Compliance
Compliance | News, how-tos, features, reviews, and videos
Twitter's mushrooming data breach crisis could prove costly
An apparent data breach potentially impacting hundreds of millions of users could damage Twitter's finances and operations. EU regulators pose the biggest threat to the Elon Musk-owned company.
Meta hit with $413 million fine in EU for breaking GDPR rules
Regulatory wrangling results in a huge new fine over Facebook and Instagram data handling, even as Meta vows to appeal and EU data protection groups prepare for a court battle.
CPRA explained: New California privacy law ramps up restrictions on data use
The California Privacy Rights Act (CPRA) is a new law that toughens some data security requirements, brings California more in line with Europe's General Data Protection Regulation, and creates a new state agency—the California...
European Commission takes step toward approving EU-US data privacy pact
The EU-US Data Privacy Framework—drafted to allow the flow of data between the US and the European Union—has cleared the first hurdle on its way to approval in the EU, but criticism of the pact makes it far from a done deal.
PCI Secure Software Standard version 1.2 sets out new payment security requirements
Changes include the Web Software Module to help payment software vendors and developers identify and implement security controls to protect against attacks.
The Biden administration has racked up a host of cybersecurity accomplishments
The Biden administration’s intense focus on cybersecurity has resulted in an unprecedented number of initiatives. Although domestic efforts seem well-baked, opportunities exist for further leadership in the international arena.
New York-barred attorneys required to complete cybersecurity, privacy, and data protection training
New requirements highlight lawyers’ technical competence duty to meet professional, ethical, and contractual obligations to safeguard client information.
How to prepare for a SOC 2 audit – it’s a big deal, so you’d better get ready
Getting ready for one of the most demanding review processes in cybersecurity can be daunting, but experts say preparing for a SOC 2 audit can be an important part of a well-managed year-round security program.
CISA releases cybersecurity performance goals to reduce risk and impact of adversarial threats
Based on the NIST Cybersecurity Framework, the goals could become the baseline standards for cybersecurity negligence and possible future regulatory requirements.
How Cisco's Cloud Control Framework helps it comply with multiple security standards
Its open-source Cloud Control Framework gives Cisco a common template to meet security standards and regulatory requirements across the globe.
US OMB releases guidance on federal agency software security requirements
The guidance aims to improve the security of software federal agencies use, but expects self-attestation for compliance.
CISA launches incident, ransomware reporting rulemaking RFI
The U.S. Cybersecurity and Infrastructure Security Agency seeks input on a common set of cybersecurity incident reporting regulations.
California bill would tighten privacy protections for minors
The California legislature’s sweeping attempt to ramp up online protections for children covers a lot of ground, but critics say it’s too broad.
Resolving conflicts between security best practices and compliance mandates
Sometimes the latest security best practices don't align with an organization's compliance templates. These are some of the areas where you might need an exception.
5 ways to unite security and compliance
Which comes first, security or compliance? In an ideal world, they work together seamlessly. Here's how to achieve that.
Spate of pending U.S. privacy initiatives could significantly impact businesses
Bolstered by the overturned Roe v. Wade decision, several privacy initiatives could force businesses to review how they process, store, and protect data.
Exostar launches CMMC 2.0-compliant Microsoft 365, other solutions for SMBs
Updates aim to help small- and medium-sized business comply with the U.S. Department of Defense cybersecurity requirements.
U.S. NDAA heads into the home stretch with significant cybersecurity amendments pending
The main defense spending bill might enact the most significant pieces of U.S. cybersecurity legislation this year.