IT Operations

IT Operations | News, how-tos, features, reviews, and videos

A gavel rests on open law book. [law / regulation / compliance / legal liability]
Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

iot security startups hot highlights planets rocket lock security

12 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

A binary eye sits within the center of a targeted virtual framework.

Proposed bill would create a new federal agency to protect consumer data

The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST defines "critical software" with a broad range of security functions

The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.

Ransomware  >  A masked criminal ransoms data for payment.

Four states propose laws to ban ransomware payments

Some state legislatures are debating bills that could limit or ban ransom payments. A better option, experts say, is mandatory reporting of ransomware attacks.

API security alerts displayed on monitors amid binary code / application security

Government-mandated SBOMs to throw light on software supply chain security

The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.

hsm shredder

IT asset disposal is a security risk CISOs need to take seriously

Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.

United States Capitol building / United States Congress / abstract security concept

US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks

Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.

supply chain management controls - ERP - Enterprise Resource Planning

GAO calls out US government agencies: Get your supply chain security act together

The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.

A virtual checkmark in digital system / standards / quality control / certification / certificates

HITRUST explained: One framework to rule them all

HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.

data pipeline primary

TSA’s pipeline cybersecurity directive is just a first step experts say

The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.

President Joe Biden delivers remarks about the Colonial Pipeline hack. [Washington / 2021.05.13]

Biden administration releases ambitious cybersecurity executive order

Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.

power plant utilities energy innovation industrial iot american public power association unsplash

Biden administration releases 100-day plan to address electric system cybersecurity risks

The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.

Unitd States cybersecurity   >   U.S. flag with a digital network of locks instead of stars

Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past

President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks

Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.

Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]

Virginia data protection bill signed into law

The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.

audit binary compliance magnifying glass investigate

5 ways to combat audit fatigue

The growing number of audits for security and privacy regulatory compliance is stressing security personnel and draining resources from security operations. Here's how to better manage them.

healthcare data breach / medical patient privacy security violation

The HITECH Act explained: Definition, compliance, and violations

The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...

A hand reaches to activate controls marked with gear icons [ process / update / fix / automate ]

How strong, flexible data protection controls can help maintain regulatory compliance

An effective approach to data protection controls embraces ethical standards and anticipates new requirements. Here’s how some CISOs and other experts tackle the issue.

Load More