Security Experts:

Privacy & Compliance
long dotted


The PCI Security Standards Council has released guidelines for the development of tokenization products.
Mozilla has decided that new CNNIC certificates will not be trusted until the Chinese CA cleans up its act.
TrueCrypt does not contain any backdoors or serious design flaws, experts have concluded after completing the Open Crypto Audit Project.
Snapchat released its first transparency report showing hundreds of requests from US and foreign law enforcement agencies.
PCI DSS 3.1 will remove SSL as an example of strong cryptography, meaning organizations will have to upgrade to TLS to comply.
Google says Chrome will no longer trust certificates from the China Internet Network Information Center (CNNIC) following the MCS Holdings incident.
The UN Human Rights Council appointed an investigator to look into violations of digital privacy rights, following revelations of large-scale cyber-snooping by Washington and others.
Big US technology firms joined a coalition of activists urging Congress to pass a law scaling back government surveillance ahead of key deadline.
Technology firms will ultimately prevail in their efforts to use strong encryption on devices that cannot be accessed by the government, Google executive chairman Eric Schmidt said.
U.S. government requests for data on Facebook users declined during the final six months of 2014, according to the social networking site's transparency report.

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Torsten George's picture
The NIST Cybersecurity Framework is a good first step towards creating a standardized approach to cyber security, but requires many substantial updates before really improving our nation’s cyber resilience.
Tal Be'ery's picture
The Google-backed "Certificate Transparency" initiative has gained much momentum and may have a real chance to amend the battered Public-Key Infrastructure (PKI).
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Coleman's picture
The events that occurred in 2013 will forever be reflected in the Internet DNA of the future, and how the cyber security market evolves to accommodate that future.