News & Commentary
Latest Content tagged with Compliance
|
Bringing Compliance into the SecDevOps Process
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
6 Ways to Strengthen Your GDPR Compliance Efforts
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation – and that could cost them.
7 Real-Life Dangers That Threaten Cybersecurity
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Divide Remains Between Cybersecurity Awareness and Skill
Organizations understand the need for critical data protection but may lack the resources to respond.
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
6 Reasons Why Employees Violate Security Policies
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
GDPR Report Card: Some Early Gains but More Work Ahead
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
How Data Security Improves When You Engage Employees in the Process
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
A 'Cyber Resilience' Report Card for the Public Sector
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Payment Security Compliance Takes a Turn for the Worse
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
The Top 5 Security Threats & Mitigations for Industrial Networks
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
The Role of Incident Response in ICS Security Compliance
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Polish Parliament Enacts National Cybersecurity System
The system classifies security incidents and splits national incident response into three separate teams.
The GDPR Ripple Effect
Will we ever see a truly global data security and privacy mandate?
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
White House Email Security Faux Pas?
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
In Pursuit of Cryptography's Holy Grail
Homomorphic encryption eliminates the need for data exposure at any point — something that certainly would be welcome these days.
6 Ways Third Parties Can Trip Up Your Security
Poor access control, inadequate patch management, and non-existent DR practices are just some of the ways a third party can cause problems
GDPR Oddsmakers: Who, Where, When Will Enforcement Hit First?
The GDPR grace period ends today. Experts take their best guesses on when data protection authorities will strike - and what kind of organizations will be first to feel the sting of the EU privacy law.
GDPR, WHOIS & the Impact on Merchant Risk Security Monitoring
The EU's General Data Protection Regulation will make it harder for law enforcement, forensic investigators, and others to track down everything from credit card fraud to child porn rings.
A Data Protection Officer's Guide to the Post-GDPR Deadline Reality
The EU's General Data Protection Regulation deadline is here -- now what? These four tips can help guide your next steps.
GDPR 101: Keeping Data Safe Throughout the 'Supply Chain'
There are a lot of moving pieces involved with data collection, retention, and processing in the EU's new General Data Protection Regulation. Here's how to break down responsibilities between your security team and service providers.
Compliance Complexity: The (Avoidable) Risks of Not Playing by the Rules
Achieving compliance is a challenging process, but with the right systems and customized data management policy, your organization can stay ahead of the next data breach -- and the regulators.
Encryption is Necessary, Tools and Tips Make It Easier
In the InteropITX conference, a speaker provided tips, tools, and incentives for moving to pervasive encryption in the enterprise.
Survey Shows Sensitive Data Goes Astray in Email
Many employees have trouble controlling the release of sensitive information in email.
A Data Protection Officer's Guide to GDPR 'Privacy by Design'
These five steps can show you how to start building your foundational privacy program for the EU's General Data Protection Regulation.
10 Security Innovators to Watch
Startups in the RSA Conference Innovation Sandbox competed for the title of "Most Innovative."
12 Trends Shaping Identity Management
As IAM companies try to stretch 'identity context' into all points of the cybersecurity market, identity is becoming 'its own solar system.'
Why We Need Privacy Solutions That Scale Across Borders
New privacy solutions are becoming scalable, smarter, and easier to address compliance across industries and geographies.
How GDPR Forces Marketers to Rethink Data & Security
The European regulation is making marketing technology companies re-examine their security, and that's a good thing.
Businesses Calculate Cost of GDPR as Deadline Looms
Surveys highlight the financial burden of GDPR as companies scramble to meet the May 25 deadline.
Active Cyber Defense Is an Opportunity, Not a Threat
If honest citizens can be tracked online with cookies and beacons that share where we are and what we are doing, then why should security professionals restrict their ability to hack attackers?
The Cybersecurity Mandates Keep On Coming
There's a good reason for the proliferation of mandates like the one in New York state, but companies may struggle to answer this question: "Are we in compliance?"
Report Shows Ransomware is the New Normal
A new report on malware says that the majority of companies globally have been victims of ransomware in the last 12 months.
A Data Protection Officer's Guide to the GDPR Galaxy
Impending deadline got you freaking out? These five tips might help you calm down, at least a little.
Yahoo Agrees to $80 Million Settlement with Investors
Investors alleged that Yahoo intentionally misled them about its cybersecurity practices.
What Enterprises Can Learn from Medical Device Security
In today's cloud-native world, organizations need a highly distributed approach that ties security to the workload itself in order to prevent targeted attacks.
FTC Settles with Venmo on Security Allegations
Proposed settlement addresses complaints that Venmo misrepresented its security and privacy features.
It's Not What You Know, It's What You Can Prove That Matters to Investigators
Achieving the data visibility to ensure you can provide auditors with the information they need after a breach, and do so in just a few days, has never been more difficult.
Siemens Leads Launch of Global Cybersecurity Initiative
The new 'Charter of Trust' aims to make security a key element of the digital economy, critical infrastructure.
Filing Deadline for New Infosec Law Hits NY Finance Firms Thursday
Banks and financial services companies in New York must file by tomorrow to certify they are compliant with the state Department of Financial Services’ new cybersecurity regulation, 23 NYCRR 500.
Ticking Time Bombs in Your Data Center
The biggest security problems inside your company may result from problems it inherited.
K-12 Study Gives Schools Low Marks for Protecting Student Privacy Online
Survey says local school districts and education departments lack even the most basic security and privacy safeguards.
Breach-Proofing Your Data in a GDPR World
Here are six key measures for enterprises to prioritize over the next few months.
An Action Plan to Fill the Information Security Workforce Gap
Nothing says #whorunstheworld like an all-female blue team taking down a male-dominated red team in a battle to protect sensitive customer data, and other ideas to entice women into a cyber career.
PCI DSS Adds Standard for Software-based PIN Entry
Software-Based PIN Entry on COTS (SPoC) standard supports EMV contact and contactless transactions with PIN entry on merchant mobile devices.
GDPR: Ready or Not, Here It Comes
As organizations all over the world look ahead to May 25 when Europe's General Data Protection Regulation takes effect, many will fall short.
|
White Papers
Video
4 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: So now we are monitoring the monitor?
Latest Comment: So now we are monitoring the monitor?
Current Issue
10 Best Practices That Could Reshape Your IT Security DepartmentThis Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
How Enterprises Are Using IT Threat Intelligence
Large organizations are harnessing data about cyberattackers and their exploits to improve the safety of their critical data. Find out what they're doing.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2018-20145
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
PUBLISHED: 2018-12-13
From DHS/US-CERT's National Vulnerability Database CVE-2018-20145
PUBLISHED: 2018-12-13
Eclipse Mosquitto 1.5.x before 1.5.5 allows ACL bypass: if the option per_listener_settings was set to true, and the default listener was in use, and the default listener specified an acl_file, then the acl file was being ignored.
CVE-2018-12076PUBLISHED: 2018-12-13
A vulnerability in the UPC bar code of the Avanti Markets MarketCard could allow an unauthenticated, local attacker to access funds within the customer's MarketCard balance, and also could lead to Customer Information Disclosure. The vulnerability is due to lack of proper validation of the UPC bar c...
CVE-2018-18922PUBLISHED: 2018-12-13
add_user in AbiSoft Ticketly 1.0 allows remote attackers to create administrator accounts via an action/add_user.php POST request.
CVE-2018-18923PUBLISHED: 2018-12-13
AbiSoft Ticketly 1.0 is affected by multiple SQL Injection vulnerabilities through the parameters name, category_id and description in action/addproject.php; kind_id, priority_id, project_id, status_id and title in action/addticket.php; and kind_id and status_id in reports.php.
CVE-2018-19039PUBLISHED: 2018-12-13
Grafana before 4.6.5 and 5.x before 5.3.3 allows remote authenticated users to read arbitrary files by leveraging Editor or Admin permissions.
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2018 UBM, All rights reserved
Tweet This