Problem solve

Information Security Laws Investigations and Ethics

• How to create a ransomware incident response plan

  The increase in recent attacks makes clear the need for a ransomware incident response plan. Here's how to limit the effect of such attacks, as well as what to do if infected. Continue Reading

• What are the roles and responsibilities of a liaison officer?

  While liaison officer responsibilities vary depending on the company they work for, their strong organizational and communications skills make them critical to incident response. Continue Reading

• CISO tackles banking cybersecurity and changing roles

  Over the course of his career in security, Thomas Hill has held varied positions that inform his views on both technological specifics and strategic roles in modern corporations. Continue Reading

• Women in cybersecurity: How to make conferences more diverse

  The lack of women speaking at security conferences might be representative of the low number of women in cybersecurity, but efforts are finally being made to close the gender gap. Continue Reading

• When does the clock start for GDPR data breach notification?

  As new GDPR data breach notification rules go into effect, companies must be ready to move faster than before. Mimecast's Marc French explains what will change and how to cope. Continue Reading

• What will GDPR data portability mean for enterprises?

  Enforcement of the EU's Global Data Protection Regulation is coming soon. Mimecast's Marc French discusses the big questions about GDPR data portability for enterprises.Continue Reading

• How hard will the GDPR right to be forgotten be to get right?

  Under GDPR, the right to be forgotten is granted to all EU data subjects. Mimecast's Marc French explains why enterprises will need to be careful about how they manage the process.Continue Reading

• Data breach litigation: What enterprises should know

  Data breach litigation can be highly detrimental to an organization that just suffered a major security incident. Find out what kinds of legal action enterprises could face in the event of a data breach.Continue Reading

• What effect does FITARA have on U.S. government cybersecurity?

  FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law.Continue Reading

• Is settling a data breach lawsuit the best option for enterprises?

  In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help.Continue Reading

• Are cybersecurity lawyers necessary for organizations?

  Cybersecurity lawyers can help handle a variety of enterprise security issues, but are they necessary? Expert Mike O. Villegas discusses the potential benefits.Continue Reading

• How encryption legislation could affect enterprises

  The legal battle between the FBI and Apple brought encryption legislation into the public eye, for better or worse. Expert Mike Chapple discusses the effect of this on enterprises.Continue Reading

• Why did Anthem resist government vulnerability assessments?

  Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business.Continue Reading

• How can companies avoid failing the annual FISMA audit?

  The annual FISMA audit is designed to ensure companies need to have consistent security standards. Here's how to prepare for the audits.Continue Reading

• How to protect corporate data from government surveillance

  News of government surveillance programs is appearing almost daily. Enterprises need to do what they can to protect corporate data from potential eavesdropping -- but how? Expert Kevin Beaver offers some best practices.Continue Reading

• Click fraud to ransomware: Study highlights dangers of malware lifecycle

  New roundup: Sometimes the least of threats -- such as click fraud -- can end up being the bigger issues -- like ransomware. Plus: U.S. Navy won't let go of XP; U.S./China cyber code of conduct; and more!Continue Reading

• Cybersecurity information sharing: Industries join forces

  Industry peers are increasingly focused on disseminating risk and incident information to allow for a collective defense. Is there room for Uncle Sam?Continue Reading

• For U.S. companies, EU cookie compliance calls for website changes

  With recent changes to European data privacy laws, U.S. enterprises must make website changes to meet EU cookie compliance deadlines.Continue Reading

• SEC disclosure rules: Public company reporting requirements explained

  Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules.Continue Reading

• Explaining how trusted SSL certificates and forged SSL certificates work

  Web security relies on valid, trusted SSL certificates, but as Michael Cobb explains, forged SSL certificates undermine the model for trusted Web connections.Continue Reading

• Remote webcam security surveillance: Invasion of privacy?

  Using remote webcam security surveillance to check the whereabouts of stolen laptops might seem like a good idea, but is it an invasion of privacy? In this expert response, Ernie Hayden discusses the best ways to maintain privacy and keep laptops ...Continue Reading

• What are the ethical issues when consulting for two competing companies?

  Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for...Continue Reading

• How to create a policy to avoid disgruntled employee data leaks

  When crafting a data security policy, take into account that disgruntled employees may leak data. Learn how to prevent employee data leakage, and how to handle data loss if it occurs.Continue Reading

• What vendors would you recommend for software write-blockers?

  In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for.Continue Reading

• Learn from NIST: Best practices in security program management

  Security success means sweating the small stuff, like ensuring proficiency in implementing patches and configuring systems. Security management expert Mike Rothman offers advice on how certain NIST guidelines can help an organization highlight ...Continue Reading

• Employee profiling: A proactive defense against insider threats

  Employee profiling is one technique to combat malicious insiders, but organizations should tread carefully. As identity and access management expert Joel Dubin writes, protecting data and systems against insiders with criminal intentions requires a ...Continue Reading

• Limiting the risk and liability of federated identities

  You'll learn the legal issues involved in federated identity and how to best manage them.Continue Reading

• How to avoid federal Wiretap Act issues with a honeypot network security system

  Hackers have rights, too. How can you deploy honeypots without running afoul of the law?Continue Reading

• Four computer forensics books worth investigating

  Check out four computer forensics books that can help you learn the ins and outs of computer forensics technology and laws in place to manage cybercrime.Continue Reading

• The PATRIOT Act and Carnivore: Reasons for concern?

  Stephen Mencik introduces the controversial PATRIOT Act and FBI surveillance tool, Carnivore.Continue Reading