Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

Synaptics to remove debug tool from its touchpad drivers after it was described by a security researcher as a keylogger [Read More]
Cisco announces availability of Security Connector, an iOS app that gives organizations visibility and control for mobile devices [Read More]
Severe vulnerability found by researchers in Fortinet’s FortiClient endpoint protection product can be exploited to obtain VPN authentication credentials [Read More]
Products from F5, Cisco, Citrix and others vulnerable to new version of old crypto attack. Facebook, PayPal and other top websites impacted [Read More]
US President Donald Trump signs National Defense Authorization Act for FY2018, which bans the use of Kaspersky products by government agencies [Read More]
Study conducted by Accenture and AMA shows that a majority of physicians in the US have experienced a cybersecurity incident, including phishing, malware and inappropriate access by insiders [Read More]
After getting complaints from developers, Google is evaluating whether it should continue allowing innovative use of accessibility services by Android apps [Read More]
Microsoft used the same certificate for all instances of its Dynamics 365 ERP product and it took more than 100 days to take action, but the company claims the issue posed little risk [Read More]
Synaptics touchpad driver present on hundreds of HP laptops includes keylogging functionality. Patches available for a majority of affected devices [Read More]
New functionality added by Onapsis to its security platform allows SAP customers to check if they are GDPR-compliant [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
David Holmes's picture
The portion of encrypted traffic keeps rising, so IT security administrators will be forced to do more SSL decryption if they are to get any value at all out of their fancy security tools.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.