Compliance

Compliance news, analysis, research, how-to, opinion, and video.

cloud security

Why does cloud need elastic PAM?

Privilege Access Management has been a difficult but an important problem to solve. Doing the same on the Cloud has its own set of unique challenges which traditional PAM solutions cannot solve for. The article outlines the Cloud's...

us eu flag

GDPR: Do you provide goods or services in the EU?

The General Data Protection Regulation applies to all organizations that provide goods and services to people in the EU. The risk of not complying may result in fines up to 4% of your organization’s global revenues.

NAIC Summer 2017 Cybersecurity Working Group

Mandating privacy safeguards for the insurance sector

Insurance applications – privacy requirements ahead.

disaster recovery plan ts

How to make your disaster recovery GDPR compliant

With GDPR coming into effect on 25 May 2018, it's costing businesses significant time and money to ensure compliance with the new regulations. But when it comes to your IT have you really covered all bases? Have you thought about your...

The modern guide to staying safe online

5 reasons to take a fresh look at your security policy

Evolving ransomware and DDoS attacks, new technology such as IoT, and changing user behavior are all good reasons to revise your security policy.

negotiating contracts ts

Know the 'real' price of vendor contracts

Although many vendor engagements result in close working relationships, the age of predatory vendors is upon us. What can you do to avoid them?

coal power station

Critical Infrastructure Protection (CIP): Security problems exist despite compliance

CIP is just one of 14 mandatory NERC standards that are subject to enforcement in the U.S. However, it gets a good deal of attention because this regulation is centered around the cybersecurity of assets deemed to be critical to the...

Stack of legal documents with compliance and regulatory stamp

What are the GDPR requirements?

Here’s how the General Data Protection Regulation (GDPR) will change how companies process, store and secure EU customer data.

boy slingshot threat

‘Sometimes it is necessary to bend the rules a bit’

A recent survey asked employees why they didn’t follow the rules and much of the response sounded a bit like a child answering their parent. They might have been bored or there were too many rules to deal with.

Few firms will be ready for new European breach disclosure rules, fines

The new European General Data Protection Regulation goes into effect next May, with onerous notification requirements and high penalties, but a year might not be enough for firms to get ready

data protection
Infographic

GDPR requirements raise the global data protection stakes

New European Union data protection rules go into effect in 2018. Will you be ready?

controlling privacy

What Pepsi's failed ad can teach us about data privacy

Better design and planning would have prevented the Pepsi ad debacle. Those principles will also help information security teams provide better data privacy.

employees technology planning data [Computerworld, January-February 2017 - HR IT]

Cyber Resilience 2.0, now shipping

The heads of IT security gathered at a recent Think Tank and agreed on a next generation definition of cyber resilience.

owasp

Latest OWASP Top 10 looks at APIs, web apps

The new release of the OWASP Top 10 list is out from the Open Web Application Security Project, and while most of it remains the same there are a couple of new additions, focusing on protections for web applications and APIs

owasp

Contrast Security responds to OWASP Top 10 controversy

Contrast Security has addressed the recent backlash over section A7 of the OWASP Top 10 list for 2017. The company issued a statement on the matter after industry professionals suggested the A7 addition was an example of a vendor...

trump govt employees twitter

We're all responsible for combating fake news

In the darkness of fake news and phishing, it’s our job to shed a little light and equip employees with the skills to navigate treacherous waters.

statue of liberty

Expert: NY breach report highlights third-party risk

New York reported a record high number of breaches last year, just after a new set of cybersecurity regulations went into effect in the state.

10 phishing

How to avoid falling for the W-2 phishing scam

The W-2 scam provides another example of how a security awareness program that adapts to trending threats has an advantage over a one-size-fits-all plan.

Code of Federal Regulations

Updates that simplify NIST certifications

A road map that reduces time and resources required across multiple frameworks and regulations.

times square new york

New financial regulations go into effect in New York

On March 1, new regulations go into effect in New York State, requiring that all regulated financial services institutions have a cybersecurity program in place, appoint a Chief Information Security Officer, and monitor the...

Load More