Risk //

Compliance

News & Commentary
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of Incident Response in ICS Security Compliance
John Moran, Senior Product Manager, DFLabsCommentary
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
By John Moran Senior Product Manager, DFLabs, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Polish Parliament Enacts National Cybersecurity System
Dark Reading Staff, Quick Hits
The system classifies security incidents and splits national incident response into three separate teams.
By Dark Reading Staff , 8/28/2018
Comment0 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Proving ROI: How a Security Road Map Can Sway the C-Suite
Jo-Ann Smith, Director of Technology Risk Management and Data Privacy at  AbsoluteCommentary
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
By Jo-Ann Smith Director of Technology Risk Management and Data Privacy at Absolute, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment1 Comment  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
White House Email Security Faux Pas?
E.J. Whaley, Solutions Engineer at GreatHornCommentary
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
By E.J. Whaley Solutions Engineer at GreatHorn, 6/22/2018
Comment1 Comment  |  Read  |  Post a Comment
In Pursuit of Cryptography's Holy Grail
Ellison Anne Williams, Founder and CEO of EnveilCommentary
Homomorphic encryption eliminates the need for data exposure at any point something that certainly would be welcome these days.
By Ellison Anne Williams Founder and CEO of Enveil, 6/7/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways Third Parties Can Trip Up Your Security
Jai Vijayan, Freelance writer
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
By Jai Vijayan Freelance writer, 5/29/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
Sara Peters, Senior Editor at Dark ReadingNews
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
By Sara Peters Senior Editor at Dark Reading, 5/25/2018
Comment14 comments  |  Read  |  Post a Comment
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
Ron Teicher, CEO & Founder, EverCompliantCommentary
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
By Ron Teicher CEO & Founder, EverCompliant, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/24/2018
Comment0 comments  |  Read  |  Post a Comment
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
Marc French, Senior VP, Chief Trust Officer & Data Protection Officer, MimecastCommentary
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
By Marc French Senior VP, Chief Trust Officer & Data Protection Officer, Mimecast, 5/22/2018
Comment0 comments  |  Read  |  Post a Comment
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Peter Merkulov, Chief Technology Officer, GlobalscapeCommentary
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
By Peter Merkulov Chief Technology Officer, Globalscape, 5/9/2018
Comment0 comments  |  Read  |  Post a Comment
Encryption is Necessary, Tools and Tips Make It Easier
Curtis Franklin Jr., Senior Editor at Dark ReadingNews
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 5/3/2018
Comment0 comments  |  Read  |  Post a Comment
Survey Shows Sensitive Data Goes Astray in Email
Dark Reading Staff, Quick Hits
Many employees have trouble controlling the release of sensitive information in email.
By Dark Reading Staff , 5/2/2018
Comment0 comments  |  Read  |  Post a Comment
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
Jen Brown, Compliance and Data Protection Officer at Sumo LogicCommentary
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
By Jen Brown Compliance and Data Protection Officer at Sumo Logic, 5/1/2018
Comment1 Comment  |  Read  |  Post a Comment
10 Security Innovators to Watch
Curtis Franklin Jr., Senior Editor at Dark Reading
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
By Curtis Franklin Jr. Senior Editor at Dark Reading, 4/30/2018
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by CleanShine
Current Conversations Good
In reply to: thanks
Post Your Own Reply
More Conversations
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Yahoo Class-Action Suits Set for Settlement
Dark Reading Staff 9/17/2018
RDP Ports Prove Hot Commodities on the Dark Web
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: In Russia, application hangs YOU!
Current Issue
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-3912
PUBLISHED: 2018-09-18
Bypassing password security vulnerability in McAfee Application and Change Control (MACC) 7.0.1 and 6.2.0 allows authenticated users to perform arbitrary command execution via a command-line utility.
CVE-2018-6690
PUBLISHED: 2018-09-18
Accessing, modifying, or executing executable files vulnerability in Microsoft Windows client in McAfee Application and Change Control (MACC) 8.0.0 Hotfix 4 and earlier allows authenticated users to execute arbitrary code via file transfer from external system.
CVE-2018-6693
PUBLISHED: 2018-09-18
An unprivileged user can delete arbitrary files on a Linux system running ENSLTP 10.5.1, 10.5.0, and 10.2.3 Hotfix 1246778 and earlier. By exploiting a time of check to time of use (TOCTOU) race condition during a specific scanning sequence, the unprivileged user is able to perform a privilege escal...
CVE-2018-16515
PUBLISHED: 2018-09-18
Matrix Synapse before 0.33.3.1 allows remote attackers to spoof events and possibly have unspecified other impacts by leveraging improper transaction and event signature validation.
CVE-2018-16794
PUBLISHED: 2018-09-18
Microsoft ADFS 4.0 Windows Server 2016 and previous (Active Directory Federation Services) has an SSRF vulnerability via the txtBoxEmail parameter in /adfs/ls.