Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Apple had wanted all iOS apps to use HTTPS by the end of the year, but it has now extended the deadline indefinitely [Read More]
On average, an enterprise now uses 1,427 cloud services. Although enterprises are attempting to control their use of cloud apps, this has clearly not yet been achieved. [Read More]
Attorneys general in 15 U.S. states reached a $1 million settlement with Adobe over the 2013 data breach [Read More]
As expected, Google announced that certificates from WoSign and StartCom will no longer be trusted by Chrome [Read More]
PCI DSS version 3.1 will be retired on Oct. 31, 2016. Any company that fully and successfully implements PCI DSS 3.2 is likely to be fully GDPR compliant. [Read More]
Mozilla has decided to distrust new certificates from WoSign and StartCom. The browser vendor says the CAs have been deceptive [Read More]
WoSign and StartCom will become separate entities and new leadership has been appointed at both firms following the recent certificate scandal [Read More]
UK telecoms company TalkTalk has been given a record £400,000/$510,000 fine for the 2015 data breach that affected 157,000 users [Read More]
Following Mozilla’s report on WoSign’s wrongdoings, Apple has decided to remove trust in WoSign certificates on iOS and OS X [Read More]
Mozilla could ban certificates from Chinese CA WoSign and its subsidiary StartCom for a year due to shady practices [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.