Vulnerability assessment for compliance
- December 20, 2018
Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications.
- November 21, 2018
Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes.
- December 19, 2016
After the U.S. was allegedly plagued by Russian cyberattacks during the election, members of both the Democratic and Republican parties are now calling for investigations. Also in recent GRC news: ...
- December 01, 2016
The future of regulatory compliance is under scrutiny as President-elect Donald Trump's administration continues the transition process. Also in recent GRC news: Hackers demanded ransom after ...
- November 17, 2016
Will President-elect Trump's transition team follow through on promises to get rid of Dodd-Frank compliance regulations? Also in recent GRC news, tech companies urge Trump to back encryption; and ...
- September 08, 2016
The E.U. has ordered Ireland to collect more than $14B in taxes from Apple that, according to the E.U., have gone unpaid for years. Also in recent GRC news, state voter registration system breaches ...
- August 24, 2016
After a Democratic National Committee email leak, security experts are warning against a possible voting machine hack come November. Also in GRC news, the New York branch of one of Taiwan's largest ...
- February 16, 2016
Just as companies were getting a handle on mobility, the Internet of Things (IoT) business is officially booming: Gartner Inc. predicts there will be 6.4 billion connected "things" used worldwide in 2016. Connected consumer devices get most of the ...
- November 06, 2015
As information security becomes essential to business success, companies are being forced to reexamine their approach to data protection strategy.
- June 29, 2015
The MIT Sloan School of Management has launched a consortium that touts interdisciplinary research and cooperation as keys to improving cybersecurity.
- April 30, 2015
Information sharing plays a big role in proposed cybersecurity legislation, but will the new measures hurt data privacy? Discuss with us during #GRChat May 7 at 12 p.m. EST.
- March 20, 2015
What GRC management best practices can keep business data compliant while reducing consumer risk? Discuss with us during #GRCChat March 26 at 12 p.m. EST.
- March 17, 2015
Regulation SCI marks a new era for SEC oversight of companies' IT compliance processes, and information governance expert Jeffrey Ritter discusses how in this Q&A.
- January 29, 2015
In this #GRCChat, find out what GRC features to keep top of mind when designing a BYOD security policy -- and how to ensure employees are on board.
- December 19, 2014
Legally ambiguous active defense strategies are risky -- and costly -- for businesses, but could the benefits outweigh the drawbacks? In this #CIOChat recap, participants highlight the hazards of hacking back.
- December 17, 2014
Cyberthreats are becoming more advanced, with more companies turning to offensive security tactics to combat them. #GRCChat-ters predict how companies can navigate the unclear waters of active cyberdefense.
- December 10, 2014
In IT, offensive security can involve methods other than 'hacking back.' In this #GRCChat recap, participants offer examples of active defense tactics, as well as advice on when to go on the offensive.
- December 05, 2014
With breaches on the rise, some advocate the legally ambiguous approach of hacking back. In this #GRCChat recap, participants discuss the perks and the pitfalls of active cyberdefense strategies.
- November 03, 2014
Compliance with PCI DSS regulations is only the start of a sound security strategy. In this #GRCChat, participants discuss additional measures to protect data and the complexities around mobile payment applications.
- September 26, 2014
Participants in the latest #GRCchat discuss the importance of transparent data access and management policies to protect enterprise mobile security.
- June 19, 2014
A new SEC initiative examines cybersecurity processes in markets the agency regulates, but it could impact every company's data management strategy.
- May 30, 2014
Tenable Network Security CSO Marcus Ranum reveals that data-driven intelligence is not as critical as system logging to security strategy.
- May 20, 2014
In this #GRCchat recap, a former Federal Communications Commission CIO discusses how a quantitative risk profile can mitigate financial risk.
- February 04, 2014
What is mobile data, which devices produce it, and how can you protect it? Join SearchCompliance Feb. 20 to discuss mobile governance and compliance.
- December 13, 2013
Vulnerability assessment tools can help enterprises detect and eliminate security threats early on. Here are some of the newer products on the market.
- December 06, 2013
In this Ask the Expert video, security guru Eric Cowperthwaite explains predictive security intelligence and how to leverage it in the enterprise.
- September 26, 2013
Organizers of next month's ISSA International Conference discuss what attendees can expect from the event and the current cybersecurity strategy landscape.
- August 29, 2013
The online debate surrounding the NSA's data-gathering activities persists, as revelations surrounding the PRISM program continue to come to light.
- August 15, 2013
As both government and businesses seek to confront online risk, the worldwide cybersecurity strategy debate continues via social media.
- August 08, 2013
In this Product Spotlight, we look at two new risk management assessment tools intended to better secure and protect your organization's private data.
- July 11, 2013
The NSA scandal has sparked worldwide talks on cybersecurity regulation as countries hammer out cyberprotection policies to guard digital information.
- April 22, 2013
Social media has been buzzing of late about the House passage of CISPA, as opponents argue the cybersecurity bill is a huge hit to consumer privacy.
- November 21, 2012
With consumer-targeted devices increasingly used for business purposes, mobile computing security continues to be a huge risk management concern.
- September 13, 2012
The White House is reportedly considering a cybersecurity executive order to push digital defense development for critical infrastructure protection.
- July 26, 2012
Despite an IT consumerization influx, some organizations leave something to be desired when it comes to mobile device security, our survey found.
- May 07, 2012
Technology law expert Jeffrey Ritter discusses the obstacles to governing social media security in 21st century business and what companies can do to protect their information.
- February 09, 2012
With the number and severity of breaches increasing, data protection strategies are vital. To help, the Online Trust Alliance has released a guide to online data protection.
- January 27, 2012
Detractors of SOPA and other antipiracy legislation say new regulations are needed -- but they must be better targeted. To do so, they say regulators simply need to follow the money.
- January 16, 2012
The SEC has released new "risk alerts" that outline how financial firms can use social media guidelines to protect their business from fraud and comply with federal regulations.
- January 03, 2012
After the holidays, many companies are facing an influx of mobile devices that could affect compliance with various regulations. Is your mobile device security strategy ready?
- November 23, 2011
In 2011, mobile malware and targeted attacks against big-name companies were among the top online security threats. Here’s why you need to prepare for more of the same in 2012.
- May 06, 2011
After a cyberattack put Sony's protection of personal information under a microscope, the company has announced increased security measures and enhanced customer data protection.
- April 08, 2011
The Epsilon data breach may have exposed thousands of customer email addresses to cybercriminals, highlighting the lack of corporate email security to protect consumers.
- October 25, 2010
With corporate scandals elevating the importance of chief audit executives, now is the time for CAEs to strategically partner with the C-suite, says Deloitte veteran Shayne Gregg.
- September 07, 2010
New products are designed to enforce data security surrounding cloud computing infrastructures, and to assist law firms with risk management. Find out how they can help.
- March 16, 2010
As more legislation on P2P file-sharing security risks makes its way into the Senate, the FTC offers guidance to protect against data breaches.
- February 25, 2010
A hearing in the House of Representatives on online privacy and location-based services suggests that geolocation data might be treated as personally identifiable information.
- December 09, 2009
The U.S. House of Representatives passed the Data Accountability and Trust Act (DATA), H.R. 2221, the first step toward a comprehensive national data breach notification law.
- October 06, 2009
Emerging technologies that allow users to broadcast geographic locations raise many issues for companies, CIOs, while legislatures and the FTC consider legal aspects.
- August 04, 2009
There's likely peer-to-peer file sharing in your network, posing major IT security and privacy risks. The question is whether new laws or better scrutiny will solve this problem.
- July 28, 2009
Traditionally adversaries, CISOs and auditors can leverage each other's skills to move toward a risk-based approach to compliance.
- July 15, 2009
Sometimes it takes a crisis to build an information security program. Eric Cowperthwaite, CISO at Providence Health & Services, attests to that and has advice on security maturity.
- April 30, 2009
Enterprises seeking to enter the cloud and remain both secure and compliant within regulatory guidelines were the subject of a panel at the RSA Conference.
- April 27, 2009
The Information and Communications Enhancement (ICE) Act would create a White House "cyber office" that would coordinate between government agencies and the private sector.