Compliance News, Articles and Updates

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

Ponemon: 89% of surveyed health care orgs breached in last two years; cybercrime top cause

By

For the second consecutive year, Ponemon Institute's annual study on the state of security and privacy in health care found that cybercrime was the leading cause of data breaches among hospitals and other medical providers.

Emails raise more questions of Clinton infosec practices

Emails raise more questions of Clinton infosec practices

By

Recently released documents set off renewed discussions about Hillary Clinton's information security practices as former U.S. Secretary of State.

Tampa airport to conduct major IT security audit following apparent breach

Tampa airport to conduct major IT security audit following apparent breach

By

Tampa International Airport has expedited and expanded an audit of its network security, following the resignation of an IT consultant who was allegedly found to have shared system passwords with unauthorized parties.

Government requests to Apple for customer data drop

Government requests to Apple for customer data drop

By

Germany, the United States and Australia were not shy when it came to asking Apple for customer information filing thousands of requests in the second half of 2015.

Microsoft's data portal adds new cloud certifications

Microsoft's data portal adds new cloud certifications

By

Microsoft is rolling out new certifications provided through the company's data portal.

Report: 10% of large companies do not use any cybersecurity framework

Report: 10% of large companies do not use any cybersecurity framework

By

A new report found that 16% of organizations do not use any cybersecurity framework and even among companies with more than 10,000 employees, 10% do not currently use a security framework.

Privacy shield: Officials give "written assurances" over limiting bulk data collection

Privacy shield: Officials give "written assurances" over limiting bulk data collection

The Privacy Shield negotiations have produced an unprecedented agreement between the US and the EU that there will be safeguards against the bulk collection of the EU citizens' data but critics are unconvinced.

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

Google adds HTTPS report card to transparency report; 77 percent of its traffic encrypted

By

For the first time, Google has added an HTTPS report card to its Transparency Report, tracking its progress toward its stated goal of 100 percent SSL/TSL encryption of data in transit.

Researcher bashes cert programs for giving high marks to flawed AV programs

Researcher bashes cert programs for giving high marks to flawed AV programs

By

A new blog post by security researcher Tavis Ormandy chastises security software certification programs for giving antivirus products high grades despite the presence of multiple low-hanging vulnerabilities.

White House requires agencies to share custom code with open-source community

White House requires agencies to share custom code with open-source community

By

The White House has released a draft of its Source Code Policy, which establishes rules for sharing custom software between federal agencies, in hopes of improving government access to applications and reducing development costs.

Exclusive: Commerce Dept. official defends Privacy Shield

Exclusive: Commerce Dept. official defends Privacy Shield

By

A senior U.S. Department of Commerce official spoke with SCMagazine.com Friday morning to defend the virtues of the newly introduced U.S.-EU Privacy Shield pact.

FTC orders nine companies to provide details on PCI DSS audit process

FTC orders nine companies to provide details on PCI DSS audit process

By

The FTC has ordered nine companies to provide information on the way they assess whether retailers and others are in compliance with Payment Card Industry Data Security Standards (PCI DSS).

DoD policy delegates cybersecurity compliance responsibilities to military leaders

DoD policy delegates cybersecurity compliance responsibilities to military leaders

By

The DoD has publicly disclosed its new Cybersecurity Discipline Implementation Plan, which assigns leaders across all military branches greater responsibility for fortifying operational systems against cyber intrusions.

Electronic Frontier Foundation opinion piece pokes holes in EU-U.S. Privacy Shield

Electronic Frontier Foundation opinion piece pokes holes in EU-U.S. Privacy Shield

By

Digital rights group the Electronic Frontier Forum (EFF) yesterday came out swinging against the Privacy Shield, the intended successor to the recently invalidated EU-U.S. Safe Harbor agreement.

Report: 41 percent of younger IT pros have hacked

Report: 41 percent of younger IT pros have hacked

By

A survey of IT professionals casts light on some of the trust and compliance challenges that plague the information security sector.

Ray Rothrock: "Assume attackers are in your system"

Ray Rothrock: "Assume attackers are in your system"

By

As cyber attacks continue to increase, IT departments continue to be challenged by older techniques, such as targeted phishing attacks, because the attacks bypass perimeter defenses and are difficult to prevent.

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

Survey: 64 percent of IT execs think achieving basic compliance will stop most breaches

By

64 percent of more than 1,100 IT security executives believe that simply meeting cybersecurity compliance requirements, as opposed to striving for best practices, is "very" or "extremely" effective at preventing data breaches.

Report: Half of law firms do not have a data protection committee

Report: Half of law firms do not have a data protection committee

By

Two reports by a legal competitive intelligence group shed light on how perspectives are shifting among legal professionals.

Moody's: Cyber risks will impact credit ratings

Moody's: Cyber risks will impact credit ratings

By

Moody's will begin to place more weight on considerations related to cyber risks when issuing credit ratings, the agency announced in a report.

GitHub of dark web offers anonymity, political neutrality

GitHub of dark web offers anonymity, political neutrality

By

Dark web version of GitHub offers a place for developers to code controversial projects anonymously.

Critical infrastructure networks lacking in performance metrics

Critical infrastructure networks lacking in performance metrics

By

Network defense of the nation's critical infrastructure is sorely lacking, according to a report by the Government Accountability Office.

FCC dismisses petition for websites to honor 'Do Not Track' requests

FCC dismisses petition for websites to honor 'Do Not Track' requests

By

The Federal Communications Commission (FCC) dismissed a petition to require websites to honor "Do Not Track" requests.

Financial agency warns of increased ransomware attacks

Financial agency warns of increased ransomware attacks

By

Regulatory agencies in the U.S. are increasingly concerned by ransomware attacks against financial institutions. The Federal Financial Institutions Examination Council (FFIEC) published a statement warning financial institutions of an uptick in the "frequency and severity of cyber attacks involving extortion."

Cyber products don't belong on munitions list, State Dept. DTAG says

Cyber products don't belong on munitions list, State Dept. DTAG says

By

U.S. Department of State's Defense Trade Advisory Group (DTAG) met to discuss the classification of "cyber products" reportedly recommended against adding new "cyber products" to the munitions list.

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

European Parliament failure to protect net neutrality 'threatens encryption', says Berners-Lee

New internet laws agreed by the European Parliament today have been branded as a threat to encryption by campaigners including British world wide web inventor Sir Tim Berners-Lee.

Report: Millennial IT workers are greatest internal risk to companies

Report: Millennial IT workers are greatest internal risk to companies

By

Millennial IT professionals who have worked at a single employer for seven years or more pose the greatest internal risk to their company's security, according to a report.

French Criminals hack chips and pins

French Criminals hack chips and pins

Criminals have figured out ways to 'hack' chip and pin cards, several years after University of Cambridge Researchers proved it was possible.

SCNY: Compliance challenges require advance planning

SCNY: Compliance challenges require advance planning

By

To bridge the gap between governance, risk and compliance (GRC) and IT security, organizations must adopt best practices that include automation, raising awareness and documentation, a panel of Industry professionals told an audience Tuesday at SC Congress New York.

NIST seeks to secure, raise trustworthiness of email

NIST seeks to secure, raise trustworthiness of email

By

The National Institute of Standards and Technology (NIST) unveiled two projects designed to secure email.

Symantec terminates employees for unauthorized HTTPS certificates

Symantec terminates employees for unauthorized HTTPS certificates

Symantec has discovered that unauthorized HTTP certificates were issued for Google webpages and terminated the employees who were involved in issuing the certificates.

RECENT COMMENTS

Sign up to our newsletters

FOLLOW US