IT Operations
IT Operations | News, how-tos, features, reviews, and videos
NIST Cybersecurity Framework update comments highlight a gamut of needed changes
Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.
LightBeam launches data privacy automation platform to streamline compliance
New identity-centric platform designed to help businesses automate compliance against a patchwork of existing and emerging privacy regulations such as GDPR, CPRA, HIPAA and PCI DSS.
Meta fined €17 million by Irish regulator for GDPR violations
In the wake of 12 data breaches reported in 2018, Facebook’s parent company hit with hefty fine for failing to follow GDPR regulations related to its ability to demonstrate data privacy protection practices.
SEC plans four-day cybersecurity breach notification requirement
The US stock market regulator wants to tighten reporting requirements for security breaches at publicly traded firms.
NIST releases software, IoT, and consumer cybersecurity labeling guidance
The new guidance aims to tighten security requirements for federally purchased software and give consumers better insight into the security of software and devices they buy.
Crazy quilt of state privacy laws could cost businesses $1 trillion
A new study shows that state privacy laws could create significant compliance costs for both in- and out-of-state businesses.
European nations issue record €1.1 billion in GDPR fines
Authorities across Europe issued huge amounts in GDPR fines during 2021. Luxembourg and Ireland took up the top spots, replacing Italy and Germany.
OMB issues zero-trust strategy for federal agencies
All federal agencies must meet zero-trust goals that the U.S. Office of Management and Budget has set by 2024, building on earlier federal cybersecurity initiatives.
Data residency laws pushing companies toward residency as a service
Many countries now require companies that operate within its boundaries to store data on their residents locally. Using residency-as-a-service providers is becoming an important option.
Using the NIST Cybersecurity Framework to address organizational risk
NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.
FTC, SEC raise legal risks surrounding the log4j flaw
The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.
What is PII? Examples, laws, and standards
Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...
UK NCSC updates Cyber Essentials technical controls requirements and pricing structure
Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.
Top 8 cybersecurity predictions for 2022
Seeing opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management,...
18 cybersecurity startups to watch
Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...
NIST gears up for software security and IoT labeling pilot programs
Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.
China's Personal Information Protection Law (PIPL) presents challenges for CISOs
PIPL's data localization mandate places unique requirements on businesses operating in China, and regulators have great leeway to assess fines.
UK ICO to fine Clearview AI £17 million for data protection law breaches
The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.