Compliance

Ray Rothrock: "Assume attackers are in your system"

Ray Rothrock: "Assume attackers are in your system"

By

As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

By

64 percent of more than 1,100 IT security executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is "very" or "extremely" effective at preventing data breaches.

Report: Half of law firms do not have a data protection committee

Report: Half of law firms do not have a data protection committee

By

Two reports by a legal competitive intelligence group shed light on how perspectives are shifting among legal professionals.

Moody's: Cyber risks will impact credit ratings

Moody's: Cyber risks will impact credit ratings

By

Moody's will begin to place more weight on considerations related to cyber risks when issuing credit ratings, the agency announced in a report.

GitHub of dark web offers anonymity, political neutrality

GitHub of dark web offers anonymity, political neutrality

By

Dark web version of GitHub offers a place for developers to code controversial projects anonymously.

Critical infrastructure networks lacking in performance metrics

Critical infrastructure networks lacking in performance metrics

By

Network defense of the nation's critical infrastructure is sorely lacking, according to a report by the Government Accountability Office.

FCC dismisses petition for websites to honor 'Do Not Track' requests

FCC dismisses petition for websites to honor 'Do Not Track' requests

By

The Federal Communications Commission (FCC) dismissed a petition to require websites to honor "Do Not Track" requests.

Financial agency warns of increased ransomware attacks

Financial agency warns of increased ransomware attacks

By

Regulatory agencies in the U.S. are increasingly concerned by ransomware attacks against financial institutions. The Federal Financial Institutions Examination Council (FFIEC) published a statement warning financial institutions of an uptick in the "frequency and severity of cyber attacks involving extortion."

Cyber products don't belong on munitions list, State Dept. DTAG says

Cyber products don't belong on munitions list, State Dept. DTAG says

By

U.S. Department of State's Defense Trade Advisory Group (DTAG) met to discuss the classification of "cyber products" reportedly recommended against adding new "cyber products" to the munitions list.

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

New internet laws agreed by the European Parliament today have been branded as a threat to encryption by campaigners including British world wide web inventor Sir Tim Berners-Lee.

Report: Millennial IT workers are greatest internal risk to companies

Report: Millennial IT workers are greatest internal risk to companies

By

Millennial IT professionals who have worked at a single employer for seven years or more pose the greatest internal risk to their company's security, according to a report.

French Criminals hack chips and pins

French Criminals hack chips and pins

Criminals have figured out ways to 'hack' chip and pin cards, several years after University of Cambridge Researchers proved it was possible.

SCNY: Compliance challenges require advance planning

SCNY: Compliance challenges require advance planning

By

To bridge the gap between governance, risk and compliance (GRC) and IT security, organizations must adopt best practices that include automation, raising awareness and documentation, a panel of Industry professionals told an audience Tuesday at SC Congress New York.

NIST seeks to secure, raise trustworthiness of email

NIST seeks to secure, raise trustworthiness of email

By

The National Institute of Standards and Technology (NIST) unveiled two projects designed to secure email.

Symantec terminates employees for unauthorized HTTPS certificates

Symantec terminates employees for unauthorized HTTPS certificates

Symantec has discovered that unauthorized HTTP certificates were issued for Google webpages and terminated the employees who were involved in issuing the certificates.

The five capabilities that define your organization's secure file transfer effectiveness

This webinar will examine the business risks and regulatory compliance requirements associated with file transfers.

Comcast penalized for data breach

Comcast penalized for data breach

By

Comcast settles charges of unauthorized disclosure of details on 75,000 who paid for unlisted VoIP telephone service.

Russia moves to block Wikipedia, HTTPs stands in the way

Russia moves to block Wikipedia, HTTPs stands in the way

By

Internet service providers in Russia were ordered to block access to Wikipedia but efforts have been thwarted by HTTPs.

How to simplify PCI DSS compliance with AlienVault USM

Demonstrating compliance with PCI DSS is far from a trivial exercise. Are you sure you can document your organization's compliance with the new 3.0 standards?

Nation-state attack likely, say two-thirds of Black Hat respondents

Nation-state attack likely, say two-thirds of Black Hat respondents

By

Nearly two-thirds of survey respondents believe their organization is a potential target for nation-state cyberattacks.

Government budget agency drafts contractor cybersecurity guidelines

Government budget agency drafts contractor cybersecurity guidelines

By

The Office of Management and Budget (OMB) proposed new cybersecurity guidelines earlier this week to help government agencies draft contracts with third-party groups.

FTC: Morgan Stanley not at fault over released information

FTC: Morgan Stanley not at fault over released information

By

Morgan Stanley dodged a bullet this week when the Federal Trade Commission (FTC) ruled the firm did not violate security protocols concerning a breach earlier this year.

Getting a grip on enterprise risk

Managing compliance and risk has become one of the most torturous assignments in the enterprise, particularly for those that must adhere to the ever-increasing challenge of industry, state and federal regulations.

FAA: Software bug impacts Boeing 787 electrical power

By

The aviation authority instructed operators to take "interim action" to prevent loss of AC electrical power, until a software fix is available.

Forrester estimates that broad EMV chip adoption is half a decade away

Forrester estimates that broad EMV chip adoption is half a decade away

By

EMV, despite its security features over magnetic stripe cards, cannot prevent against "wholesale breaches of large numbers of credit card numbers," report authors said.

Sprint fined $15.5 million for overcharging feds for wiretaps

By

Sprint Communications has agreed to pay $15.5 million to the federal government for charging law enforcement agencies for surveillance upgrades.

NIST calls for final comments on draft covering sensitive information protection

NIST calls for final comments on draft covering sensitive information protection

By

NIST and NARA collaborated to produce the final draft of "Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations."

Insider threat: The emerging policy landscape & best practices

Retired Senior Executive,CIA - Insider Threat Detection, Larry Knutsen, will review the evolution of U.S. policy on insider threats and what they mean to your organization.

PCI Council updates penetration testing guidance for merchants

By

A recent Verizon study found that regular testing of security systems was a compliance weak point for merchants.

Federal Reserve Bank of New York creates cybersecurity team

By

Sarah Dahlgren, the New York Fed's head of supervision, announced that the bank had created a team dedicated to cybersecurity.

Sign up to our newsletters

RECENT COMMENTS

FOLLOW US