Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

FTC files lawsuit against D-Link, accusing the vendor of making false claims about how secure its products are [Read More]
New York State Department of Financial Services (DFS) has published its revised proposal for what it calls a 'first-in-the-nation cybersecurity regulation' for New York regulated financial services. [Read More]
The FDA has released guidance on the postmarket management of cybersecurity in medical devices [Read More]
Apple had wanted all iOS apps to use HTTPS by the end of the year, but it has now extended the deadline indefinitely [Read More]
On average, an enterprise now uses 1,427 cloud services. Although enterprises are attempting to control their use of cloud apps, this has clearly not yet been achieved. [Read More]
Attorneys general in 15 U.S. states reached a $1 million settlement with Adobe over the 2013 data breach [Read More]
As expected, Google announced that certificates from WoSign and StartCom will no longer be trusted by Chrome [Read More]
PCI DSS version 3.1 will be retired on Oct. 31, 2016. Any company that fully and successfully implements PCI DSS 3.2 is likely to be fully GDPR compliant. [Read More]
Mozilla has decided to distrust new certificates from WoSign and StartCom. The browser vendor says the CAs have been deceptive [Read More]
WoSign and StartCom will become separate entities and new leadership has been appointed at both firms following the recent certificate scandal [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Danelle Au's picture
You’ve handed over controls to a third-party, so how do you implement the right levels of security in a cloud environment, trust the provider to take care of the rest, and still meet compliance initiatives?
Chris Poulin's picture
Part 1: Why the Star Trek Medical Tricorder Didn’t have an App Store. The future of information security is looking brilliant: by the 23rd century there will be no computer hacks—at least according to Star Trek.
Jeff Hudson's picture
The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. For example, exposing cryptographic key management information to more than those that need to know creates a compliance violation.
Steve Ragan's picture
For most CISOs, the pain of an audit is part of the job, but it doesn’t have to be the nightmare that most of the IT community envisions.
Chris Hinkley's picture
Cloud infrastructures can be secure, and they must be for the need is growing quite fast. In this vein, organizations don’t have to be fearful of public clouds. They just need to better understand them.
Oliver Rochford's picture
To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
Michael Goff's picture
In 2011 we were reminded that software piracy cannot be stopped. Despite the best efforts of software vendors, industry watchdog groups and government, software piracy continues to proliferate.
Mandeep Khera's picture
Merchants who are required to be PCI-DSS Compliant will have to get their validation under provisions of PCI-DSS 2.0 by December 31st, 2011. What are some of the key changes in PCI-DSS 2.0? Are you ready?
Chris Hinkley's picture
Mobile applications and the platforms they are built on make PA-DSS compliance difficult due to the rapidly evolving threat landscape. With increased attacks and their tragic affects on businesses and consumers, it's important to make make sure your mobile operations properly secured.
Chris Hinkley's picture
2011 has been a monumental year for hackers. Businesses as well as consumers felt the brunt of cybercrime by the millions, some of them a few times over. Here’s a look at the top hacks so far this year, and what we can learn from them.