News & Commentary
Latest Content tagged with Compliance
|
Incident Response: 3 Easy Traps & How to Avoid Them
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Data Asset Management: What Do You Really Need?
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
Resolution Requires Cybersecurity Training for Members of Congress
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
California Consumer Privacy Act: 4 Compliance Best Practices
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
How to Help Your Board Navigate Cybersecurity's Legal Risks
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn what’s at stake and what CISOs can do to mitigate the damage.
A Rear-View Look at GDPR: Compliance Has No Brakes
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
Will the US Adopt a National Privacy Law?
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Four best practices to keep old code from compromising your enterprise environment.
7 Tips for an Effective Employee Security Awareness Program
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Benefiting from Data Privacy Investments
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
When Your Sandbox Fails
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
Merging Companies, Merging Clouds
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Privacy & Regulatory Considerations in Enterprise Blockchain
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
In the Race Toward Mobile Banking, Don't Forget Risk Management
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
The 'Twitterverse' Is Not the Security Community
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
A Glass Ceiling? Not in Privacy
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
Businesses Manage 9.7PB of Data but Struggle to Protect It
What's more, their attempts to secure it may be putting information at risk, a new report finds.
The Insider Threat: It's More Common Than You Think
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
The Case for Transparency in End-User License Agreements
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
Bots Plague Ticketing Industry
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
Stay Ahead of the Curve by Using AI in Compliance
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
Privacy Ops: The New Nexus for CISOs & DPOs
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
3 Ways Companies Mess Up GDPR Compliance the Most
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
PCI Council Releases New Software Framework for DevOps Era
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Managing Security in Today's Compliance and Regulatory Environment
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Bringing Compliance into the SecDevOps Process
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
6 Ways to Strengthen Your GDPR Compliance Efforts
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation – and that could cost them.
7 Real-Life Dangers That Threaten Cybersecurity
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Divide Remains Between Cybersecurity Awareness and Skill
Organizations understand the need for critical data protection but may lack the resources to respond.
Audits: The Missing Layer in Cybersecurity
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
6 Reasons Why Employees Violate Security Policies
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
GDPR Report Card: Some Early Gains but More Work Ahead
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
How Data Security Improves When You Engage Employees in the Process
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
A 'Cyber Resilience' Report Card for the Public Sector
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
Payment Security Compliance Takes a Turn for the Worse
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
The Top 5 Security Threats & Mitigations for Industrial Networks
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
The Role of Incident Response in ICS Security Compliance
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
Polish Parliament Enacts National Cybersecurity System
The system classifies security incidents and splits national incident response into three separate teams.
The GDPR Ripple Effect
Will we ever see a truly global data security and privacy mandate?
How to Gauge the Effectiveness of Security Awareness Programs
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
Proving ROI: How a Security Road Map Can Sway the C-Suite
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
How GDPR Could Turn Privileged Insiders into Bribery Targets
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
|
White Papers
Video
1 Comments
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Well, if you hadn't made us skip the Lockpicking Village at DEF CON this year, MAYBE this wouldn't be an issue!"
Latest Comment: "Well, if you hadn't made us skip the Lockpicking Village at DEF CON this year, MAYBE this wouldn't be an issue!"
Current Issue
Building and Managing an IT Security Operations ProgramAs cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
How Enterprises Are Developing Secure Applications
IT security and application development are disparate processes that are increasingly coming together. Here's a look at how that's happening.
Twitter Feed
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
PUBLISHED: 2019-05-24
From DHS/US-CERT's National Vulnerability Database CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
- Terms of Service
- Privacy Statement
- Legal Entities
- Copyright © 2019 UBM, All rights reserved
Tweet This