IT Operations
IT Operations | News, how-tos, features, reviews, and videos
Lack of C3PAO assessors jeopardizes DoD CMMC certification goal
Only 100 approved assessors are available to certify that 300,000 US DoD providers are in compliance with the Cybersecurity Maturity Model Certification by the 2023 deadline.
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg?auto=webp)
Security and privacy laws, regulations, and compliance: The complete guide
This handy directory provides summaries and links to the full text of each security or privacy law and regulation.
China's PIPL privacy law imposes new data handling requirements
The Personal Information Protection Law will force global companies doing business in China to be more careful with cross-border flow of personal information.
Data sovereignty laws place new burdens on CISOs
More than 100 countries now require data on their citizens be stored or processed within their boundaries, presenting new data protection challenges.
NIST’s EO-mandated software security guidelines could be a game-changer
While experts applaud the new security guidance, it's unclear whether software vendors will completely embrace and implement the needed security practices.
Proposed bill would create a new federal agency to protect consumer data
The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.
NIST defines "critical software" with a broad range of security functions
The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order.
Four states propose laws to ban ransomware payments
Some state legislatures are debating bills that could limit or ban ransom payments. A better option, experts say, is mandatory reporting of ransomware attacks.
Government-mandated SBOMs to throw light on software supply chain security
The US government will soon require vendors to provide a software bill of materials to help ensure integrity of an application's components.
IT asset disposal is a security risk CISOs need to take seriously
Sensitive company and personal data often leaves organizations on disposed devices. An auditable chain of custody that shows data destruction is essential for any ITAD program.
US Congress tees up ambitious cybersecurity agenda in the wake of supply chain, ransomware attacks
Roughly 115 cybersecurity-related bills are working their way through the legislative process, in many cases with bipartisan support.
GAO calls out US government agencies: Get your supply chain security act together
The US Government Accounting Office tells Congress that federal agencies have largely ignored its supply chain risk management guidance for nearly ten years.
HITRUST explained: One framework to rule them all
HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.
TSA’s pipeline cybersecurity directive is just a first step experts say
The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.
![President Joe Biden delivers remarks about the Colonial Pipeline hack. [Washington / 2021.05.13]](https://images.idgesg.net/images/article/2021/05/united_states_president_joe_biden_delivers_remarks_about_the_colonial_pipeline_hack_2021_05_13_by_evan_vucci_ap_shutterstock_editorial_digital-only_11902685v_2400x1600-100888728-small.3x2.jpg?auto=webp)
Biden administration releases ambitious cybersecurity executive order
Though lacking in definitional clarity, this new executive order might be more effective than past federal efforts, especially in the wake of the Colonial Pipeline attack.
Biden administration releases 100-day plan to address electric system cybersecurity risks
The plan focuses largely on supply chain risks to the electric grid, requests input on the DOE's role in coordinating cybersecurity efforts.
Experts fear that Biden’s cybersecurity executive order will repeat mistakes of the past
President Biden is expected to issue an executive order soon in response to the SolarWinds and Exchange Server attacks. Leaked details suggest it might not focus on the most effective actions.
States enact safe harbor laws against cyberattacks, but demand adoption of cybersecurity frameworks
Connecticut might soon follow Ohio and Utah by enacting a law that offers liability protection against ransomware and other cyberattacks, but only if victims follow security best practices.
-
eBook
Sponsored -
White Paper
-
Video/Webcast
Sponsored -
White Paper
-
White Paper
