compliance

21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Posted on by Admin
21% of CISOs Have Been Pressured Not to Report a Compliance Issue

Over a fifth of CISOs have been pressured not to report a compliance issue, according to new research. As they take on greater responsibility in the boardroom, they also face increasing accountability for security incidents, making them more vulnerable to executive pressure when compliance risks arise. The report, published by data management platform Splunk, also found that 59% of CISOs would be willing to become a whistleblower if their company ignored compliance requirements. However, the…

Read More

3 ways AI will transform security in 2025

Posted on by Admin
3 ways AI will transform security in 2025

Skye Studios via Unsplash Automated threat detection and prevention, advanced intelligence, and AI-driven supply chain attacks — the AI we see in the world today has evolved significantly beyond the days of basic pattern matching. Whereas 10 years ago, machine learning could singularly translate variable inputs into a fixed output, now, it can not only take in variable inputs but also produce variable outputs.   This expansion of intelligence is why we can have human-like…

Read More

What Payroll Documents Do You Need to Pay Employees?

Posted on by Admin
What Payroll Documents Do You Need to Pay Employees?

Payroll documentation is more than just paperwork — it’s the backbone of your company’s compliance and efficiency. For HR professionals managing payroll across different regions, whether in a global company, a U.S.-only operation, or something in between, understanding which forms and records are required is essential. Getting employees paid at work while meeting tax, social security, and labor law obligations requires the right payroll documents. And with rules that vary from country to country —…

Read More

NIS 2 Compliance Deadline Approaches: What You Need To Know

Posted on by Admin
NIS 2 Compliance Deadline Approaches: What You Need To Know

On Oct. 17, the Network and Information Security 2 Directive takes effect. This means that relevant entities in industries such as energy, transport, water, healthcare, and digital infrastructure that carry out activities within the E.U. must comply with the relevant legislation. NIS 2, which was approved by the European Parliament in November 2022, aims to establish a consistent, minimum cybersecurity baseline across all E.U. member states, involving mandatory security measures and reporting procedures. Organisations subject…

Read More

It's time to embrace OSCAL automation for effective risk management

Posted on by Admin
It's time to embrace OSCAL automation for effective risk management

The National Institute of Standards and Technology (NIST) put forward the Open Security Controls Assessment Language (OSCAL) standard in 2021, creating a standardized machine readable language. The goal of the standard is to enable automation and facilitate interoperability between different security assessment tools. It also aims to enable real-time machine to machine data exchange, improving automation and interoperability across various compliance frameworks. There are a multitude of regulatory standards and frameworks that organizations must adhere…

Read More

7 Security and Compliance Tips From ISC2 Security Congress

Posted on by Admin
7 Security and Compliance Tips From ISC2 Security Congress

During Cybersecurity Awareness Month, thousands of cyber experts from across the globe convened in Las Vegas for the ISC2 Security Congress 2024 to discuss the industry challenges and best practices — including strategies for reducing business risks and minimizing uncertainty in their operations. Ralph Villanueva was one of those cyber professionals who offered advice to audiences. An IT security and compliance analyst at Hilton Grand Vacations, he riffed on the popular business self-help book “7…

Read More

Ensuring security and compliance in evolving cloud environments

Posted on by Admin
Ensuring security and compliance in evolving cloud environments

With the rapid pace of cloud adoption, organizations are quickly revolutionizing business operations but are having a harder time ensuring that systems are built and operated effectively and deployed with the proper cyber hygiene. Business growth experts say to move fast and break things but failing to implement appropriate cybersecurity controls simply doesn’t work because both the regulatory and threat landscape are evolving more rapidly than ever.  Even before organizations embarked on huge digital transformation…

Read More

SaaS governance is improving, but AI presents new challenges

Posted on by Admin
SaaS governance is improving, but AI presents new challenges

Despite hitting a high in 2022, apps identified as “shadow IT” dropped from 53% to 48% in 2023. This drop signals an increase in SaaS governance actions: we’re getting better within enterprises at knowing what apps employees are using, and better at enforcing policies around SaaS use. Anecdotally, I’m seeing that the creation of SaaS governance councils is becoming the norm; businesses are responding to a need for repeatable processes that allow teams to cross-functionally…

Read More

Managing the invisible risk of non-human identities

Posted on by Admin
Managing the invisible risk of non-human identities

In the dynamic world of cybersecurity, identity and access management (IAM) is a pivotal foundation. Ensuring that only authorized individuals and systems can access company resources is imperative. Unfortunately, while many organizations excel at managing human identities, they often need to pay more attention to a growing and potentially more hazardous category of digital actors known as non-human identities (NHIs). These unseen entities, which include service accounts, APIs, bots, and more, are rapidly multiplying, leading…

Read More

Protecting financial institutions in the era of AI-driven threats

Posted on by Admin
Protecting financial institutions in the era of AI-driven threats

As open-source AI tools become more accessible, ransomware attacks are growing increasingly sophisticated. Scammers are now using AI in targeted spear phishing attacks, where highly personalized information is used to gain access to medical or financial information.  Financial service organizations are particularly at risk when it comes to these kinds of attacks — not only do they hold and exchange large sums of money, they also store and process highly sensitive information of their customers. …

Read More
1 2 3 17