IT Operations
IT Operations | News, how-tos, features, reviews, and videos
Using the NIST Cybersecurity Framework to address organizational risk
NIST's CSF, used with other guidance, can help map risk to actual threats and better comply with security mandates such as the U.S.'s cybersecurity executive order.
FTC, SEC raise legal risks surrounding the log4j flaw
The U.S. Federal Trade Commission also threatened possible legal action for companies that don't address the risk from the Log4j vulnerabilities.
What is PII? Examples, laws, and standards
Personally identifiable information (PII), is any piece of data that could be used—either alone or when combined with other data—to identify an individual. Some types of PII are obvious, such as a name or Social Security number, but...
UK NCSC updates Cyber Essentials technical controls requirements and pricing structure
Technical controls update includes revisions surrounding the use of cloud services, multi-factor authentication, and password management. New pricing structure better reflects organisational size and complexity.
Top 8 cybersecurity predictions for 2022
Seeing opportunities in the mass move to remote work, cyberattackers are updating their tactics, compelling security leaders to respond. Experts make their predictions about threat reduction, compliance, supply chain management,...
18 cybersecurity startups to watch
Security startups are often innovation leaders that attempt to solve critical and persistent problems. These are some of the most interesting ones to watch as they tackle issues around multicloud security, identity management,...
NIST gears up for software security and IoT labeling pilot programs
Intended to help consumer make more secure software and IoT device purchases, the labeling guidelines are voluntary and self-policing at this time.
China's Personal Information Protection Law (PIPL) presents challenges for CISOs
PIPL's data localization mandate places unique requirements on businesses operating in China, and regulators have great leeway to assess fines.
UK ICO to fine Clearview AI £17 million for data protection law breaches
The facial recognition company is cited for not having proper data protection processes in place or a lawful reason to collect personal information, among other violations.
NIST workshop provides clues to upcoming software supply chain security guidelines
Experts at a NIST-sponsored workshop weigh in on what might be in the final version of the Biden executive-order-mandated supply chain security guidelines.
Pentagon announces version 2.0 of its controversial CMMC program
CMMC 2.0 simplifies the process for SMBs, but critics say the verification process relies too much on self-attestation.
Infrastructure bill includes $1.9 billion for cybersecurity
Passage of the infrastructure bill includes $1.9 billion for cybersecurity, and more could be on the way with the Build Back Better and other bills working their way through Congress.
CISA releases directive to remediate dangerous vulnerabilities across civilian agencies
While the move is applauded, a short timeframe to address vulnerabilities will be a challenge for security resource-strapped agencies.
NSW agencies fear cyberattacks after report finds ‘significant weaknesses’
The nine state government agencies audited asked the auditor general to not report the findings to Parliament, fearing it would expose weaknesses to cyberattackers.
Biden’s cybersecurity executive order, a progress report
Of the 46 tasks President Biden mandated to protect digital government assets, 19 are now completed, though not all agencies have reported their progress.
How Adobe reduced compliance fatigue
With compliance putting undo strain on product teams, Adobe SVP and CSO Mark Adams and team built an automation platform. The effort paid off in scale, speed, and reduced risk and earned the software provider a CSO50 award for...
FCC asks carriers to step up to stop SIM swapping, port-out fraud
The US federal agency puts pressure on telecom carriers to put better authentication, account protection safeguards in place.
Telos, Splunk, and StackArmor streamline ATO compliance on AWS
The FASTTR initiative from the three cloud and security companies aims to help regulated defense contractors and software providers navigate through complex government security regulations including FedRAMP, CMMC, FISMA, and...
CISA's Cloud Security Technical Reference Architecture: Where it succeeds and where it falls short
CISA's reference architecture will help federal government agencies improve cloud security, but it relies too much on outdated guidance.
Breach reporting required for health apps and devices, FTC says
A new policy statement makes it clear that the US Federal Trade Commission will hold healthcare app and device makers accountable for reporting data breaches.