Risk //

Compliance

News & Commentary
PCI Council Releases New Software Framework for DevOps Era
Ericka Chickowski, Contributing Writer, Dark ReadingNews
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
By Ericka Chickowski Contributing Writer, Dark Reading, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
The Rx for HIPAA Compliance in the Cloud
Jason Polancich, CEO, MusubuCommentary
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
By Jason Polancich CEO, Musubu, 1/18/2019
Comment0 comments  |  Read  |  Post a Comment
Managing Security in Today's Compliance and Regulatory Environment
Andrew Williams, Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, CoalfireCommentary
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
By Andrew Williams Product Director, Cyber Risk Advisory and FedRAMP Assessment Services, Coalfire, 1/4/2019
Comment0 comments  |  Read  |  Post a Comment
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 12/18/2018
Comment3 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
7 Real-Life Dangers That Threaten Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/26/2018
Comment3 comments  |  Read  |  Post a Comment
Divide Remains Between Cybersecurity Awareness and Skill
Dark Reading Staff, Quick Hits
Organizations understand the need for critical data protection but may lack the resources to respond.
By Dark Reading Staff , 11/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Audits: The Missing Layer in Cybersecurity
Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of DirectorsCommentary
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
By Brennan P. Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors, 10/18/2018
Comment2 comments  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment5 comments  |  Read  |  Post a Comment
GDPR Report Card: Some Early Gains but More Work Ahead
Chris Babel, CEO, TrustArcCommentary
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
By Chris Babel CEO, TrustArc, 10/4/2018
Comment0 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
A 'Cyber Resilience' Report Card for the Public Sector
Ger Daly, Managing Director, Accenture Defense & Public SafetyCommentary
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
By Ger Daly Managing Director, Accenture Defense & Public Safety, 9/26/2018
Comment0 comments  |  Read  |  Post a Comment
Payment Security Compliance Takes a Turn for the Worse
Dark Reading Staff, Quick Hits
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
By Dark Reading Staff , 9/25/2018
Comment6 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of Incident Response in ICS Security Compliance
John Moran, Senior Product Manager, DFLabsCommentary
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
By John Moran Senior Product Manager, DFLabs, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Polish Parliament Enacts National Cybersecurity System
Dark Reading Staff, Quick Hits
The system classifies security incidents and splits national incident response into three separate teams.
By Dark Reading Staff , 8/28/2018
Comment0 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Proving ROI: How a Security Road Map Can Sway the C-Suite
Jo-Ann Smith, Director of Technology Risk Management and Data Privacy at  AbsoluteCommentary
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
By Jo-Ann Smith Director of Technology Risk Management and Data Privacy at Absolute, 8/21/2018
Comment2 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6507
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. login_user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6508
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. role_perm_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6509
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. depart_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2019-6510
PUBLISHED: 2019-01-22
An issue was discovered in creditease-sec insight through 2018-09-11. user_delete in srcpm/app/admin/views.py allows CSRF.
CVE-2017-6922
PUBLISHED: 2019-01-22
In Drupal core 8.x prior to 8.3.4 and Drupal core 7.x prior to 7.56; Private files that have been uploaded by an anonymous user but not permanently attached to content on the site should only be visible to the anonymous user that uploaded them, rather than all anonymous users. Drupal core did not pr...