Manage

Data privacy issues and compliance

• How privacy compliance rules will affect IT security

  As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading

• Updating the data discovery process in the age of CCPA

  Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading

• Use this CCPA compliance checklist to get up to speed

  California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist. Continue Reading

• How to implement a holistic approach to user data privacy

  IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy. Continue Reading

• Improve data security in the modern enterprise

  From growing attack surfaces to new regulations, these data security considerations must be on every company's radar. Continue Reading

• Use a data privacy framework to keep your information secure

  Find out how a data privacy framework gives companies the tools they need to ensure their information is protected -- from both internal and external threats.Continue Reading

• Best practices to help CISOs prepare for CCPA

  With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations.Continue Reading

• 3 security and ethics considerations for modern-day CISOs

  Many conversations today revolve around security and ethics. A strong CISO voice is crucial to keeping enterprises safe while embracing this critical cultural awakening.Continue Reading

• Report shows CISOs, IT unprepared for privacy regulations

  Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind.Continue Reading

• 3 ways to shore up third-party risk management programs

  A new Nemertes research study shows enterprises need to adopt third-party risk management programs that jettison manual checklists in favor of automated tools, hands-on risk assessments and dedicated risk teams.Continue Reading

• IoT Cybersecurity Improvement Act calls for deployment standards

  The IoT Cybersecurity Improvement Act would require development of security standards and guidelines for federal IoT devices, but CISOs in the private sector could also benefit.Continue Reading

• Mastercard CTO on cybersecurity and AI integration

  Mastercard CTO Kush Saxena describes his approach to cybersecurity and AI as two-fold. Learn how AI and machine learning impacts the cybersecurity practice in the enterprise.Continue Reading

• Putting cybersecurity for healthcare on solid footing

  CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center.Continue Reading

• As compliance evolves, it's time to re-address data classification

  Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data.Continue Reading

• What is missing from the NIST/DHS botnet security report?

  The joint DHS and NIST report on botnet security offers goals and action items to counter distributed cyberthreats. Learn the report recommendations with expert Nick Lewis.Continue Reading

• Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

  New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general.Continue Reading

• How can cryptojacking attacks in Chrome be stopped?

  Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb.Continue Reading

• What are the implications of DNS over HTTPS for privacy?

  With enterprises testing DNS over HTTPS to encrypt domain name traffic, some fear the potential privacy issues. Discover the challenges and benefits of the new protocol.Continue Reading

• How did Strava's Global Heatmap disclose sensitive U.S. info?

  Fitness tracking app Strava released its Global Heatmap that unknowingly disclosed routes of U.S. soldiers. Discover how this happened and how geolocation data can be blocked.Continue Reading

• What GDPR requirements mean for U.S. companies

  The EU's General Data Protection Regulation legislation goes into effect in May 2018. Don't assume your European business is too insignificant to need to comply.Continue Reading

• The difference between security assessments and security audits

  Security audits vs. security assessments solve different needs. Organizations may use security audits to check their security stature while security assessments might be the better tool to use. Expert Ernie Hayden explains the differences.Continue Reading

• How should companies prepare for EU GDPR compliance?

  Companies that don't meet GDPR compliance standards by May 2018 will be fined. Expert Matthew Pascucci looks at how Microsoft is preparing, and what other companies should do to comply with GDPR.Continue Reading

• Q&A: GDPR compliance with Microsoft CPO Brendon Lynch

  Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue.Continue Reading

• CJIS Security Policy: How can companies ensure FIPS compliance?

  Companies and government agencies handling criminal justice information need to comply with CJIS Security Policy. Expert Michael Cobb explains the cryptographic modules to use.Continue Reading

• Jeeves programming language: Can it improve security?

  A new research programming language looks to make it easier to enforce security and privacy policies in applications. Expert Michael Cobb explains how it works.Continue Reading

• Cybersecurity Information Sharing Act's impact on security

  The Cybersecurity Information Sharing Act has many in the security industry nervous, but expert Mike Chapple discusses the bill's minimal impact on enterprise security.Continue Reading

• What happens if you ignore information security compliance?

  If an enterprise decides to ignore its information security compliance obligations, what happens? Expert Mike Chapple explains what willful noncompliance means.Continue Reading

• Life after the Safe Harbor agreement: How to stay compliant

  Now that the Safe Harbor agreement is invalid, U.S. and EU organizations need to find new ways to securely handle data so they can stay in business.Continue Reading

• How should enterprises manage social media compliance incidents?

  Social media compliance incidents in financial institutions are on the rise. Here are the most common violations and how to avoid them in the future.Continue Reading

• Should privacy professionals be legal minds or techies?

  Hiring privacy professionals for your enterprise can be a daunting task. Expert Mike O. Villegas explains the role and what qualities to look for in candidates.Continue Reading

• Q&A: Marcus Ranum chats with Privacy Professor CEO Rebecca Herold

  Organizations will be judged by the company they keep, warns Herold. Don’t let third parties skate, when your data security is at risk.Continue Reading

• Three steps to avoiding massive HIPAA violation fines

  HIPAA violation fines are larger than ever, costing companies millions. Expert Mike Chapple provides three key ways for organizations to remain HIPAA compliant.Continue Reading

• Main Street forces new avenues to security and data privacy laws

  Can the technology industry solve cybersecurity and data protection issues without federal legislation?Continue Reading

• Another call for federal data privacy laws

  The patchwork of state laws has not slowed epic data breaches. Will we see federal data breach notification laws in 2015?Continue Reading

• How to build an effective corporate privacy compliance program

  Expert Mike Chapple reviews major data privacy laws and explains how to build a data privacy compliance program to meet regulatory requirements.Continue Reading

• Does ISO 27001 certification make an enterprise Safe Harbor compliant?

  Expert Mike Chapple details the ISO 27001 certification and why achieving it may not make an organization Safe Harbor compliant.Continue Reading

• How to adapt to latest EU data breach notification requirement changes

  For companies worried about the latest EU data breach notification requirements, expert Mike Chapple says to look to the PCI DSS framework.Continue Reading

• SB-46 analysis: How California data breach notification law changed

  The scope of California data breach notification law expanded thanks to SB-46. Expert Mike Chapple details some of the most pressing changes.Continue Reading

• Ten years later: The legacy of SB 1386 compliance on data privacy laws

  A decade after becoming law, the ripple effects of California's SB 1386 have surfaced in a new breed of proactive, granular state data privacy laws.Continue Reading

• Weighing compliance mandates vs. security vulnerability management

  Should security vulnerabilities be prioritized based on compliance needs? Mike Chapple discusses this approach to vulnerability management.Continue Reading

• Lacking privacy laws aid growing CISO role in data privacy management

  More CISOs may be taking on data privacy management. Fortunately, old, outdated privacy laws may lend them a helping hand.Continue Reading

• Viewpoint: Correlate SIMs and log management

  Continue Reading

• Automated configuration management tools clean out redundant rules

  Continue Reading

• Layer8: Applying numbers to risk management

  Continue Reading

• Data Lifecycle Management Model Shows Risks and Integrated Data Flow

  Continue Reading

• The ongoing debate over a federal breach notification law

  Lawmakers continue to wrangle over creation of a national data breach notification standard.Continue Reading

• Navigating international data privacy laws

  Companies should revisit streamlined global data operations with an eye toward revamping compliance.Continue Reading

• How secure managed file transfers help meet compliance requirements

  By using a properly configured Managed File Transfer system as your sole means of transmitting data—potentially both within your organization and externally—you can become compliant with requirements much more easily.Continue Reading

• Understanding the Data Accountability and Trust Act

  The Data Accountability and Trust Act, if passed into law, would create a national standard for privacy and data protection.Continue Reading

• Database security best practices: Tuning database audit tools

  Database auditing requires more than just the right tools: Those tools also have to be properly configured to offer the information that's needed and database performance that's required. Learn more about tuning database audit tools in this tip.Continue Reading

• Cybersecurity bill lacks details

  The Rockefeller-Snowe cybersecurity bill has potential but raises a lot of questions.Continue Reading

• Is HITECH Act a game changer?

  The HITECH Act increases penalties for a lack of HIPAA security compliance but will it really improve health care security?Continue Reading

• New data protection laws

  Massachusetts 201 CMR 17.00 and Nevada's data protection law establish new standards for personal data protectionContinue Reading

• Quiz: Compliance-driven role management

  Use this five-question quiz to test your knowledge of role and entitlement management.Continue Reading

• Jon Moore: Build a Security Control Framework for Predictable Compliance

  Health care provider Humana Inc., has developed a security controls framework that addresses all of the industry and federal regulations it must comply with.Continue Reading

• How to write a risk methodology that blends business, security needs

  One security professional describes a homegrown risk methodology currently being used by a large university and a private corporation.Continue Reading

• Bruce Schneier and Marcus Ranum Face-Off: Should We Have an Expectation of Online Privacy?

  Security experts Bruce Schneier and Marcus Ranum debate whether users should have an expectation of online privacy.Continue Reading

• HIPAA changes force healthcare to improve data flow

  Do you know where your data is? The latest HIPAA changes should motivate healthcare security teams to understand information flows.Continue Reading

• Proactive state privacy laws change security focus to prevention

  New data breach notification acts in Nevada and Massachusetts are changing the way that organizations handle data.Continue Reading

• Heartland breach highlights PCI limitations

  The benefits of complete PCI and the necessity of full compliance are now being widely questioned, says Eric Ogren, principal analyst, The Ogren Group.Continue Reading

• Encrypt now to meet new Mass. data protection law

  A Massachusetts law taking effect in May requires encryption and could have organizations implementing the mandates across the board nationwide as the path of least resistance.Continue Reading

• Product Review: Workshare Protect Premium 6.0

  Workshare Protect Premium 6.0 seeks to eliminate the malicious or accidental leakage of sensitive corporate data.Continue Reading

• Data Lifecycle Management Model Shows Risks and Integrated Data Flow

  Information flows through business processes in an orderly fashion; security must flow right along with it.Continue Reading

• Avoiding Audit Trouble: Getting PCI Compliant

  Get compliant with Payment Card Industry Data Security Standard Compliance (PCI DSS) with solutions and tips from auditors and audit survivors.Continue Reading

• Architect Security and Compliance Programs to Be Complementary

  Perspectives: Shake On ItContinue Reading

• Hannaford breach illustrates dangerous compliance mentality

  As Executive Editor Dennis Fisher explains, the Hannaford supermarket breach illustrates how too much emphasis on compliance puts critical data at risk.Continue Reading

• Data loss prevention (DLP) tools: The new way to prevent identity theft?

  Despite advances in perimeter technologies, data theft has become common in today's enterprises. To protect their confidential information, some security professionals are turning to an emerging technology category: data loss prevention. But don't ...Continue Reading

• How would you define the responsibilities of a data custodian in a bank?

  Data security is incredibly important for financial institutions, and it's the data custodian's job to make sure that data is safe. Security management expert Mike Rothman explains more.Continue Reading

• Automated configuration management tools clean out redundant rules

  Change management becomes a tough challenge when implementing numerous firewalls.Continue Reading

• Viewpoint: Correlate SIMs and log management

  Continue Reading

• PCI DSS: The standards should not be lowered

  Bob Russo, general manager of the PCI Security Standards Council explains that education is crucial to getting more merchants to comply with the standard.Continue Reading

• Can keyloggers monitor mouse clicks and keyboard entries?

  Keyloggers may be a security manager's best friend, especially if he or she wants to monitor an employee's keyboard entries. Keyloggers can't do it all, though, says application expert Michael Cobb.Continue Reading

• Prioritizing compliance and information security

  Have compliance demands refocused and weakened information security efforts?Continue Reading

• Product review: e-DMZ Security's eGuardPost

  This product review examines e-DMZ eGuardPost's capabilities that allow security managers to apply granular access controls to remote connections. The appliance also comes bundled with Security's Password Auto Repository (PAR), e-DMZ's flagship ...Continue Reading

• CISO priorities focused on compliance over security

  Regulatory demands have forced CISOs to prioritize compliance over data and intellectual property protection.Continue Reading

• Federal government pushes full disk encryption

  Businesses need to follow the federal government's lead in reducing data breaches by holding employees responsible and examining full disk encryption (FDE) products.Continue Reading

• Risk Management: Skybox Security's Skybox View 3.0

  Read a security product review of Skybox Security's Skybox View 3.0.Continue Reading

• Compliance Q&A: Myths, mistakes and management advice

  Keeping organizations continuously compliant with multiple complex and ever-changing regulatory requirements remains a challenge for many infosec pros. But if they don't shape up now, it's only going to get worse. In this interview, Rebecca Herold, ...Continue Reading

• Become compliant – without breaking the bank, part 2

  Re-use your existing tools to meet regulatory demands.Continue Reading

• Captive to SOX compliance? A compliance guide for managers

  In this month's issue of Information Security magazine, SureWest's Tim Dotson meets SOX compliance with tightened password controls. We review NFR Security's Sentivist 5.0, Centennial Software's DeviceWall 3.1, and more. In the editor's letter, read...Continue Reading

• What to tell senior management about regulatory compliance

  The IT Governance Institute offers actionable advice for implementing security governance as it relates to regulatory compliance.Continue Reading

• Familiarity with information security management

  Continue Reading

• Meeting the PCI Data Security Standard requirements mitigates threats

  Learn how how using five security best practices gets you closer to compliance with the PCI Data Security Standard and helps mitigate common threats to e-business.Continue Reading

• Checklist for meeting the PCI Data Security Standard

  Contributor Diana Kelley summarizes the best ways to meet the PCI Data Security Standard.Continue Reading

• Service-level agreement management: Defining security policy roles

  Does your security plan include expectations or incentives for SLAs? Lawrence Walsh explains why setting standards for your enterprise is essential.Continue Reading

• Personal data security: Why we're dropping the ball

  Privacy failures are infosec failures. The law shouldn't need to require companies to enforce personal data security -- infosecurity should already be doing it.Continue Reading

• Vendor liability: Should we be suing for security?

  The latest lawsuit against Microsoft revives the legal debate of how much of security is the responsibility of the consumer, and how much is vendor liability.Continue Reading

• How to avoid federal Wiretap Act issues with a honeypot network security system

  Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading

• Achieving compliance with the California SB 1386 privacy law

  California's new SB 1386 privacy law is full of ambiguity, but if you do business there, you'd better get your guard up.Continue Reading

• 4- Virus Management

  Top issuesContinue Reading

• The rise of the CSO: Security invades upper-level management

  Security professionals are finding themselves in the boardroom as upper-level management.Continue Reading

• CRM privacy management: How you can help

  In this edition of Scheier's Security Roundup, Robert Scheier explains the security admin's role in customer privacy.Continue Reading

• How ISO 17799 certification helped St. Jude Medical formalize security

  ISO 17799 certification provided a written security policy roadmap to St. Jude Medical, helping the company formalize IT security to fit its specific needs.Continue Reading