Security Experts:

long dotted

NEWS & INDUSTRY UPDATES

RSA unveiled new products to help address many of the challenges related to compliance with data protection regulations like the European Union's General Data Protection Regulation (GDPR). [Read More]
DHS issues binding operational directive requiring all federal agencies to use HTTPS, DMARC and STARTTLS [Read More]
ShiftLeft emerges from stealth mode with new solution designed to protect cloud applications and microservices, and with over $9 million in funding [Read More]
UpGuard launches CyberRisk, a new product designed to help organizations automate third-party vendor risk management [Read More]
In 2015 and 2016, the U.S. Federal Deposit Insurance Corporation (FDIC) may have suffered as many as 54 data breaches involving personal information [Read More]
Oracle announces new cloud security services and improvements to existing products at company’s OpenWorld convention [Read More]
Appthority report reveals which iOS and Android apps are the most blacklisted by security teams [Read More]
Federal judge allows the FBI to keep secret the details of a hacking tool used to access the iPhone of the San Bernardino terrorist [Read More]
DNSSEC key rollover delayed by at least one quarter as millions of users could go offline due to the failure of some network operators to install the new key [Read More]
An unprotected AWS S3 bucket operated by a Verizon engineer leaked details on the telecoms giant’s internal systems [Read More]

FEATURES, INSIGHTS // Compliance

rss icon

Chris Hinkley's picture
For security professionals, PCI DSS 3.0 means that PCI compliance will become more of an everyday business practice, rather than an annual checklist obligation.
Chris Hinkley's picture
Compliance is a byproduct of a solid security program – but that doesn’t mean it’s simple. Compliance can involve technical architecture and operational processes that many organizations simply don’t understand or don’t want to bother with.
Gant Redmon's picture
The CSO is so critical for the CPO’s success that I guarantee that if you send this article to your CPO, they will take you out for a free lunch the next day.
Nick Cavalancia's picture
In the era of the public cloud, when employees are frequently using consumerized applications to share and store data, it's time for security and risk professionals to adopt a new security thought paradigm that focuses on the insider threat that employees create, not solely on protecting data itself.
Jon-Louis Heimerl's picture
The Omnibus Rule that updated the Health Insurance Portability and Accountability Act (HIPAA) has the potential to be a game changer because of the things it says in writing, as well as some of the things that it doesn’t say.
Dr. Mike Lloyd's picture
2012 was an interesting year in security – publicity around breaches led to greater awareness than we’ve seen in years, encouraging many in the Federal sector to look into our corner of IT. So what will happen in IT Security 2013?
Dr. Mike Lloyd's picture
Santa doesn’t care if you were naughty or nice on Christmas Eve – what matters is how you did all year. Security is much the same.
Gant Redmon's picture
You can have security without privacy, but you cannot have privacy without security. To have privacy, you must have security to protect things you wish not to share from those who are interested...
Gant Redmon's picture
Data breach notification laws are confusing and ever changing. Legislators trying to harmonize all the different state breach notification laws are going to have three big political challenges.
Chris Hinkley's picture
As e-commerce ramps up again in advance of the holiday season, businesses need to take mobile payments security seriously. Here are three ways to protect your customers’ information when accepting mobile payments.