Security Experts:

Privacy & Compliance
long dotted


The Mac version of the Shazam music discovery app keeps the device’s microphone on even when it’s turned off [Read More]
Attorneys general in 15 U.S. states reached a $1 million settlement with Adobe over the 2013 data breach [Read More]
Two new reports demonstrate the range and extent of new controls needed to ensure General Data Protection Regulation (GRPR) compliance. [Read More]
As expected, Google announced that certificates from WoSign and StartCom will no longer be trusted by Chrome [Read More]
PCI DSS version 3.1 will be retired on Oct. 31, 2016. Any company that fully and successfully implements PCI DSS 3.2 is likely to be fully GDPR compliant. [Read More]
European data protection regulators have written to both WhatsApp and Yahoo. [Read More]
Mozilla has decided to distrust new certificates from WoSign and StartCom. The browser vendor says the CAs have been deceptive [Read More]
Italian security researchers have discovered a vulnerability that can be easily exploited to break into messaging applications such as Telegram, WhatsApp, and Signal. [Read More]
Muddy Waters and MedSec have responded to St. Jude’s lawsuit. Their claims have been backed by an outside security consulting firm [Read More]
Yahoo has asked US spy agencies to offer public "transparency" about data they make internet companies provide on users and to declassify any secret order served on the company. [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
David Holmes's picture
The portion of encrypted traffic keeps rising, so IT security administrators will be forced to do more SSL decryption if they are to get any value at all out of their fancy security tools.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.