Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

Cycode, an Israeli startup focused on securing DevOps tools, has raised $20 million in Series A funding. [Read More]
In collaboration with the Sigstore project, Google ships an open-source tool called cosign to make signing and verifying container images easy. [Read More]
The U.S. Department of Defense has put all public-facing websites and applications in scope for an expanded vulnerability disclosure program. [Read More]
The embattled VPN vendor provides cover for CVE-2021-22893, a major security flaw being exploited by advanced threat actors. [Read More]
Employees of a vendor paid to conduct COVID-19 contact tracing in Pennsylvania may have compromised the private information of at least 72,000 people, including their exposure status and their sexual orientation. [Read More]
The Dutch government has temporarily disabled its coronavirus warning app amid data privacy concerns for people who have the app installed on phones using the Android operating system. [Read More]
Late-sage anti-fraud startup Sift is the 11th cybersecurity company to reach “unicorn” status in 2021, following a new $50 million round of venture capital funding. [Read More]
CISA warns of a new cyber-attack in which both a Pulse Secure VPN appliance and the SolarWinds Orion platform were abused for malicious purposes. [Read More]
Google violated Australian law by misleading users of Android mobile devices about the use of their location data, a court ruled Friday in a landmark decision against the global digital giant. [Read More]
Ireland's privacy regulator said it opened an investigation after reports that Facebook data on more than 500 million users was found dumped online. [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Jalal Bouhdada's picture
Jalal Bouhdada, Founder and Principal ICS Security Consultant at Applied Risk, discusses the implications of the new EU Directive on Security of Network and Information Systems (NIS)
Steven Grossman's picture
Why do we seem to need layer upon layer of regulation and guidance to try to ensure a more secure business world? Is it working?
Travis Greene's picture
Reducing the amount of personal data subject to GDPR is a critical step towards minimizing the amount of risk that GDPR will expose.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Mark Hatton's picture
The oversight for the protection of healthcare information is only getting tighter, and it is incumbent upon the security teams to ensure healthcare professionals have all the tools necessary to improve patient outcomes, while we worry about keeping the bad guys away.
Nimmy Reichenberg's picture
With the release of PCI-DSS 3.0, organizations have a framework for payment security as part of their business-as-usual activities by introducing more flexibility, and an increased focus on education, awareness and security as a shared responsibility.