Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Compliance
Page 1 / 2   >   >>
To Prove Cybersecurity's Worth, Create a Cyber Balance Sheet
Commentary  |  11/7/2019  | 
How tying and measuring security investments to business impacts can elevate executives' understanding and commitment to cyber-risk reduction.
Microsoft Tools Focus on Insider Risk, Data Protection at Ignite 2019
News  |  11/4/2019  | 
New tools and updates aimed at addressing ongoing challenges with insider threats and sensitive data classification.
Hacking Phones: How Law Enforcement Is Saving Privacy
Commentary  |  10/30/2019  | 
It's no longer true that society must choose to either weaken everybody's privacy or let criminals run rampant.
Cybersecurity Trumps Political, Reputational Concerns for Companies
News  |  10/29/2019  | 
The average company has seen its risk increase, with cybersecurity topping the list of business threats, followed by damage to reputation and financial risks, a report finds.
4 Security Lessons Federal IT Pros Can Teach the Private Sector
Commentary  |  10/25/2019  | 
With a little research and basic planning, small companies can make big strides against the cybersecurity threats they face. Here's how.
IoTopia Framework Aims to Bring Security to Device Manufacturers
News  |  10/23/2019  | 
GlobalPlatform launches an initiative to help companies secure connected devices and services across markets.
Planning a Zero-Trust Initiative? Here's How to Prioritize
Commentary  |  10/23/2019  | 
If you start by focusing on users, data, access, and managed devices, you will make major strides toward achieving better security.
Trend Micro Buys Cloud Conformity to Fight Cloud Competition
Quick Hits  |  10/21/2019  | 
The cloud security posture management startup was acquired for a reported $70 million.
Data Privacy Protections for the Most Vulnerable Children
Commentary  |  10/17/2019  | 
The business case for why companies that respect the privacy of individuals, and especially minors, will have a strong competitive advantage.
Google Cloud Launches Security Health Analytics in Beta
Quick Hits  |  10/16/2019  | 
The tool is designed to help identify misconfigurations and compliance violations in the Google Cloud Platform.
7 Considerations Before Adopting Security Standards
Slideshows  |  10/8/2019  | 
Here's what to think through as you prepare your organization for standards compliance.
10 Steps to Assess SOC Maturity in SMBs
Commentary  |  10/7/2019  | 
Facing a system and organization controls audit doesn't have to be stressful for small and midsize businesses if they follow these guidelines.
How FISMA Requirements Relate to Firmware Security
Commentary  |  10/3/2019  | 
Federal guidelines can help all organizations pragmatically and meaningfully improve their firmware security.
How to Define & Prioritize Risk Management Goals
News  |  9/24/2019  | 
As risk management programs differ from business to business, these factors remain constant.
How Network Logging Mitigates Legal Risk
Commentary  |  9/23/2019  | 
Logging that is turned on, captured, and preserved immediately after a cyber event is proof positive that personal data didn't fall into the hands of a cybercriminal.
How Intel Unlocks the Powerful Potential of Diversity in Cybersecurity
Commentary  |  9/17/2019  | 
Sparking cultural shifts within an organization -- and throughout an entire industry -- can feel like a monumental task, but the juice is well worth the squeeze.
6 Questions to Ask Once Youve Learned of a Breach
Slideshows  |  9/13/2019  | 
With GDPR enacted and the California Consumer Privacy Act on the near horizon, companies have to sharpen up their responses. Start by asking these six questions.
Proposed Browser Security Guidelines Would Mean More Work for IT Teams
Commentary  |  9/11/2019  | 
CA/Browser Forum wants SSL certificates to expire after a year. Many businesses that rely on them aren't equipped to cope.
It's Not Healthy to Confuse Compliance with Security
Commentary  |  9/5/2019  | 
Healthcare organizations should be alarmed by the frequency and severity of cyberattacks. Don't assume you're safe from them just because you're compliant with regulations.
Rising Fines Will Push Breach Costs Much Higher
News  |  9/4/2019  | 
The cost of breaches will rise by two-thirds over the next five years, exceeding an estimated $5 trillion in 2024, primarily driven by higher fines as more jurisdictions punish companies for lax security.
SafeGuard Cyber Adds Security, Compliance Capabilities for WeChat
Quick Hits  |  8/22/2019  | 
A lack of visibility into the app could expose business users to compliance risks and security threats, the company says.
'Phoning Home': Your Latest Data Exfiltration Headache
Commentary  |  8/21/2019  | 
Companies phone enterprise customer data home securely and for a variety of perfectly legitimate and useful reasons. The problems stem from insufficient disclosure.
Security Pros, Congress Reps Talk National Cybersecurity at DEF CON
News  |  8/12/2019  | 
Cybersecurity and government leaders discussed why Congress is unprepared for a major cyberattack and how the two parties can collaborate.
It's (Still) the Password, Stupid!
Commentary  |  8/9/2019  | 
The best way to protect your identity in cyberspace is the simplest: Use a variety of strong passwords, and never, ever, use "123456" no matter how easy it is to type.
Yes, FaceApp Really Could Be Sending Your Data to Russia
Commentary  |  8/8/2019  | 
FaceApp has an unprecedented level of access to data from 150 million users. What could its endgame be? We unpack three potential risks.
Cisco Pays $8.6M in First False Claims Suit for Vulnerabilities in Security Product
News  |  8/1/2019  | 
A security consultant reported vulnerabilities in Cisco's Video Surveillance Manager in 2009 but the company ignored the issues and fired the consultant.
Companies' 'Anonymized' Data May Violate GDPR, Privacy Regs
News  |  7/26/2019  | 
New study found that any database containing 15 pieces of demographic data could be used to identify individuals.
Answer These 9 Questions to Determine if Your Data Is Safe
Commentary  |  7/25/2019  | 
Data protection regulations are only going to grow tighter. Make sure you're keeping the customer's best interests in mind.
6 Actions That Made GDPR Real in 2019
Slideshows  |  7/22/2019  | 
In the wake of recent fines levied against British Airways, Marriott, and Facebook, companies are starting to take data privacy and security more seriously.
Data Loss, Leakage Top Cloud Security Concerns
Quick Hits  |  7/17/2019  | 
Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Marriott Faces $124 Million GDPR Fine in UK
Quick Hits  |  7/9/2019  | 
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
Britain Looks to Levy Record GDPR Fine Against British Airways
News  |  7/8/2019  | 
The penalty is a sign of things to come, say experts.
The Case for Encryption: Fact vs. Fiction
Commentary  |  7/2/2019  | 
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
Apple Pledges Privacy, Beefs Up Security
News  |  6/12/2019  | 
The company hits back at the data economy and fellow tech giants Facebook and Google by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
Healthcare Breach Expands to 19.6 Million Patient Accounts
News  |  6/5/2019  | 
LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
Medical Debt Collector Breach Highlights Supply Chain Dangers
News  |  6/4/2019  | 
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.
GDPR's First-Year Impact by the Numbers
Slideshows  |  5/31/2019  | 
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
Incident Response: 3 Easy Traps & How to Avoid Them
Commentary  |  5/23/2019  | 
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Commentary  |  5/22/2019  | 
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
Resolution Requires Cybersecurity Training for Members of Congress
Quick Hits  |  5/14/2019  | 
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
California Consumer Privacy Act: 4 Compliance Best Practices
Commentary  |  4/30/2019  | 
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
How to Help Your Board Navigate Cybersecurity's Legal Risks
Commentary  |  4/30/2019  | 
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn whats at stake and what CISOs can do to mitigate the damage.
Page 1 / 2   >   >>


The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
The State of Email Security and Protection
Mike Flouton, Vice President of Email Security at Barracuda Networks,  11/5/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprise
Assessing Cybersecurity Risk in Today's Enterprise
Security leaders are struggling to understand their organizations risk exposure. While many are confident in their security strategies and processes, theyre also more concerned than ever about getting breached. Download this report today and get insights on how today's enterprises assess and perceive the risks they face in 2019!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18881
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile.
CVE-2019-18882
PUBLISHED: 2019-11-12
WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled.
CVE-2019-18873
PUBLISHED: 2019-11-12
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the pa...
CVE-2019-18874
PUBLISHED: 2019-11-12
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
CVE-2019-18862
PUBLISHED: 2019-11-11
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.