Security Experts:

Privacy & Compliance
long dotted

NEWS & INDUSTRY UPDATES

Oracle gives Java developers more time to ensure that their JAR files are not signed with MD5 [Read More]
The DHS has improved its information security program, but an OIG evaluation still uncovered problems at the agency and its components [Read More]
DHS publishes the National Cyber Incident Response Plan (NCIRP), which describes the role of federal agencies when dealing with cyber incidents [Read More]
Secure email provider ProtonMail launches Tor hidden service to help users fight censorship and surveillance [Read More]
Cure53 audited the Dovecot email server via the Mozilla SOS program and found only three minor security issues [Read More]
A report emerged on Friday that the popular mobile messaging app WhatsApp packs a backdoor allowing its operator (Facebook) to tap into users’ end-to-end encrypted conversations, but experts have refuted the claim as an exaggeration and F.U.D. [Read More]
Microsoft has launched a web-based dashboard for users interested in reviewing the data collected by the company, and also announced changes to Windows 10’s privacy features. [Read More]
GoDaddy has revoked nearly 9,000 certificates after discovering a bug that caused the domain validation process to fail [Read More]
D-Link has hired government accountability organization Cause of Action Institute to defend it against “baseless” FTC charges [Read More]
St. Jude Medical has patched some of the vulnerabilities found by MedSec, but the vendor insists the risk of cyberattacks is extremely low [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
David Holmes's picture
The portion of encrypted traffic keeps rising, so IT security administrators will be forced to do more SSL decryption if they are to get any value at all out of their fancy security tools.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.
Adam Firestone's picture
The misconception that Internet privacy equals anonymity must be dispelled if cyberspace is to be a secure and safe place. At the same time, mechanisms must be incorporated to ensure that communications remain confidential and resistant to unauthorized alteration by third parties.