Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

ICS-CERT provides solid advice on updating antiviruses in industrial control systems, but it’s not practical and organizations should not believe AVs are enough [Read More]
DHS memo claims China-based drone maker DJI is sending data on U.S. critical infrastructure and law enforcement to the Chinese government [Read More]
PayPal suspends operations of its subsidiary TIO Networks after the discovery of a data breach that affects 1.6 million customers [Read More]
From raising $30 million in 30 seconds to being endorsed by Paris Hilton or vanishing into thin air: anything is possible in the risky new world of cryptocurrency fundraising, but regulators are lurking. [Read More]
The chairpersons of the House Science, Space, and Technology Committee and the House Oversight and Government Reform Committee on Monday sent a new letter (PDF) to Paulino Barros, the interim CEO of Equifax. [Read More]
WoSign subsidiary StartCom will shut down after major browser vendors banned its certificates [Read More]
Kaspersky shares more details from its investigation into reports that Russian hackers stole NSA data using its software [Read More]
Two major financial services and regulated industry compliance firms, Smarsh and Actiance, have combined to better serve industry's increasingly complex requirements around communications, archiving and discovery regulations. [Read More]
Following an increase in Android malware and adware abusing accessibility services, Google decides to crack down on apps that misuse the feature [Read More]
The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Steven Grossman's picture
Why do we seem to need layer upon layer of regulation and guidance to try to ensure a more secure business world? Is it working?
Travis Greene's picture
Reducing the amount of personal data subject to GDPR is a critical step towards minimizing the amount of risk that GDPR will expose.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.