Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk //

Compliance

News & Commentary
Why You Need a Global View of IT Assets
Pablo Quiroga, Director of Product Management at QualysCommentary
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
By Pablo Quiroga Director of Product Management at Qualys, 7/10/2019
Comment1 Comment  |  Read  |  Post a Comment
Marriott Faces $124 Million GDPR Fine in UK
Dark Reading Staff, Quick Hits
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
By Dark Reading Staff , 7/9/2019
Comment1 Comment  |  Read  |  Post a Comment
Britain Looks to Levy Record GDPR Fine Against British Airways
Robert Lemos, Contributing WriterNews
The penalty is a sign of things to come, say experts.
By Robert Lemos Contributing Writer, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Smash-and-Grab Crime Threatens Enterprise Security
Nicko van Someren, Ph.D., Chief Technology Officer at AbsoluteCommentary
Getting your company smartphone or laptop stolen from your car isn't just a hassle; it can have large regulatory ramifications, too. Visibility is the answer.
By Nicko van Someren, Ph.D. Chief Technology Officer at Absolute, 7/8/2019
Comment0 comments  |  Read  |  Post a Comment
Why Your GDPR Implementation Plan Needs CISOs & 'Legal Engineers' to Work Together
Sophie Stalla-Bourdillon, Senior Privacy Counsel and Legal Engineer, ImmutaCommentary
Lawyers must step into the shoes of technical roles and craft legal guidance that can be easily put into use.
By Sophie Stalla-Bourdillon Senior Privacy Counsel and Legal Engineer, Immuta, 7/5/2019
Comment0 comments  |  Read  |  Post a Comment
The Case for Encryption: Fact vs. Fiction
Ramon Peypoch, SVP Products, Vera SecurityCommentary
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
By Ramon Peypoch SVP Products, Vera Security, 7/2/2019
Comment0 comments  |  Read  |  Post a Comment
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Matthew Karnas, Cybersecurity & Risk Practice Lead at SilaCommentary
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
By Matthew Karnas Cybersecurity & Risk Practice Lead at Sila, 6/28/2019
Comment3 comments  |  Read  |  Post a Comment
The Life-Changing Magic of Tidying Up the Cloud
Kaus Phaltankar, CEO and Co-Founder at CaveonixCommentary
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
By Kaus Phaltankar CEO and Co-Founder at Caveonix, 6/17/2019
Comment1 Comment  |  Read  |  Post a Comment
Apple Pledges Privacy, Beefs Up Security
Robert Lemos, Contributing WriterNews
The company hits back at the data economy and fellow tech giants Facebook and Google by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.
By Robert Lemos Contributing Writer, 6/12/2019
Comment0 comments  |  Read  |  Post a Comment
Unmixed Messages: Bringing Security & Privacy Awareness Together
Tom Pendergast & Jeff Morgenroth, Chief Learning Officer at MediaPRO/Instructional Designer at MediaPROCommentary
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
By Tom Pendergast & Jeff Morgenroth Chief Learning Officer at MediaPRO/Instructional Designer at MediaPRO, 6/10/2019
Comment0 comments  |  Read  |  Post a Comment
Healthcare Breach Expands to 19.6 Million Patient Accounts
Robert Lemos, Contributing WriterNews
LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.
By Robert Lemos Contributing Writer, 6/5/2019
Comment0 comments  |  Read  |  Post a Comment
Why FedRAMP Matters to Non-Federal Organizations
Daniel P. Kent, Director, Public Sector Engineering & CTO, Cisco SystemsCommentary
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
By Daniel P. Kent Director, Public Sector Engineering & CTO, Cisco Systems, 6/4/2019
Comment0 comments  |  Read  |  Post a Comment
Medical Debt Collector Breach Highlights Supply Chain Dangers
Robert Lemos, Contributing WriterNews
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.
By Robert Lemos Contributing Writer, 6/4/2019
Comment0 comments  |  Read  |  Post a Comment
Certifiably Distracted: The Economics of Cybersecurity
Dan Didier, VP of Services, GreyCastle SecurityCommentary
Is cybersecurity worth the investment? It depends.
By Dan Didier VP of Services, GreyCastle Security, 6/3/2019
Comment1 Comment  |  Read  |  Post a Comment
GDPR's First-Year Impact by the Numbers
Ericka Chickowski, Contributing Writer
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
By Ericka Chickowski Contributing Writer, 5/31/2019
Comment1 Comment  |  Read  |  Post a Comment
Incident Response: 3 Easy Traps & How to Avoid Them
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLCCommentary
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
By Beth Burgin Waller Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC, 5/23/2019
Comment2 comments  |  Read  |  Post a Comment
Data Asset Management: What Do You Really Need?
Kelly Sheridan, Staff Editor, Dark ReadingNews
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
By Kelly Sheridan Staff Editor, Dark Reading, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Ira Winkler, CISSP, President, Secure MentemCommentary
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
By Ira Winkler CISSP, President, Secure Mentem, 5/22/2019
Comment0 comments  |  Read  |  Post a Comment
Resolution Requires Cybersecurity Training for Members of Congress
Dark Reading Staff, Quick Hits
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
By Dark Reading Staff , 5/14/2019
Comment0 comments  |  Read  |  Post a Comment
California Consumer Privacy Act: 4 Compliance Best Practices
Chris Babel, CEO, TrustArcCommentary
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
By Chris Babel CEO, TrustArc, 4/30/2019
Comment0 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by GKDR
Current Conversations Test Comment
In reply to: Test Comment
Post Your Own Reply
More Conversations
10 Ways to Keep a Rogue RasPi From Wrecking Your Network
Curtis Franklin Jr., Senior Editor at Dark Reading,  7/10/2019
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
A Lawyer's Guide to Cyber Insurance: 4 Basic Tips
Beth Burgin Waller, Chair, Cybersecurity & Data Privacy Practice , Woods Rogers PLC,  7/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Jim, stop pretending you're drowning in tickets."
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-6160
PUBLISHED: 2019-07-16
A vulnerability in various versions of Iomega and LenovoEMC NAS products could allow an unauthenticated user to access files on NAS shares via the API.
CVE-2019-9700
PUBLISHED: 2019-07-16
Norton Password Manager, prior to 6.3.0.2082, may be susceptible to an address spoofing issue. This type of issue may allow an attacker to disguise their origin IP address in order to obfuscate the source of network traffic.
CVE-2019-12990
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 allow Directory Traversal.
CVE-2019-12991
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 5 of 6).
CVE-2019-12992
PUBLISHED: 2019-07-16
Citrix SD-WAN 10.2.x before 10.2.3 and NetScaler SD-WAN 10.0.x before 10.0.8 have Improper Input Validation (issue 6 of 6).