Problem solve

Information Security Laws Investigations and Ethics

• What are the roles and responsibilities of a liaison officer?

  While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading

• Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading

• When does the clock start for GDPR data breach notification?

  As new GDPR data breach notification rules go into effect, companies must be ready to move faster than before. Mimecast's Marc French explains what will change and how to cope. Continue Reading

• What will GDPR data portability mean for enterprises?

  Enforcement of the EU's Global Data Protection Regulation is coming soon. Mimecast's Marc French discusses the big questions about GDPR data portability for enterprises. Continue Reading

• How hard will the GDPR right to be forgotten be to get right?

  Under GDPR, the right to be forgotten is granted to all EU data subjects. Mimecast's Marc French explains why enterprises will need to be careful about how they manage the process.Continue Reading

• Data breach litigation: What enterprises should know

  Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach.Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.Continue Reading

• Is settling a data breach lawsuit the best option for enterprises?

  In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.Continue Reading

• Are cybersecurity lawyers necessary for organizations?

  Cybersecurity lawyers can help handle a variety of enterprise security issues, but are they necessary? Expert Mike O. Villegas discusses the potential benefits.Continue Reading

• How encryption legislation could affect enterprises

  The legal battle between the FBI and Apple brought encryption legislation into the public eye, for better or worse. Expert Mike Chapple discusses the effect of this on enterprises.Continue Reading

• Why did Anthem resist government vulnerability assessments?

  Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading

• How can companies avoid failing the annual FISMA audit?

  The annual FISMA audit is designed to ensure companies need to have consistent security standards. Here's how to prepare for the audits.Continue Reading

• How to protect corporate data from government surveillance

  News of government surveillance programs is appearing almost daily. Enterprises need to do what they can to protect corporate data from potential eavesdropping -- but how? Expert Kevin Beaver offers some best practices.Continue Reading

• Click fraud to ransomware: Study highlights dangers of malware lifecycle

  New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!Continue Reading

• Cybersecurity information sharing: Industries join forces

  Industry peers are increasingly focused on disseminating risk and incident information to allow for a collective defense. Is there room for Uncle Sam?Continue Reading

• How enterprises can avoid violating the Stored Communications Act

  The Stored Communications Act can come back to bite companies that fail to wipe personal data from corporate devices. Expert Mike Chapple discusses.Continue Reading

• Stored Communications Act ruling muddles business online data privacy

  A state supreme court decision addressing webmail hacking under the Stored Communications Act affects email privacy and the ability to sue hackers.Continue Reading

• Purchasing a next-gen firewall: Buying from vendors in legal battles

  Mike Chapple discusses whether enterprises should purchase next-gen firewall products from allegedly patent-infringing vendors.Continue Reading

• For U.S. companies, EU cookie compliance calls for website changes

  With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines.Continue Reading

• SEC disclosure rules: Public company reporting requirements explained

  Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules.Continue Reading

• Explaining how trusted SSL certificates and forged SSL certificates work

  Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections.Continue Reading

• Exchange Server administration policy: Managing privileged user access

  Randall Gamby explains the important particulars involved with setting up and securely supervising an enterprise Exchange Server administration policy.Continue Reading

• DATA Act protection: Effects of a federal breach notification law

  The federal Data Accountability and Trust (DATA) Act is still awaiting congressional approval, but what sort of effect would such a law have on overall compliance requirements? Expert Richard Mackey weighs in.Continue Reading

• Should national information security standards be enforceable?

  In this expert response, Ernie Hayden discusses the feasibility of creating nation information security standards that applied to all U.S. organizations deemed to have sensitive data.Continue Reading

• Remote webcam security surveillance: Invasion of privacy?

  Using remote webcam security surveillance to check the whereabouts of stolen laptops might seem like a good idea, but is it an invasion of privacy? In this expert response, Ernie Hayden discusses the best ways to maintain privacy and keep laptops ...Continue Reading

• How to avoid Internet liability lawsuits

  Continue Reading

• How to prevent and build protection against online identity theft

  In this expert response, John Strand explains what to do when your personal identity is impersonated online.Continue Reading

• What are the ethical issues when consulting for two competing companies?

  Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for...Continue Reading

• Do European laws prevent a U.S. company from blocking spam?

  Michael Cobb explores how the Internet -- and the ability to send messages quickly and easily to other countries --has complicated matters of jurisdiction.Continue Reading

• How to create a policy to avoid disgruntled employee data leaks

  When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs.Continue Reading

• Ethical hacking techniques for standard penetration testing

  Learn how to form a policy for standard penetration tests including getting written permission. Learn ethical hacking techniques.Continue Reading

• What vendors would you recommend for software write-blockers?

  In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for.Continue Reading

• Who has rights to patient information under HIPAA?

  Under HIPAA's guidelines, it can be hard to tell who should have access to what information. So who makes the call? Security management expert Mike Rothman explains.Continue Reading

• Learn from NIST: Best practices in security program management

  Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight ...Continue Reading

• My computer's serial number was reported stolen. Will I face legal repercussions?

  Finding out that a laptop purchased from a computer retailer has a stolen serial number is not an every day occurence, but what is the likelihood of facing criminal charges in such a case?Continue Reading

• Which email encryption products can be released internationally?

  In this SearchSecurity.com Q&A, application security expert Michael Cobb explains the email encryption products that can be used outside of the United States.Continue Reading

• Do P2P networks share the same risks as traditional ones?

  Although P2P networks have their benefits, organizations still need to be careful with the peer-to-peer technology. In this SearchSecurity.com Q&A, network pro Mike Chapple explains how to protect a P2P network's many nodes.Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...Continue Reading

• Is the Sarbanes-Oxley Act being enforced?

  What actions are being taken to enforce the Sarbanes-Oxley Act? In this SearchSecurity.com Q&A, Mike Rothman discusses the regulations and precautions needed to ensure company compliance.Continue Reading

• Is the CAN-SPAM Act a help or a hindrance?

  Three years have passed since CAN-SPAM was enacted, but has this legislation truly contained unsolicited commercial email? In this tip, contributor Joel Dubin examines if the law has effectively cracked down on spamming activities and examines how ...Continue Reading

• Limiting the risk and liability of federated identities

  You'll learn the legal issues involved in federated identity and how to best manage them.Continue Reading

• Protecting online copyright

  In this week's tip, Mike Chapple highlights intellectual property responsibilities, and provides principles and recommendations for protecting Web copyright.Continue Reading

• Know Your Enemy -- Learning about Security Threats: Chapter 8, Legal Issues

  Find out more about the legal issues swirling around the use of Honeypots.Continue Reading

• Fighting the hacker myth

  Ira Winkler continues the debate on hiring hackers.Continue Reading

• Of hackers and Hannibal Lechter

  Ira Winkler, CISSP, responds to op-eds on the topic of hiring hackers.Continue Reading

• The FDA's regulation for the use of electronic records and signatures

  If your organization is required to keep records or make reports to the FDA, you need to understand how 21CFR11 affects your use of electronic signatures.Continue Reading

• How to avoid federal Wiretap Act issues with a honeypot network security system

  Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading

• References to Carnivore in PATRIOT Act

  Continue Reading

• Four computer forensics books worth investigating

  Check out four computer forensics books that can help you learn the ins and outs of computer forensics technology and laws in place to manage cybercrime.Continue Reading

• The PATRIOT Act and Carnivore: Reasons for concern?

  Stephen Mencik introduces the controversial PATRIOT Act and FBI surveillance tool, Carnivore.Continue Reading