Security Experts:

Privacy & Compliance
long dotted


Microsoft faces off with the US government before the Supreme Court Tuesday over a warrant for data stored abroad that has important ramifications for law enforcement in the age of global computing. [Read More]
America has entered the final stage of the net neutrality debate. Ajit Pai's new approach is in the driving seat -- but the next 60 days will decide whether he succeeds or not. [Read More]
Signal announces the launch of the Signal Foundation with a $50 million investment from Brian Acton, the co-founder of WhatsApp [Read More]
U.S. SEC releases updated guidance on data breach disclosures and advises companies to adopt policies that ban executives from trading during security incident investigations [Read More]
Kaspersky files new lawsuit over the U.S. government’s software ban, this time challenging the National Defense Authorization Act (NDAA) [Read More]
Schneider Electric patches vulnerabilities in IGSS automation system, including in SCADA software and mobile applications [Read More]
Bitmessage developers rush to patch remote code execution vulnerability in PyBitmessage in response to a zero-day attack [Read More]
A zero-day vulnerability impacting Telegram Messenger’s Windows client had been exploited in malicious attacks for months before being discovered and addressed. [Read More]
Seagate and RackTop join forces to launch a secure data storage product designed to help government organizations address cybersecurity and compliance challenges [Read More]
Mozilla announces intention to restrict the AppCache mechanism to secure connections in Firefox and other major web browser vendors plan on doing the same [Read More]

FEATURES, INSIGHTS // Privacy & Compliance

rss icon

Erin O’Malley's picture
Today, we expect ultimate convenience. But at what cost? More and more, I’m left wondering whether modern conveniences—grâce à today’s advanced technologies—are truly worth the risk.
Steven Grossman's picture
The PCI DSS 3.2 should greatly help companies reduce third party vendor risk, and is starting to shift from just a check-the-compliance-box activity to a more continuous compliance model.
Jim Ivers's picture
If a car’s systems can be hacked to disable critical systems, then attacks can also be used to extract information. Similar to IoT, if data is being collected, data can be exfiltrated.
David Holmes's picture
The portion of encrypted traffic keeps rising, so IT security administrators will be forced to do more SSL decryption if they are to get any value at all out of their fancy security tools.
Travis Greene's picture
To understand why return on Access Governance is lower versus other security technologies, we first need to understand why Access Governance is implemented in the first place.
David Holmes's picture
In the initial hours after the Paris attacks by Islamic terrorists, when the PlayStation 4 rumor was first circulating, I decided to see exactly what kind of encryption the PS4 uses for its messaging system.
Torsten George's picture
To achieve continuous compliance and monitoring, organizations are forced to automate many otherwise manual, labor-intensive tasks.
Torsten George's picture
The NIST Cybersecurity Framework is an important building block, but still just the first step towards implementing operationalized defenses against cyber security risks.
James McFarlin's picture
U.S tech giants are playing a game of high-stakes global brinksmanship around who has rights to control their data, which impacts their European growth prospects, business models, and ultimately stock valuations.
Marcus Ranum's picture
To communicate about our metrics, we need ways that we can ground our experience in terms of “normal” for us; Otherwise, we really can't communicate our metrics effectively with anyone who isn't in a similar environment.