Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?

Brexit shakeup: How will the U.K.'s exit from the EU affect the technology sector?

London is the center of tech startups in Europe. So, how will the U.K.'s separation from the EU impact the tech sector?

HR vendor Empathia hit by potential breach

HR vendor Empathia hit by potential breach

Human resources vendor Empathia announced a potential data breach affecting its employee assistance program.

Survey: 85 percent of senior security pros say more than half of IoT products are not secure

Survey: 85 percent of senior security pros say more than half of IoT products are not secure

The proportion of executives who continue to distrust IoT as a secure technology is overwhelming, if a new survey from research-oriented security service firm IOActive is any indication.

Compliance at risk

Compliance at risk

A federal data breach notification law would provide much needed uniformity, says David R. Singh.

Sweet validation: Apple versus FBI

Sweet validation: Apple versus FBI

CISOs say the Apple-FBI case confirms the need for strong encryption and IT security programs. Steve Zurier reports.

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.

Emails raise more questions of Clinton infosec practices

Emails raise more questions of Clinton infosec practices

Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.

Tampa airport to conduct major IT security audit following apparent breach

Tampa airport to conduct major IT security audit following apparent breach

Tampa International Airport has expedited and expanded an audit of its network security, following the resignation of an IT consultant who was allegedly found to have shared system passwords with unauthorized parties.

Government requests to Apple for customer data drop

Government requests to Apple for customer data drop

Germany, the United States and Australia were not shy when it came to asking Apple for customer information filing thousands of requests in the second half of 2015.

Microsoft's data portal adds new cloud certifications

Microsoft's data portal adds new cloud certifications

Microsoft is rolling out new certifications provided through the company's data portal.

Report: 10% of large companies do not use any cybersecurity framework

Report: 10% of large companies do not use any cybersecurity framework

A new report found that 16% of organizations do not use any cybersecurity framework and even among companies with more than 10,000 employees, 10% do not currently use a security framework.

Privacy shield: Officials give "written assurances" over limiting bulk data collection

Privacy shield: Officials give "written assurances" over limiting bulk data collection

The Privacy Shield negotiations have produced an unprecedented agreement between the US and the EU that there will be safeguards against the bulk collection of the EU citizens' data but critics are unconvinced.

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

For the first time, Google has added an HTTPS report card to its Transparency Report, tracking its progress toward its stated goal of 100 percent SSL/TSL encryption of data in transit.

Researcher bashes cert programs for giving high marks to flawed AV programs

Researcher bashes cert programs for giving high marks to flawed AV programs

A new blog post by security researcher Tavis Ormandy chastises security software certification programs for giving antivirus products high grades despite the presence of multiple low-hanging vulnerabilities.

White House requires agencies to share custom code with open-source community

White House requires agencies to share custom code with open-source community

The White House has released a draft of its Source Code Policy, which establishes rules for sharing custom software between federal agencies, in hopes of improving government access to applications and reducing development costs.

Exclusive: Commerce Dept. official defends Privacy Shield

Exclusive: Commerce Dept. official defends Privacy Shield

A senior U.S. Department of Commerce official spoke with SCMagazine.com Friday morning to defend the virtues of the newly introduced U.S.-EU Privacy Shield pact.

FTC orders nine companies to provide details on PCI DSS audit process

FTC orders nine companies to provide details on PCI DSS audit process

The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).

DoD policy delegates cybersecurity compliance responsibilities to military leaders

DoD policy delegates cybersecurity compliance responsibilities to military leaders

The DoD has publicly disclosed its new Cybersecurity Discipline Implementation Plan, which assigns leaders across all military branches greater responsibility for fortifying operational systems against cyber intrusions.

Electronic Frontier Foundation opinion piece pokes holes in EU-U.S. Privacy Shield

Electronic Frontier Foundation opinion piece pokes holes in EU-U.S. Privacy Shield

Digital rights group the Electronic Frontier Forum (EFF) yesterday came out swinging against the Privacy Shield, the intended successor to the recently invalidated EU-U.S. Safe Harbor agreement.

Report: 41 percent of younger IT pros have hacked

Report: 41 percent of younger IT pros have hacked

A survey of IT professionals casts light on some of the trust and compliance challenges that plague the information security sector.

Ray Rothrock: "Assume attackers are in your system"

Ray Rothrock: "Assume attackers are in your system"

As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

64 percent of more than 1,100 IT security executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is "very" or "extremely" effective at preventing data breaches.

Report: Half of law firms do not have a data protection committee

Report: Half of law firms do not have a data protection committee

Two reports by a legal competitive intelligence group shed light on how perspectives are shifting among legal professionals.

Moody's: Cyber risks will impact credit ratings

Moody's: Cyber risks will impact credit ratings

Moody's will begin to place more weight on considerations related to cyber risks when issuing credit ratings, the agency announced in a report.

GitHub of dark web offers anonymity, political neutrality

GitHub of dark web offers anonymity, political neutrality

Dark web version of GitHub offers a place for developers to code controversial projects anonymously.

Critical infrastructure networks lacking in performance metrics

Critical infrastructure networks lacking in performance metrics

Network defense of the nation's critical infrastructure is sorely lacking, according to a report by the Government Accountability Office.

FCC dismisses petition for websites to honor 'Do Not Track' requests

FCC dismisses petition for websites to honor 'Do Not Track' requests

The Federal Communications Commission (FCC) dismissed a petition to require websites to honor "Do Not Track" requests.

Financial agency warns of increased ransomware attacks

Financial agency warns of increased ransomware attacks

Regulatory agencies in the U.S. are increasingly concerned by ransomware attacks against financial institutions. The Federal Financial Institutions Examination Council (FFIEC) published a statement warning financial institutions of an uptick in the "frequency and severity of cyber attacks involving extortion."

Cyber products don't belong on munitions list, State Dept. DTAG says

Cyber products don't belong on munitions list, State Dept. DTAG says

U.S. Department of State's Defense Trade Advisory Group (DTAG) met to discuss the classification of "cyber products" reportedly recommended against adding new "cyber products" to the munitions list.

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

New internet laws agreed by the European Parliament today have been branded as a threat to encryption by campaigners including British world wide web inventor Sir Tim Berners-Lee.

Report: Millennial IT workers are greatest internal risk to companies

Report: Millennial IT workers are greatest internal risk to companies

Millennial IT professionals who have worked at a single employer for seven years or more pose the greatest internal risk to their company's security, according to a report.

French Criminals hack chips and pins

French Criminals hack chips and pins

Criminals have figured out ways to 'hack' chip and pin cards, several years after University of Cambridge Researchers proved it was possible.

SCNY: Compliance challenges require advance planning

SCNY: Compliance challenges require advance planning

To bridge the gap between governance, risk and compliance (GRC) and IT security, organizations must adopt best practices that include automation, raising awareness and documentation, a panel of Industry professionals told an audience Tuesday at SC Congress New York.

NIST seeks to secure, raise trustworthiness of email

NIST seeks to secure, raise trustworthiness of email

The National Institute of Standards and Technology (NIST) unveiled two projects designed to secure email.

Symantec terminates employees for unauthorized HTTPS certificates

Symantec terminates employees for unauthorized HTTPS certificates

Symantec has discovered that unauthorized HTTP certificates were issued for Google webpages and terminated the employees who were involved in issuing the certificates.

The five capabilities that define your organization's secure file transfer effectiveness

This webinar will examine the business risks and regulatory compliance requirements associated with file transfers.

Comcast penalized for data breach

Comcast penalized for data breach

Comcast settles charges of unauthorized disclosure of details on 75,000 who paid for unlisted VoIP telephone service.

Russia moves to block Wikipedia, HTTPs stands in the way

Russia moves to block Wikipedia, HTTPs stands in the way

Internet service providers in Russia were ordered to block access to Wikipedia but efforts have been thwarted by HTTPs.

How to simplify PCI DSS compliance with AlienVault USM

Demonstrating compliance with PCI DSS is far from a trivial exercise. Are you sure you can document your organization's compliance with the new 3.0 standards?

Nation-state attack likely, say two-thirds of Black Hat respondents

Nation-state attack likely, say two-thirds of Black Hat respondents

Nearly two-thirds of survey respondents believe their organization is a potential target for nation-state cyberattacks.

Government budget agency drafts contractor cybersecurity guidelines

Government budget agency drafts contractor cybersecurity guidelines

The Office of Management and Budget (OMB) proposed new cybersecurity guidelines earlier this week to help government agencies draft contracts with third-party groups.

FTC: Morgan Stanley not at fault over released information

FTC: Morgan Stanley not at fault over released information

Morgan Stanley dodged a bullet this week when the Federal Trade Commission (FTC) ruled the firm did not violate security protocols concerning a breach earlier this year.

Getting a grip on enterprise risk

Managing compliance and risk has become one of the most torturous assignments in the enterprise, particularly for those that must adhere to the ever-increasing challenge of industry, state and federal regulations.

FAA: Software bug impacts Boeing 787 electrical power

The aviation authority instructed operators to take "interim action" to prevent loss of AC electrical power, until a software fix is available.

Forrester estimates that broad EMV chip adoption is half a decade away

Forrester estimates that broad EMV chip adoption is half a decade away

EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.

Sprint fined $15.5 million for overcharging feds for wiretaps

Sprint Communications has agreed to pay $15.5 million to the federal government for charging law enforcement agencies for surveillance upgrades.

NIST calls for final comments on draft covering sensitive information protection

NIST calls for final comments on draft covering sensitive information protection

NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."

Insider threat: The emerging policy landscape & best practices

Retired Senior Executive,CIA - Insider Threat Detection, Larry Knutsen, will review the evolution of U.S. policy on insider threats and what they mean to your organization.

PCI Council updates penetration testing guidance for merchants

A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.

Federal Reserve Bank of New York creates cybersecurity team

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Russian hacker to be extradited to U.S. from Spain

A Russian man who was arrested in Spain on suspicion of cyber fraud reportedly will be extradited to the U.S. within the next few days.

Obama Administration sets record for withholding FOIA requests

The Obama administration has set another record for withholding government files under the U.S. Freedom of Information Act.

Verizon: PCI requirement to test security systems a compliance weak point for orgs

Verizon: PCI requirement to test security systems a compliance weak point for orgs

The percentage of companies compliant with PCI DSS Requirement 11 dropped to 33 percent last year, a Verizon report found.

Cracking the confusion between encryption and tokenization

Today there are more options for securing enterprise data than ever before. Yet with so many approaches, choosing the best fit isn't always an easy decision.

Obama criticizes Chinese cybersecurity regs

President Obama told Reuters that cybersecurity requirements proposed by China need to change if the country wants to do business with the U.S.

In historic vote, FCC approves strong net neutrality rules

The rules, approved Thursday, ban ISPs from charging for internet "fast lanes," or blocking legal internet services.

Planning for PCI compliance in the cloud

Virtualization changes everything. The agility and cost efficiencies enabled by virtualization and the cloud are beneficial, as long as you understand why virtualization requires different security.

News briefs: North Korea behind the Sony breach and a landmark HIPAA settlement

News briefs: North Korea behind the Sony breach and a landmark HIPAA settlement

President Obama imposed sanctions against North Korea, a medical services provider will be forced to pay a "neglect" penalty over HIPAA violations, the House passed the Intelligence Authorization Act, and other security news.

Defense from the top: FISMA

Defense from the top: FISMA

The DHS will gain more control - and federal cybersecurity likely will be improved - when a FISMA update is passed, reports Lee Sustar.

FCC warns businesses: Wi-Fi blocking prohibited

In an attempt to put the issue to rest, the agency warned businesses against blocking guests' personal hotspots.

Don't dismiss internal data breaches as minor - they aren't!

Don't dismiss internal data breaches as minor - they aren't!

The wolf isn't at your door, it's inside. Ignorance is definitely not bliss. Just ask any of the regulatory agencies.

Identity requirements for risk and compliance - what you need to know

Identity is a critical component of proving compliance. Whether complying with industry regulations or security best practices, your auditors need to know who has access to what servers and data as well as who exactly did what, where and when.

PCI compliance not synonymous with security, panel says

PCI compliance not synonymous with security, panel says

A panel held during the annual NRF conference discussed ways that retailers could bolster security.

After FCC fine, Marriott says it won't block guests' Wi-Fi networks

Last October, the FCC came after Marriott with a $600,000 fine.

NJ law requires health insurance carriers to encrypt sensitive data

New Jersey Governor Chris Christie signed the legislation last Friday.

HITRUST adds privacy controls to Common Security Framework

The privacy controls will be added to version 7 of HITRUST's CSF due out later this month.

Why compliance matters

Why compliance matters

Part of my role requires me to ask questions that an auditor might. This is especially true when it comes to compliance, why it matters, and how it makes a difference.

FIDO Alliance publishes UAF, U2F specs

The alliance defined specifications for devices, servers and client software that will help usher in the "post password" era.

The proliferation of mandates

The proliferation of mandates

The reality of ubiquitous reliance on ICT has given rise to the criticality of cyber security, says Cisco CSO Edna Conway.

TRUSTe settles FTC charges over its 'certified' privacy seals

TRUSTe settles FTC charges over its 'certified' privacy seals

The company has agreed to pay $200,000 as part of the settlement, and will be required to beef up its COPPA-related reporting activities.

VA falters in cybersecurity audit for 16th year

Veterans Affairs has failed an annual cybersecuirty audit for the 16th year in a row, a new report reveals.

Secure agile development: Why can't we all get along?

Security teams are sharply focused on bringing security to applications and meeting compliance requirements in the delivery of these applications and services.

Network care: Case study

Network care: Case study

When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.

The auditor's case for continuous compliance

The auditor's case for continuous compliance

Whether it's for PCI compliance or HIPAA assessments companies follow the conventional model of point-in-time certification accompanied by a costly and painful annual review and correction process.

Google updates piracy-fighting report

The search engine company updates it piracy report to let users know how its adjusting search results to stop illegal piracy efforts.

Marriott to pay $600K fine for blocking guests' Wi-Fi networks

The FCC launched an investigation last year after a consumer complained of the practice.

Protecting the vault: First Financial Bank's go-to solution

Protecting the vault: First Financial Bank's go-to solution

Needing more than signature-based remedies, First Financial Bank found a way to close the gap between what exists and what's possible. Greg Masters reports.

EPIC files complaint with FTC against Maricopa

The nonprofit organization alleges that the Maricopa County Community College District violated the FTC's "Safeguards Rule."

2014 audit and compliance ebook

2014 audit and compliance ebook

We explore the landscape today with which security teams must contend and compile a number of best practices and strategies you can apply to protect your company.

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

Privacy rights group files complaint over Adobe, AOL Safe Harbor compliance

The Center for Digital Democracy has asked the FTC to investigate 30 U.S. firms' data collection practices, including Adobe, AOL and Datalogix.

PCI council releases third-party security assurance guidance

PCI council releases third-party security assurance guidance

The guidance is meant to help merchants and third parties better understand their roles and responsibilities in the payment security ecosystem.

PCI 2014: From compliance to security

PCI 2014: From compliance to security

The consensus from our panel of experts is that PCI DSS should be just one item on a far broader effort to integrate data security into enterprise risk management.

After PCI DSS issues, LifeLock removes Wall mobile app

As a precaution, the ID theft protection service has removed the app from the App Store, Google Play, and Amazon Apps.

American Apparel settles charges over data security compliance

The Federal Trade Commission banned the retailer from misrepresenting its abidance in an international security framework

Columbia University, NY hospital to pay $4.8 million HIPAA fine

Columbia University, NY hospital to pay $4.8 million HIPAA fine

The agreement marks the largest HIPAA settlement to date.

Why the world is not ready to share sensitive information

Why the world is not ready to share sensitive information

Is there such a thing as an exchange of secure information in an insecure world?

Humana co. pays HHS $1.7 million after unencrypted laptop breach

A Texas-based company, Concentra, paid the HIPAA settlement stemming from a 2011 breach.

Canadian privacy bill floats $100k fine per breach victim not notified

Introduced Tuesday, the Digital Privacy Act includes stiff penalties for organizations that fail to adequately respond to breaches.

The need and the challenge

The need and the challenge

Let's agree on a definition of the term "security" and move forward from there, says AT&T's Chris Mark.

Companies settle over false data security framework compliance claims

The Federal Trade Commission has charged 12 companies with falsely claiming to comply with the U.S.-EU Safe Harbor Framework.

2013 Industry Innovators: Security infrastructure

2013 Industry Innovators: Security infrastructure

GRC is at once the biggest pain point (arguably) of most large organizations and the most important task that does not usually get done right.

The changing face of data protection

The changing face of data protection

Information security personnel are challenged with protecting company reputation and enterprise and customer data from a constant and expanding barrage of cyber criminals.

PCI council publishes updated payment security standards

Version 3.0 of the PCI Data Security Standard (PCI DSS) and the Payment Application Data Security Standard (PA-DSS) became available today.

Don't forget forgotten passwords

Don't forget forgotten passwords

One issue with password systems has always been the 'reset' problem: what to do when a user forgets their password.

Clutter in the airwaves: Mobile payment security

Clutter in the airwaves: Mobile payment security

While already ubiquitous in much of the world, mobile payment options are gaining traction in the United States, reports Stephen Lawton.

First P2P encryption solution gets PCI council seal of approval

So far, one solution, developed by European Payment Services, has been verified under PCI security standards for point-to-point encryption (P2PE) hardware.

How to breeze through your next compliance audit

How to breeze through your next compliance audit

In a perfect world, enterprises would know exactly when an auditor is going to show up, the questions they will ask, and data would be presented on a silver platter ready to prove the organization's compliance.

Toeing the line...across sectors

Toeing the line...across sectors

A major area of concern for security personnel these days is how we are able to achieve and maintain compliance with multiple regulatory governing bodies.

Compliance deadline on HIPAA rules brings expanded responsibilities for third parties handling data

Business associates of HIPAA-covered entities are now legally bound to follow the same guidelines when securing patients' protected health information.

Biting the silver bullet: Protecting corporate assets

Biting the silver bullet: Protecting corporate assets

There are a few key things every business should consider to truly improve data security.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US