News & Commentary
Latest Content tagged with Compliance
|
The Top 5 Security Threats & Mitigations for Industrial Networks
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
The Role of Incident Response in ICS Security Compliance
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Polish Parliament Enacts National Cybersecurity System
The system classifies security incidents and splits national incident response into three separate teams.
The GDPR Ripple Effect
Will we ever see a truly global data security and privacy mandate?
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
White House Email Security Faux Pas?
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
In Pursuit of Cryptography's Holy Grail
Homomorphic encryption eliminates the need for data exposure at any point — something that certainly would be welcome these days.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Encryption is Necessary, Tools and Tips Make It Easier
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
Survey Shows Sensitive Data Goes Astray in Email
Many employees have trouble controlling the release of sensitive information in email.
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
10 Security Innovators to Watch
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
12 Trends Shaping Identity Management
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Why We Need Privacy Solutions That Scale Across Borders
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
How GDPR Forces Marketers to Rethink Data & Security
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Businesses Calculate Cost of GDPR as Deadline Looms
Surveys highlight the financial burden of GDPR as companies scramble to meet the May 25 deadline.
Active Cyber Defense Is an Opportunity, Not a Threat
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
The Cybersecurity Mandates Keep On Coming
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
Report Shows Ransomware is the New Normal
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
A Data Protection Officer's Guide to the GDPR Galaxy
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Yahoo Agrees to $80 Million Settlement with Investors
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
What Enterprises Can Learn from Medical Device Security
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
FTC Settles with Venmo on Security Allegations
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Siemens Leads Launch of Global Cybersecurity Initiative
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services’ new cybersecurity regulation, 23 NYCRR 500.
Ticking Time Bombs in Your Data Center
The biggest security problems inside your company may result from problems it inherited.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
PCI DSS Adds Standard for Software-based PIN Entry
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
Living with Risk: Where Organizations Fall Short
People tasked with protecting data are too often confused about what they need to do, even with a solid awareness of the threats they face.
Meltdown, Spectre Likely Just Scratch the Surface of Microprocessor Vulnerabilities
There's a lot at stake when it comes to patching the hardware flaws.
A Pragmatic Approach to Fixing Cybersecurity: 5 Steps
The digital infrastructure that supports our economy, protects our national security, and empowers our society must be made more secure, more trusted, and more reliable. Here's how.
CISO Holiday Miracle Wish List
If CISOs could make a wish to solve a problem, these would be among the top choices.
Be a More Effective CISO by Aligning Security to the Business
These five steps will you help marshal the internal resources you need to reduce risk, break down barriers, and thwart cyber attacks.
Businesses Fail in Risk Modeling and Management: Report
Businesses struggle to quantify and manage risk, leading to wasted resources and oversight of major problems.
Security Compliance: The Less You Spend the More You Pay
The costs of complying with data protection requirements are steep, but the costs of non-compliance are even higher, a new study shows.
Gartner: IT Security Spending to Reach $96 Billion in 2018
Identity access management and security services to drive worldwide spending growth.
Ransomware Meets 'Grey's Anatomy'
Fictional Grey Sloan Memorial Hospital is locked out of its electronic medical records, but in the real world, healthcare organizations face even greater risks.
The Rising Dangers of Unsecured IoT Technology
As government regulation looms, the security industry must take a leading role in determining whether the convenience of the Internet of Things is worth the risk and compromise of unsecured devices.
|
White Papers
Video
0 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Flash Poll
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-8023
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
PUBLISHED: 2018-09-21
From DHS/US-CERT's National Vulnerability Database CVE-2018-8023
PUBLISHED: 2018-09-21
Apache Mesos can be configured to require authentication to call the Executor HTTP API using JSON Web Token (JWT). In Apache Mesos versions pre-1.4.2, 1.5.0, 1.5.1, 1.6.0 the comparison of the generated HMAC value against the provided signature in the JWT implementation used is vulnerable to a timin...
CVE-2018-14643PUBLISHED: 2018-09-21
An authentication bypass flaw was found in the smart_proxy_dynflow component used by Foreman. A malicious attacker can use this flaw to remotely execute arbitrary commands on machines managed by vulnerable Foreman instances, in a highly privileged context.
CVE-2018-14645PUBLISHED: 2018-09-21
A flaw was discovered in the HPACK decoder of HAProxy, before 1.8.14, that is used for HTTP/2. An out-of-bounds read access in hpack_valid_idx() resulted in a remote crash and denial of service.
CVE-2018-1685PUBLISHED: 2018-09-21
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 9.7, 10.1, 10.5, and 11.1 contains a vulnerability in db2cacpy that could allow a local user to read any file on the system. IBM X-Force ID: 145502.
CVE-2018-1710PUBLISHED: 2018-09-21
IBM DB2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.1, 10.5, and 11.1 tool db2licm is affected by buffer overflow vulnerability that can potentially result in arbitrary code execution. IBM X-Force ID: 146364.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This