Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

WoSign subsidiary StartCom will shut down after major browser vendors banned its certificates [Read More]
Kaspersky shares more details from its investigation into reports that Russian hackers stole NSA data using its software [Read More]
Two major financial services and regulated industry compliance firms, Smarsh and Actiance, have combined to better serve industry's increasingly complex requirements around communications, archiving and discovery regulations. [Read More]
Following an increase in Android malware and adware abusing accessibility services, Google decides to crack down on apps that misuse the feature [Read More]
The average enterprise now uses 1,232 cloud apps (up 33% from the second half of last year), while CIOs still believe their organizations use between just 30 and 40 cloud apps and services. [Read More]
Hilton agrees to pay $700,000 in a settlement with New York and Vermont over the credit card breaches suffered by the company in 2014 and 2015 [Read More]
Any U.S. company that operates a website that collects user information (a log-in form, or perhaps a subscription application) could unwittingly collect protected European PII. [Read More]
DigiCert addresses the concerns raised by Mozilla and others regarding its acquisition of Symantec’s certificate business [Read More]
UK's Financial Conduct Authority launches investigation into massive Equifax breach [Read More]
Asia-Pacific Network Information Centre (APNIC) informs users of Whois security incident that led to the exposure of passwords [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Chris Hinkley's picture
As e-commerce ramps up again in advance of the holiday season, businesses need to take mobile payments security seriously. Here are three ways to protect your customers’ information when accepting mobile payments.
Marc Solomon's picture
To combat the risks associated with web applications, one of the most significant evolutions in network security over the last few years has been the advent of application control.
Danelle Au's picture
You’ve handed over controls to a third-party, so how do you implement the right levels of security in a cloud environment, trust the provider to take care of the rest, and still meet compliance initiatives?
Chris Poulin's picture
Part 1: Why the Star Trek Medical Tricorder Didn’t have an App Store. The future of information security is looking brilliant: by the 23rd century there will be no computer hacks—at least according to Star Trek.
Jeff Hudson's picture
The latest iteration of PCI compliance regulations adds to the already increasing burdens of the typical IT security professional. For example, exposing cryptographic key management information to more than those that need to know creates a compliance violation.
Steve Ragan's picture
For most CISOs, the pain of an audit is part of the job, but it doesn’t have to be the nightmare that most of the IT community envisions.
Chris Hinkley's picture
Cloud infrastructures can be secure, and they must be for the need is growing quite fast. In this vein, organizations don’t have to be fearful of public clouds. They just need to better understand them.
Oliver Rochford's picture
To a security guru, GRC feels like a waste of time. It will provide artificial challenges that make a difficult task even harder, with very little gain or advantage in return other than a report containing lists of items with a marked checkbox.
Michael Goff's picture
In 2011 we were reminded that software piracy cannot be stopped. Despite the best efforts of software vendors, industry watchdog groups and government, software piracy continues to proliferate.
Mandeep Khera's picture
Merchants who are required to be PCI-DSS Compliant will have to get their validation under provisions of PCI-DSS 2.0 by December 31st, 2011. What are some of the key changes in PCI-DSS 2.0? Are you ready?