Tag: compliance
-
Bug causes Cloudflare to lose customer logs
by
in SecurityNewsA Wednesday blog post from Cloudflare revealed that a software bug resulted in the loss of about 55% of the logs that would have been sent to customers over a 3.5-hour period on 14 November.The company explained that every part of its global network of services generates event logs containing detailed metadata about its activities.…
-
How DSPM Helps Businesses Meet Compliance Requirements
by
in SecurityNews
Tags: compliance, cybersecurity, data, finance, government, healthcare, regulation, risk, vulnerabilityData Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast…
-
9 VPN alternatives for securing remote network access
by
in SecurityNews
Tags: access, ai, api, attack, authentication, automation, best-practice, business, cloud, compliance, computer, computing, control, corporate, credentials, cve, cybercrime, cybersecurity, data, defense, detection, dns, encryption, endpoint, exploit, firewall, fortinet, group, guide, Hardware, iam, identity, infrastructure, Internet, iot, least-privilege, login, malicious, malware, mfa, microsoft, monitoring, network, office, password, ransomware, risk, router, saas, service, software, strategy, switch, threat, tool, update, vpn, vulnerability, vulnerability-management, waf, zero-trustOnce the staple for securing employees working remotely, VPNs were designed to provide secure access to corporate data and systems for a small percentage of a workforce while the majority worked within traditional office confines. The move to mass remote working brought about by COVID-19 in early 2020 changed things dramatically. Since then, large numbers…
-
Defining Cyber Risk Assessment and a Compliance Gap Analysis and How They Can be Used Together
by
in SecurityNewsA cyber risk assessment is a tool that helps organizations identify and prioritize risks associated with threats that are relevant to their unique environment. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/defining-cyber-risk-assessment-and-a-compliance-gap-analysis-and-how-they-can-be-used-together/
-
Top 7 Vanta Alternatives to Consider in 2025
by
in SecurityNewsThe Rise of Compliance-Centric Platforms Vanta was developed to help organizations achieve SOC 2 compliance quickly. Compliance management platforms have gained significant traction in the market. For startups and smaller businesses, these certifications are often crucial for breaking into markets where enterprise clients expect certain compliance standards as baseline requirements. Vanta offers robust integrations that……
-
Leaky Cybersecurity Holes Put Water Systems at Risk
by
in SecurityNewsAt least 97 major water systems in the US have serious cybersecurity vulnerabilities and compliance issues, raising concerns that cyberattacks could disrupt businesses, industry, and the lives of millions of citizens. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/leaky-cybersecurity-holes-water-systems-risk
-
The Scale of Geoblocking by Nation
by
in SecurityNewsInteresting analysis: We introduce and explore a little-known threat to digital equality and freedomwebsites geoblocking users in response to political risks from sanctions. U.S. policy prioritizes internet freedom and access to information in repressive regimes. Clarifying distinctions between free and paid websites, allowing trunk cables to repressive states, enforcing transparency in geoblocking, and removing ambiguity…
-
Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform
by
in SecurityNewsThe company emerged from stealth mode in March 2022 and has been on a mission to help companies reduce compliance cost and handle time-consuming GRC tasks. The post Trustero Secures $10 Million in Funding to Grow AI-Powered Security and Compliance Platform appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/trustero-secures-10-million-in-funding-to-grow-ai-powered-security-and-compliance-platform/
-
What is DSPT Compliance: From Toolkit to Audit (2024)
by
in SecurityNewsThe Data Security and Protection Toolkit (DSPT), an online tool, is undergoing significant changes. From September 2024, the DSPT will now align with the National Cyber Security Centre’s Cyber Assessment Framework (CAF) to enhance cybersecurity measures across the NHS. This shift will impact many NHS organisations and require adjustments to their data security and protection……
-
Navigating Certificate Lifecycle Management
by
in SecurityNewsManaging digital certificates might sound simple, but for most organizations, it’s anything but. For cryptography and IT teams handling hundreds of certificates, staying ahead of expirations, maintaining security, and meeting compliance demands are constant challenges. Here’s an in-depth look at why having robust certificate lifecycle management processes is essential, the obstacles organizations face, and how……
-
Five Cyber Agencies Sound Alarm About Active Directory Attacks: Beyond the Basics
by
in SecurityNews
Tags: access, attack, authentication, cloud, compliance, control, credentials, cyber, cybersecurity, data, defense, detection, exploit, framework, iam, identity, infrastructure, intelligence, least-privilege, login, mfa, microsoft, monitoring, password, risk, service, software, strategy, tactics, threat, tool, update, vulnerabilityA landmark global report emphasizes 17 attack techniques against Microsoft Active Directory and cautions organizations to step up protections. In the second of our two-part series, we take you beyond the basics to highlight three key areas to focus on. The landmark report Detecting and Mitigating Active Directory Compromises, released in September by cybersecurity agencies…
-
Building and Enhancing OT/ICS Security Programs Through Governance, Risk, and Compliance (GRC)
by
in SecurityNewsOperational Technology (OT) and Industrial Control Systems (ICS) are critical components of many industries, especially those within the 16 critical… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/building-and-enhancing-ot-ics-security-programs-through-governance-risk-and-compliance-grc/
-
10 Most Impactful PAM Use Cases for Enhancing Organizational Security
by
in SecurityNewsPrivileged access management (PAM) plays a pivotal role in building a strong security strategy. PAM empowers you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As an established provider of a PAM solution, we’ve witnessed firsthand how PAM transforms organizational security.…
-
How businesses can prepare for the 47-day certificate lifecycle: What it means and recent updates
by
in SecurityNewsApple’s proposal to shorten SSL/TLS certificate lifespans to 47 days by 2028 emphasizes enhanced security and automation. Shorter cycles reduce vulnerabilities, encourage automated certificate management, and push businesses to adopt efficient tools like ACME protocols. While the proposal isn’t yet mandatory, businesses must prepare by modernizing infrastructure, automating renewal processes, and training teams. Adapting early…
-
7 Simple Steps to PCI DSS Audit Success
by
in SecurityNewsOrganizations that process, transmit, and/or store cardholder data or SAD (sensitive authentication data), or can affect their security, must comply with the PCI DSS (Payment Card Industry Data Security Standard). This is an international information security standard designed to: Currently, the Standard is at v4.0.1. You can learn more about the changes introduced by PCI…
-
A Fifth of UK Enterprises “Not Sure” If NIS2 Applies
by
in SecurityNewsOver a fifth of large UK businesses aren’t sure of their compliance responsibilities under the new NIS2 directive First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fifth-uk-enterprises-not-sure-nis/
-
10 Best Drata Alternatives to Consider for Compliance Management in 2024
by
in SecurityNewsIf you’re familiar with platforms like Drata, you may appreciate their streamlined compliance processes and integrations. But if you’re ready for something beyond automation and integration (think powerful AI-driven risk management, live visual dashboards, and extensive framework mappings), Centraleyes delivers in ways Drata just can’t match! Let’s take a closer look at both platforms and……
-
SOC 2 Compliance Audit: Safeguarding Your Business’s Data
by
in SecurityNewsAre you a service organization seeking an audit to gain customers’ trust? Or maybe you are looking to attract prospective clients by proving how serious you are with customers’ data. If that is the case, you have come to the right place. Introducing the SOC 2 audit think of it as a thorough check-up… First…
-
N-able Strengthens Cybersecurity Via $266M Adlumin Purchase
by
in SecurityNewsSecurity Operations Purchase Brings Cloud-Native XDR, MDR to IT Management Platform. With Adlumin’s cloud-native XDR and MDR services, N-able consolidates its position as a leader in IT management. Buying the Washington D.C.-based security operations vendor for up to $266 million drives value through AI-powered threat detection and compliance solutions tailored for MSPs. First seen on…
-
Build Confidence with Robust Machine Identity Solutions
by
in SecurityNewsHow Robust Are Your Machine Identity Solutions? As cybersecurity threats and data breaches continue to soar, the question becomes inevitable: how robust are your machine identity solutions? For many organizations, the answer remains shrouded in ambiguity, leaving them vulnerable to data breaches and non-compliance penalties. However, a new frontier of Non-Human Identity (NHI) and Secrets……
-
China Privacy Law: Data Management Audits Are Coming in 2025
by
in SecurityNewsAttorney James Gong Examines Upcoming Regulations Related to Non-Personal Data. In 2025, companies in China will face additional obligations when data protection audits become mandatory, setting a new benchmark for compliance with privacy laws. China is also expected to introduce regulations on non-personal data to establish a framework for ethical and secure data usage. First…
-
Penn State pays DoJ $1.25M to settle cybersecurity compliance case
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/23/penn_state_university_doj_settlement/
-
Fraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters
by
in SecurityNews
Tags: access, ai, api, attack, authentication, awareness, business, cloud, communications, compliance, control, credentials, crime, data, defense, detection, encryption, exploit, finance, fraud, Hardware, iam, international, mfa, mobile, office, PCI, privacy, regulation, risk, service, software, strategy, technology, threat, vulnerabilityFraud Awareness Week: How to Effectively Protect Your Data and Combat Fraudsters madhav Tue, 11/19/2024 – 05:28 International Fraud Awareness Week (November 17-23) is a critical time to consider the significant risks that fraud poses to individuals and organizations. Thanks to AI, fraud attempts and successful attacks are alarmingly common and more advanced, with many…