Compliance

Compliance | News, how-tos, features, reviews, and videos

medical data accessed via tablet / healthcare IoT monitoring
United States Capitol building / United States Congress / abstract security concept

power plant utilities energy innovation industrial iot american public power association unsplash

US bulk energy providers must now report attempted breaches

US bulk energy providers must now report attempted breaches as well as successful breaches. Guidance is murky over what constitutes an "attempted" breach.

CCPA | California Consumer Privacy Act  >  Satellite view of California's network of lights / lock

CPRA explained: New California privacy law ramps up restrictions on data use

The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...

digital fingerprint / binary code

Privacy, data protection regulations clamp down on biometrics use

The highly sensitive nature of biometric data and new regulations aimed to protect it are cause to rethink how it's used for authentication.

ethical ai artificial intelligence algorithms

New AI privacy, security regulations likely coming with pending federal, state bills

CISOs should prepare for new requirements to protect data collected for and generated by artificial intelligence algorithms.

risk assessment - safety analysis - security audit

EU's DORA regulation explained: New risk management requirements for financial firms

The proposed Digital Operational Resilience Act includes new incident response and third-party risk requirements for financial firms operating within the EU. Passage is expected, so plan now.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

Defining data protection standards could be a hot topic in state legislation in 2021

Some states could follow the New York Shield Act’s lead and set clearer regulatory expectations for reasonable cybersecurity. Election security legislation likely not on the agenda.

California Consumer Privacy Act  / CCPA  >  State flag superimposed on map and satellite view

Passage of California privacy act could spur similar new regulations in other states

Voters approved the California Privacy Rights and Enforcement Act (CPRA), which in part limits how organizations can use personal data. Legal experts expect other states to follow suit.

Ransomware  >  A masked criminal ransoms data for payment.

US Treasury Department ban on ransomware payments puts victims in tough position

The Treasury Department's advisory warns companies not to pay ransoms to sanctioned entities. The move complicates ransomware incident response and might encourage insurance carriers to drop ransomware coverage.

Data breach  >  open padlock allowing illicit streaming data collection

Avoiding the snags and snares in data breach reporting: What CISOs need to know

Ambiguities in a growing list of US reporting requirements keep CISOs up at night: Will they be compelled to report every breach even if they can prove the data was untouched? Experts advise on how to avoid trouble.

The open jaws of a spring trap lie in wait. [danger / risk]

Uber breach case a ‘watershed moment’ for CISOs’ liability risk

An upcoming case to determine whether the former Uber CSO failed to report a breach puts the legal liabilities of being a CISO in the spotlight. CISOs have a few options to minimize that risk.

A virtual checkmark in digital system / standards / quality control / certification / certificates

CMMC bakes security into DoD’s supply chain, has value for all businesses

The Cybersecurity Maturity Model Certification provides a means for the DoD to certify the security capabilities of its contractors, but it's a good way to assess the cybersecurity maturity for all companies.

Encryption  >  Encrypted data / hexadecimal code

Homomorphic encryption: Deriving analytics and insights from encrypted data

Homomorphic encryption allows safe outsourcing of storage of computation on sensitive data to the cloud, but there are trade-offs with performance, protection and utility.

cloud security expert casb binary cloud computing cloud security by metamorworks getty

With cloud's security benefits comes systemic risks, report finds

A new report from the Carnegie Endowment for International Peace seeks to give law and policy makers a better understanding of cloud security risks.

A network of security components overlays a credit card payment made by laptop user.

PCI compliance: 4 steps to properly scope a PCI assessment

Although it might sound straightforward, scoping a PCI assessment can be a challenge even for experienced organizations. Experts offer their best advice for avoiding PCI missteps.

United States-United Kingdom flags with binary data flow under a magnifying lens.

What the end of Privacy Shield, Brexit mean for UK-US data flows

The fall of US data agreement further complicates the post-Brexit data situation for many companies.

GDPR / data privacy / protection

EU court invalidates Privacy Shield data transfer agreement

US companies receiving EU personal data under Privacy Shield will need to find a replacement legal mechanism, and the decision could affect data protection policies and procedures.

power plant utilities energy innovation industrial iot american public power association unsplash

New DOE document names China, Russia as threats to US bulk power system

A US Department of Energy RFI seeks information on energy industry's supply chain security practices following executive order to develop industry regulations.

backdoor / abstract security circuits, locks and data blocks

New Republican bill latest in long line to force encryption backdoors

Here we go again. Senate Republicans push a new bill to mandate "lawful access" to encrypted devices and data. It won't end until law enforcement has better cyber forensics capabilities.

Load More
You Might Also Like