Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
Incident Response: 3 Easy Traps & How to Avoid Them
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 5/23/2019
Comment2 comments  |  Read  |  Post a Comment
Data Asset Management: What Do You Really Need?
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Ira Winkler, CISSP, President, Secure MentemCommentary
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
California Consumer Privacy Act: 4 Compliance Best Practices
Chris Babel, CEO, TrustArcCommentary
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
By Chris Babel CEO, TrustArc, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
Kelly Sheridan, Staff Editor, Dark ReadingNews
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
By Kelly Sheridan Staff Editor, Dark Reading, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
How to Help Your Board Navigate Cybersecurity's Legal Risks
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn whats at stake and what CISOs can do to mitigate the damage.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
A Rear-View Look at GDPR: Compliance Has No Brakes
Daniel Barber, CEO & Co-founder, DataGrailCommentary
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
By Daniel Barber CEO & Co-founder, DataGrail, 4/29/2019
Comment0 comments  |  Read  |  Post a Comment
Will the US Adopt a National Privacy Law?
Seth P.  Berman, Partner, NutterCommentary
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
By Seth P. Berman Partner, Nutter, 4/23/2019
Comment0 comments  |  Read  |  Post a Comment
Legacy Apps: The Security Risk Lurking in Dusty Corners
Tim Buntel, VP, Application Security Products, Threat StackCommentary
Four best practices to keep old code from compromising your enterprise environment.
By Tim Buntel VP, Application Security Products, Threat Stack, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
7 Tips for an Effective Employee Security Awareness Program
Jai Vijayan, Contributing Writer
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
By Jai Vijayan Contributing Writer, 4/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Benefiting from Data Privacy Investments
Marc Wilczek, Digital Strategist & CIO AdvisorCommentary
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
By Marc Wilczek Digital Strategist & CIO Advisor, 4/16/2019
Comment0 comments  |  Read  |  Post a Comment
When Your Sandbox Fails
Kowsik Guruswamy, Chief Technology Officer at Menlo SecurityCommentary
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
By Kowsik Guruswamy Chief Technology Officer at Menlo Security, 4/11/2019
Comment2 comments  |  Read  |  Post a Comment
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Dark Reading Staff, Quick Hits
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
By Dark Reading Staff , 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Merging Companies, Merging Clouds
Scott Totman, VP of Engineering, DivvyCloudCommentary
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
By Scott Totman VP of Engineering, DivvyCloud, 4/10/2019
Comment0 comments  |  Read  |  Post a Comment
Privacy & Regulatory Considerations in Enterprise Blockchain
Steve McNew, Senior Managing Director at FTI ConsultingCommentary
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
By Steve McNew Senior Managing Director at FTI Consulting, 4/3/2019
Comment0 comments  |  Read  |  Post a Comment
In the Race Toward Mobile Banking, Don't Forget Risk Management
Sam Abadir, Vice President of Industry Solutions at LockpathCommentary
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
By Sam Abadir Vice President of Industry Solutions at Lockpath, 4/1/2019
Comment2 comments  |  Read  |  Post a Comment
The 'Twitterverse' Is Not the Security Community
Ira Winkler, CISSP, President, Secure MentemCommentary
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
By Ira Winkler CISSP, President, Secure Mentem, 3/27/2019
Comment1 Comment  |  Read  |  Post a Comment
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Andrea Little Limbago, Chief Social Scientist, VirtruCommentary
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
By Andrea Little Limbago Chief Social Scientist, Virtru, 3/26/2019
Comment1 Comment  |  Read  |  Post a Comment
A Glass Ceiling? Not in Privacy
Rita Heimes, Data Protection Officer, Research Director & General Counsel, IAPPCommentary
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
By Rita Heimes Data Protection Officer, Research Director & General Counsel, IAPP, 3/25/2019
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by GKDR
Current Conversations Test Comment
In reply to: Test Comment
Post Your Own Reply
More Conversations
97% of Americans Can't Ace a Basic Security Test
Steve Zurier, Contributing Writer,  5/20/2019
How Security Vendors Can Address the Cybersecurity Talent Shortage
Rob Rashotte, VP of Global Training and Technical Field Enablement at Fortinet,  5/24/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-7068
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7069
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have a type confusion vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7070
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .
CVE-2019-7071
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
CVE-2019-7072
PUBLISHED: 2019-05-24
Adobe Acrobat and Reader versions 2019.010.20069 and earlier, 2019.010.20069 and earlier, 2017.011.30113 and earlier version, and 2015.006.30464 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code execution .