Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

Google has updated its User Data Policy for the Chrome Web Store, in an attempt to improve the safety and privacy for users of its Chrome web browser. [Read More]
The best possible method to mitigate the risk of the new European Data Protection law will be the ability to demonstrate a serious attempt at good security policy. [Read More]
The California Assembly Bill 1681 was quietly dropped this week without a vote. The bill would have authorized $2,500 penalties for phone manufacturers and operating system providers if they do not comply with court orders to decrypt phones. [Read More]
US lawmakers unveiled legislation to require technology firms to help law enforcement unlock encrypted devices -- prompting a fierce outcry from the industry and privacy activists. [Read More]
Privacy Shield, the proposed replacement for the US/EU Safe Harbor agreement, is being heavily criticized by European regulators. [Read More]
WhatsApp has implemented "full end-to-end encryption," a move which steps up privacy but may lead to conflicts with law enforcement agencies. [Read More]
The high-stakes legal showdown between Apple and the FBI has abruptly ended, with no resolution to key questions about law enforcement access to devices with strong encryption. [Read More]
The source code for Google’s Vendor Security Assessment Questionnaire (VSAQ) is now available on GitHub [Read More]
Apple and the US government are squaring off in an epic legal battle with wide-ranging implications for how technology firms must work with law enforcement. [Read More]
Mozilla allows Symantec to issue new SHA-1 certificates to payment processor Worldpay to prevent disruption of 10,000 payment terminals [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Tal Be'ery's picture
The Google-backed "Certificate Transparency" initiative has gained much momentum and may have a real chance to amend the battered Public-Key Infrastructure (PKI).
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.