What are three burning questions regarding legal and compliance issues that enterprise security leaders should ponder as they head into 2019? Ed Amoroso, former CISO of AT&T and current CEO of TAG Cyber, outlines the questions and possible answers.
The latest version of the NIST Cybersecurity Framework - Version 1.1 - includes more information on supply chain risk management, authentication, authorization, identity proofing and self-assessing cybersecurity risk management, says Matthew Barrett of the National Institute of Standards and Technology.
As of March 1, 2019, the two-year transition comes to an end, and covered entities are required to be in compliance with the New York Department of Financial Services Cybersecurity Regulation Section 500.11, the Third Party Service Provider Security Policy. What are the key requirements of this section, and how might...
It's common for companies to expand their digital
networks to keep pace with expanding business
demands. As a natural extension of this growth,
network security needs to increase at the same time.
But today's security climate is very different than it was
even just a few years ago, compounding risk.
Breached businesses in Europe: Brace for more class action lawsuits seeking material and non-material damages filed by victims following mandatory data breach notifications under GDPR, says attorney Jonathan Armstrong. He predicts more breach-related suits will succeed in Europe than in the United States.
Public cloud use is increasing as organizations leverage IaaS environments to improve operational agility and increase efficiency.
However, security teams are still struggling to maintain security visibility of dynamic, IaaS computing environments due to decentralization of IT, the expanding cloud attack surface,...
As the HIPAA security rule turns 20, it's time for regulators to make updates reflecting the changing cyberthreat landscape and technological evolution that's happened over the past two decades, says security expert Tom Walsh.
This white paper looks at how payment innovation is impacting fraud departments and the growing importance of removing friction to improve the customer experience. The mobile and online channels are the future; being able to authenticate returning customers and determine who new applicants really are will be essential...
The latest edition of the ISMG Security Report features a discussion of California's groundbreaking new privacy law as well as an update on the potential impact of the hacker group responsible for the Ticketmaster breach.
Look at information security through the lens of business risk, and you'll begin to make decisions about security in light of their impact on the business.
With security threats emerging faster than ever, what if your most important information is not protected? What strategic business advantage do you gain if it is...
Australian medical booking platform HealthEngine offered AU$25 (US$19) gift vouchers to dental patients who sent photos of their treatment invoices to the company, which it positioned to patients as "invaluable" research. Privacy experts say the company may have fallen afoul of Australian privacy guidelines.
Cryptocurrency money laundering is increasing dramatically, being already three times greater than in 2017. And we're only half way through the year, observes Dave Jevans, Founder and CEO of CipherTrace, and chairman of the Anti-Phishing Working Group.
Federal authorities have arrested more than 35 suspects on charges that include selling illicit substances via darknet marketplaces - such as AlphaBay, Dream and Hansa - thanks in part to undercover agents posing as cryptocurrency money launderers. Authorities say the year-long investigation is continuing.
Europe's General Data Protection Regulation is reshaping the way organizations handle data. That's going to have an impact on the sharing of threat intelligence. But the Anti-Phishing Working Group hopes the law will provide legal clarity that will make more organizations comfortable with sharing threat data.