IT Operations

IT Operations | News, how-tos, features, reviews, and videos

locked data / bitcoins

How the Russia-Ukraine war makes ransomware payments harder

The war in Ukraine has increased sanctions against paying ransom demands to cybercriminal groups and cryptocurrency intermediaries based in Russia.

A gavel rests on open law book. [law / regulation / compliance / legal liability]

Security and privacy laws, regulations, and compliance: The complete guide

This handy directory provides summaries and links to the full text of each security or privacy law and regulation.

An open lock sits on a credit card lying on a computer keyboard.

PCI DSS explained: Requirements, fines, and steps to compliance

PCI DSS (Payment Card Industry Data Security Standard) is a cybersecurity standard backed by all the major credit card and payment processing companies that aims to keep credit and debit card numbers safe.

president joe biden image

A year later, Biden’s cybersecurity executive order driving positive change

Notable experts say the cybersecurity executive order has improved the nation's security posture, but more work is to be done.

CSO  >  Right and wrong buttons and question marks

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

Better metrics, implementation guidance, and alignment with other frameworks are high on the list of suggested improvements to the NIST CSF.

compliance compliant regulation rules stamp gdpr

LightBeam launches data privacy automation platform to streamline compliance

New identity-centric platform designed to help businesses automate compliance against a patchwork of existing and emerging privacy regulations such as GDPR, CPRA, HIPAA and PCI DSS.

EU / European Union / GDPR data privacy, regulation, compliance

Meta fined €17 million by Irish regulator for GDPR violations

In the wake of 12 data breaches reported in 2018, Facebook’s parent company hit with hefty fine for failing to follow GDPR regulations related to its ability to demonstrate data privacy protection practices.

Targeting user behavior.

SEC plans four-day cybersecurity breach notification requirement

The US stock market regulator wants to tighten reporting requirements for security breaches at publicly traded firms.

Security administration  >  A shield protects a network of users and systems.

NIST releases software, IoT, and consumer cybersecurity labeling guidance

The new guidance aims to tighten security requirements for federally purchased software and give consumers better insight into the security of software and devices they buy.

Privacy: An eye looks through peephole.

Crazy quilt of state privacy laws could cost businesses $1 trillion

A new study shows that state privacy laws could create significant compliance costs for both in- and out-of-state businesses.

8 data protection gdpr

European nations issue record €1.1 billion in GDPR fines

Authorities across Europe issued huge amounts in GDPR fines during 2021. Luxembourg and Ireland took up the top spots, replacing Italy and Germany.

Conceptual image of a network labeled 'Zero Trust.'

OMB issues zero-trust strategy for federal agencies

All federal agencies must meet zero-trust goals that the U.S. Office of Management and Budget has set by 2024, building on earlier federal cybersecurity initiatives.

Global geopolitical vectors

Data residency laws pushing companies toward residency as a service

Many countries now require companies that operate within its boundaries to store data on their residents locally. Using residency-as-a-service providers is becoming an important option.

An engineer reviews strategy framework data.

Using the NIST Cybersecurity Framework to address organizational risk

NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.

rules rulebook law compliance regulation by baloon111 getty

FTC, SEC raise legal risks surrounding the log4j flaw

The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.

One avatar is uniquely identified among others at the center of a bullseye in a digital environment.

What is PII? Examples, laws, and standards

Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...

Gears in the form of a cloud in a binary field  >  Cloud controls

UK NCSC updates Cyber Essentials technical controls requirements and pricing structure

Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.

01 intro prediction

Top 8 cybersecurity predictions for 2022

Seeing opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management,...

iot security startups hot highlights planets rocket lock security

18 cybersecurity startups to watch

Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...

USA / United States of America stars + stripes and binary code superimposed over The White House

NIST gears up for software security and IoT labeling pilot programs

Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.

Load More
You Might Also Like