Compliance

How a digital design firm navigated its SOC 2 audit

L+R's pursuit of SOC 2 certification was complicated by hardware inadequacies and its early adoption of AI, but a successful audit has provided security and business benefits.

By Alex Levin

Nov 28, 202311 mins

CertificationsCompliance

Cybersecurity experts raise concerns over EU Cyber Resilience Act’s vulnerability disclosure requirements

By Michael Hill

Oct 03, 20234 mins

RegulationComplianceVulnerabilities

Articles

TrustCloud adds new tools to automate GRC frameworks

The suite of new capabilities includes framework customization with AI, new APIs, and evidence-collection integrations.

By Shweta Sharma

Jul 06, 2023 3 mins

IT Governance FrameworksIT Governance FrameworksIT Governance

Resilience at the core of the current and future Biden administration cybersecurity plans

The Biden administration's cybersecurity initiatives broadly aim to improve cybersecurity resilience, with recent regulations and other actions designed to foster a "defensible, resilient ecosystem."

By Cynthia Brumfield

Jul 05, 2023 7 mins

GovernmentCompliance

No consensus on creating a unified US cyber incident reporting framework

Comments submitted to CISA regarding its creation of cyber incident and ransom payment reporting requirements underscore how tough it will be for the agency to create a one-size-fits-all framework.

By Cynthia Brumfield

Jun 29, 2023 10 mins

RegulationRansomwareCompliance

Vanta adds new SaaS capability to address growing concerns over vendor security

Vanta’s new offering aims to help customers streamline third-party security with automated workflows for vendor security reviews and compliance.

By Shweta Sharma

May 03, 2023 3 mins

Vendor ManagementVendor ManagementVendor Management

Battle could be brewing over new FCC data breach reporting rules

An expanded data breach definition and the telcos’ desire to link notifications to “concrete harm” are among the most controversial aspects of the proposed FCC data breach reporting rules.

By Cynthia Brumfield

Apr 11, 2023 8 mins

RegulationData BreachCompliance

Obsidian launches new SaaS security and compliance tools

Obsidian’s multimodule security posture management offering comes with tools to secure SaaS interactions and ensure associated compliances.

By Shweta Sharma

Apr 05, 2023 4 mins

ComplianceRisk ManagementSaaS

Chinese-owned social media sensation TikTok has been fined almost $16 million for violating provisions of the UK’s General Data Protection Regulation.

By Jon Gold

Apr 04, 2023 3 mins

RegulationData PrivacyCompliance

Software liability reform is liable to push us off a cliff

Regulatory mandates for software security like those in the Biden Administration's National Cybersecurity Strategy could cause more problems than they solve.

By Andy Ellis

Mar 02, 2023 6 mins

Application SecurityComplianceOpen Source

At least one open source vulnerability found in 84% of code bases: Report

Almost all applications contain at least some open source code, and 48% of all code bases examined by Synopsys researchers contained high-risk vulnerabilities.

By Apurva Venkat

Feb 23, 2023 4 mins

ComplianceComplianceCompliance

DNA Diagnostic Center fined $400,000 for 2021 data breach

The DNA testing lab said it was not even aware that the legacy databases existed in its systems at the time of the breach.

By Apurva Venkat

Feb 21, 2023 4 mins

Data BreachData BreachCyberattacks

Evolving cyberattacks, alert fatigue creating DFIR burnout, regulatory risk

Digital forensics and incident response teams face increasing workloads amid evolving cyberattacks, recruiting and hiring challenges, and a lack of effective automation.

By Michael Hill

Feb 16, 2023 5 mins

Incident ResponseIncident ResponseIncident Response

DLA Piper’s GDPR and Data Breach survey shows a 50% increase in fines in the last 12 months. Data protection authorities turning their focus to artificial intelligence.

By Michael Hill

Jan 17, 2023 4 mins

RegulationRegulationRegulation