compliance
The rise of continuous crowdsourced security testing for compliance
A large percentage of organizations and institutions are moving toward a rigorous, continuous testing model to ensure compliance, a Synack report reveals. As part of this …
CPoC: New data security standard for contactless payments
The PCI Security Standards Council (PCI SSC) published a new data security standard for solutions that enable merchants to accept contactless payments using a commercial …
Despite potential fines, GDPR compliance rate remains low
58% of surveyed businesses worldwide failed to address requests made from individuals seeking to obtain a copy of their personal data as required by GDPR within the one-month …
2019 experienced massive spate of crypto crimes, $4.4 billion to date
With only seven months left for nations to pass laws and virtual asset service providers (VASPs) to comply with the guidelines, the majority of cryptocurrency exchanges are …
Most businesses have yet to allocate a CCPA compliance budget
Only 15% of organizations report having a mature approach to data privacy, 59% have yet to allocate budget to CCPA compliance, and 58% are currently using or will look to …
Growing complexity is driving operational changes to privacy programs
A majority of companies are adopting a single global data protection strategy to manage evolving privacy programs, and that managing the expanding ecosystem of third parties …
Do third-party users follow security best practices and policies?
Many organizations across the globe fall short of effectively managing access for third-party users, exposing them to significant vulnerabilities, breaches and other security …
Inadequate data sanitization puts enterprises at risk of breaches and compliance failures
Global enterprises’ overconfidence and inadequate data sanitization are exposing organizations to the risk of data breach, at a time when proper data management should be at …
California IoT security law: What it means and why it matters
In September, California Governor Jerry Brown signed into law a new bill aimed at regulating the security of IoT devices, and it’s set to go into effect in a few short months …
Top concerns for audit executives? Cyber risks and data governance
As organizations continue to collect customer and employee data, chief audit executives (CAEs) are increasingly concerned about how to govern and protect it. Gartner conducted …
What financial records do companies need to keep, and for how long?
Companies generate stacks of documents and managing them correctly is crucial. It can be complicated to balance organizational requirements, employee interests, and legal …
Defining risk controls that actually work
Previously, we looked at practical ideas for conducting the complex information security risk assessments that all enterprises should regularly perform. The right methodology …