Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

BigID, a company that specializes in helping enterprises secure customer data and complying with regulations like GDPR, raises $30 million in a series B funding round [Read More]
There is concern that GDPR and other cybersecurity laws have a common unintended consequence: in protecting people from cybercriminals, the laws also protect cybercriminals from security researchers. [Read More]
Facebook claims it removes 99% of content posted by terrorist organizations without the need for users to report it. 1.9 million pieces of this type of content removed in Q1 2018 [Read More]
Kaspersky suspends its collaboration with Europol and the NoMoreRansom initiative after the EU voted a resolution that describes the company’s software as “malicious” [Read More]
UK retailer Dixons Carphone investigating hacker attack impacting millions of customers, including their payment card data [Read More]
Australia will help fund and build an underseas communications cable to the Solomon Islands after the Pacific nation was convinced to drop a contract with Chinese company Huawei over security concerns [Read More]
Vietnamese lawmakers on Tuesday approved a sweeping cyber security law which could compel Facebook and Google to take down critical posts within 24 hours, as space for debate is crushed inside the Communist country. [Read More]
IBM adds two new features to its MaaS360 with Watson unified endpoint management (UEM) product: Business Dashboards for Apps and Policy Recommendation Engine [Read More]
The State Department, the Department of Homeland Security, the Department of Commerce, and the Office of Management and Budget issue reports in response to the 2017 cybersecurity executive order [Read More]
US Commerce Secretary Wilbur Ross warned that the new EU privacy rules (GDPR) in effect since last week could lead to serious problems for business, medical research and law enforcement on both sides of the Atlantic. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.
Mark Hatton's picture
Complacency is never a good thing, but in security it can have devastating effects. While it’s good to acknowledge progress, that should never stand in the way of staying ahead of the next potential threat.
Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.