Regulation
Regulation | News, how-tos, features, reviews, and videos
EU takes aim at ransomware with plans to make Bitcoin traceable, prohibit anonymity
The European Commission has set out new legislative proposals to make crypto transfers more traceable. While the plans will close some existing loopholes, the impact on cybercrime is likely to be minimal, experts say.
![A gavel rests on open law book. [law / regulation / compliance / legal liability]](https://images.idgesg.net/images/article/2020/09/gavel_mallett_rests_on_open_law_book_legal_liability_risk_regulations_compliance_by_andreypopov_gettyimages-1021544574_2400x1600-100860121-small.3x2.jpg)
Security and privacy laws, regulations, and compliance: The complete guide
This handy directory provides summaries and links to the full text of each security or privacy law and regulation.
TSA issues second cybersecurity directive for pipeline companies
Experts applaud the agency's new, detailed security requirements for US pipeline operators but question how they will be enforced or monitored.
What is personally identifiable information (PII)? How to protect it under GDPR
The EU's General Data Protection Regulation requires companies to protect the privacy of their EU customers. That means keeping personally identifiable information (PII) safe. Here's what you need to know.
Proposed bill would create a new federal agency to protect consumer data
The Data Protection Act of 2021 has wide-ranging definitions of high-risk data practices and privacy harm.
How to control ransomware? International cooperation, disrupting payments are key, experts say
Anti-ransomware acts or regulations will require global cooperation, experts say. In the meantime, ransomware victims should cooperate quickly and fully with authorities.
10 things to do now to reduce the cost of your next data breach
Taking these steps will save money, time, and reputation when that next breach hits.
Defining linchpins: An industry perspective on remediating Sunburst
The concept of linchpin software can be useful in assessing risk and focusing security efforts, but it comes with challenges.
HITRUST explained: One framework to rule them all
HITRUST is a cybersecurity framework that seeks to unify the rules for many other existing regulatory and industry frameworks, including HIPAA, GDPR, PCI-DSS, and more.
TSA’s pipeline cybersecurity directive is just a first step experts say
The new, hastily announced security directive requires US pipeline companies to appoint a cybersecurity coordinator and report possible breaches within 12 hours.
![Lady Justice statue with scales, law books. [regulation / compliance / legal liability / fairness]](https://images.idgesg.net/images/article/2020/09/lady_justice_statue_with_scales_law_books_legal_liability_risk_regulations_compliance_fairness_by_simpson33_gettyimages-1181406745_2400x1600-100860122-small.3x2.jpg)
FISMA basics: What federal agencies and contractors need to know
FISMA, or the Federal Information Security Management Act, is a U.S. federal law passed in 2002 that seeks to establish guidelines and cybersecurity standards for government tech infrastructure, and in so doing protect government...
Virginia data protection bill signed into law
The state is the second in the nation to enact a consumer data protection law along the lines of the EU's GDPR. Here's what businesses need to know about Virginia's CDPA.
The HITECH Act explained: Definition, compliance, and violations
The Health Information Technology for Economic and Clinical Health (HITECH) Act aims to expand the use of electronic health records through incentives to health care providers and consumers. It also tightens rules on providers to...
The most important cybersecurity topics for business executives
Data privacy, current cyberthreats, and cybersecurity culture and training top the list, but are these the right priorities?
COPPA explained: How this law protects children's privacy
The Children's Online Privacy Protection Act is a U.S. law that aims to protect the privacy and personally identifying information of children under the age of 13 who use online services.
HIPAA explained: definition, compliance, and violations
HIPAA (the Health Insurance Portability and Accountability Act) is a law passed in 1996 that imposes stringent privacy and security mandates on health care providers—and most of their IT vendors.
GLBA explained: What the Graham-Leach-Bailey Act means for privacy and IT security
The Graham-Leach-Bailey Act (GLBA) is a 1999 law that allowed financial services companies to offer both commercial and investment banking, something that had been banned since the Great Depression. It has an infosec reach that goes...
The Sarbanes-Oxley Act explained: Definition, purpose, and provisions
The Sarbanes-Oxley Act (sometimes referred to as SOA, Sarbox, or SOX) is a U.S. law passed in 2002 that aimed to protect investors by preventing fraudulent accounting and financial practices at publicly traded companies.
-
White Paper
-
White Paper
-
Video/Webcast
Sponsored -
White Paper
-
White Paper
