compliance

NIS 2 Compliance Deadline Approaches: What You Need To Know

Posted on by Admin
NIS 2 Compliance Deadline Approaches: What You Need To Know

On Oct. 17, the Network and Information Security 2 Directive takes effect. This means that relevant entities in industries such as energy, transport, water, healthcare, and digital infrastructure that carry out activities within the E.U. must comply with the relevant legislation. NIS 2, which was approved by the European Parliament in November 2022, aims to establish a consistent, minimum cybersecurity baseline across all E.U. member states, involving mandatory security measures and reporting procedures. Organisations subject…

Read More

It's time to embrace OSCAL automation for effective risk management

Posted on by Admin
It's time to embrace OSCAL automation for effective risk management

The National Institute of Standards and Technology (NIST) put forward the Open Security Controls Assessment Language (OSCAL) standard in 2021, creating a standardized machine readable language. The goal of the standard is to enable automation and facilitate interoperability between different security assessment tools. It also aims to enable real-time machine to machine data exchange, improving automation and interoperability across various compliance frameworks. There are a multitude of regulatory standards and frameworks that organizations must adhere…

Read More

7 Security and Compliance Tips From ISC2 Security Congress

Posted on by Admin
7 Security and Compliance Tips From ISC2 Security Congress

During Cybersecurity Awareness Month, thousands of cyber experts from across the globe convened in Las Vegas for the ISC2 Security Congress 2024 to discuss the industry challenges and best practices — including strategies for reducing business risks and minimizing uncertainty in their operations. Ralph Villanueva was one of those cyber professionals who offered advice to audiences. An IT security and compliance analyst at Hilton Grand Vacations, he riffed on the popular business self-help book “7…

Read More

Ensuring security and compliance in evolving cloud environments

Posted on by Admin
Ensuring security and compliance in evolving cloud environments

With the rapid pace of cloud adoption, organizations are quickly revolutionizing business operations but are having a harder time ensuring that systems are built and operated effectively and deployed with the proper cyber hygiene. Business growth experts say to move fast and break things but failing to implement appropriate cybersecurity controls simply doesn’t work because both the regulatory and threat landscape are evolving more rapidly than ever.  Even before organizations embarked on huge digital transformation…

Read More

SaaS governance is improving, but AI presents new challenges

Posted on by Admin
SaaS governance is improving, but AI presents new challenges

Despite hitting a high in 2022, apps identified as “shadow IT” dropped from 53% to 48% in 2023. This drop signals an increase in SaaS governance actions: we’re getting better within enterprises at knowing what apps employees are using, and better at enforcing policies around SaaS use. Anecdotally, I’m seeing that the creation of SaaS governance councils is becoming the norm; businesses are responding to a need for repeatable processes that allow teams to cross-functionally…

Read More

Managing the invisible risk of non-human identities

Posted on by Admin
Managing the invisible risk of non-human identities

In the dynamic world of cybersecurity, identity and access management (IAM) is a pivotal foundation. Ensuring that only authorized individuals and systems can access company resources is imperative. Unfortunately, while many organizations excel at managing human identities, they often need to pay more attention to a growing and potentially more hazardous category of digital actors known as non-human identities (NHIs). These unseen entities, which include service accounts, APIs, bots, and more, are rapidly multiplying, leading…

Read More

Protecting financial institutions in the era of AI-driven threats

Posted on by Admin
Protecting financial institutions in the era of AI-driven threats

As open-source AI tools become more accessible, ransomware attacks are growing increasingly sophisticated. Scammers are now using AI in targeted spear phishing attacks, where highly personalized information is used to gain access to medical or financial information.  Financial service organizations are particularly at risk when it comes to these kinds of attacks — not only do they hold and exchange large sums of money, they also store and process highly sensitive information of their customers. …

Read More

The future of security and access control for office spaces

Posted on by Admin
The future of security and access control for office spaces

Effective physical security is essential to any brick-and-mortar establishment, but it is even more crucial in the commercial real estate industry. Securing a workplace involves more than simply monitoring the entryway to the building — so how can security leaders ensure they are being proactive about defending their offices?  Here, we talk with Security talks with Andrew Campagnola about emerging threats in office building security and how security leaders can address these concerns.  Security magazine: Tell us about…

Read More

Unlocking digital trust: The power of collaboration in a data-driven world

Posted on by Admin
Unlocking digital trust: The power of collaboration in a data-driven world

Digital trust has become the cornerstone of successful organizations in today’s data-driven and artificial intelligence-influenced world. Customers, partners and employees alike are increasingly basing their decisions on how much they trust an organization to oversee their information securely and responsibly. ISACA’s 2024 State of Digital Trust report underscores this reality, highlighting both the critical role of security and the need for enhanced collaboration across digital trust functions. The survey, which polled more than 5,870 ISACA…

Read More

Workplace compliance considerations for California Senate Bill 553

Posted on by Admin
Workplace compliance considerations for California Senate Bill 553

The California Senate Bill 553 (CA SB 553), which went into effect on July 1, 2024, is a milestone in labor law legislation. The bill introduces new safety obligations for most businesses in California, aimed at addressing growing concerns around workplace violence. Specifically, CA SB 553 mandates the implementation of comprehensive workplace violence prevention plans (WVPPs). These plans must include procedures for identifying and addressing potential security risks, maintaining extensive and auditable records of each…

Read More
1 2 3 16