionary tale for CISOs about safeguarding sensitive information and intellectual property.
US Maritime Administrator to study port crane cybersecurity concerns
Recently passed legislation might have been spurred by supply chain disruption and surveillance concerns enabled by Chinese-made cranes.
The BISO: bringing security to business and business to security
Even the most tech-savvy leaders can use an effective liaison between corporate and cybersecurity—the business information security officer (BISO) bridges communications gaps and acts as a security evangelist and gatekeeper.
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
PyTorch suffers supply chain attack via dependency confusion
A rogue packet on the machine learning framework allowed the attacker to exfiltrate data, including SSH keys.
How acceptable is your acceptable use policy?
If users resent, fear, or ignore policies around the use of corporate resources, it may be time for a different approach that incentivizes rather than punishes.
Software projects face supply chain security risk due to insecure artifact downloads via GitHub Actions
Cybersecurity researchers found risks in the GitHub Actions platform that could enable attackers to inject malicious code into software projects and initiate a supply chain attack.
8 things to consider amid cybersecurity vendor layoffs
Cybersecurity vendor layoffs raise several issues for CISOs and customers, not the least of which are security and risk-related factors. Here are 8 things to consider if your security vendor has announced significant staff cuts.
![Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]](https://images.idgesg.net/images/article/2020/09/lady_justice_statue_with_scales_law_books_legal_liability_risk_regulations_compliance_fairness_by_simpson33_gettyimages-1181406745_2400x1600-100860122-small.3x2.jpg?auto=webp&quality=85,70)
New York-barred attorneys required to complete cybersecurity, privacy, and data protection training
New requirements highlight lawyers’ technical competence duty to meet professional, ethical, and contractual obligations to safeguard client information.
Mondelez and Zurich’s NotPetya cyber-attack insurance settlement leaves behind no legal precedent
Mondelez International and Zurich American Insurance settled a keenly watched lawsuit over how cyberattack insurance applies to intrusions from nation states during wartime. A private agreement, its resolution sheds no light on how...
Enterprises embrace devsecops practices against supply chain attacks
Healthy developer-team culture and adherence to devsecops best practices to protect against supply chain attacks are surprisingly commonplace in today’s security environment, according to a report from Google Cloud's DORA research...
Former Broadcom engineer gets eight months in prison for trade secrets theft
Peter Kisang Kim admitted to stealing Broadcom data related to its Trident family of network switching and cloud networking chipsets, while working for a Chinese startup.