PCI DSS 3.2 Deadlines and Requirements

By now, many organizations have implemented PCI DSS v3.2 and though the previous version (v3.1) expired in October of 2016,  some of the new requirements became effective February 1, 2018. Additional requirements are due to be effective in July 2018. Confused yet? Whether you have not yet adopted the new standard, or have put PCI compliance off until the last minute, there is still time to become PCI DSS 3.2 compliant in 2018.
Read more

4 Steps to Help With Data Protection and Compliance

The protection of personal data has never been more important for organizations, but many still lag behind with securing that data. With compliance regulations such as HIPAA, PCI and GDPR top of mind for many, are organizations ensuring that personal data is protected at the organizational level? For companies both large and small, we've outlined four steps organizations can take to begin assessing personal data.
Read more

Data Governance and the GDPR

  Data Governance is an important component of the General Data Protection Regulation (GDPR), and Heidi Maher's recent post discussing GDPR and information governance makes an essential point with the upcoming regulations. Maher's discussion of Article 32 of the forthcoming GDPR is needed however, the mention of information governance, and even data governance is worth noting.
Read more

5 Ways to Fix Security Vulnerabilities

  Looking for way to plug some of the vulnerabilities existing within your organization's security policies? While there is not a specific strategy that works across every single industry, company and even department, there are certain actions that can be taken to help with the gaps. We've put together five tips that might help plug the vulnerabilities within your policies to try to decrease the chance of a security incident existing. Tips to Plug the Vulnerabilities in Your Policy 1. Make Security a Company-Wide Culture Security policy isn't just an "IT thing." It's a topic that spans departments and usually involves close collaboration with your IT department. Sending one memo, or having one meeting about cybersecurity risks within an organization will not "fix" a lack of a cybersecurity culture, but it is a beginning. Knowing the risks within a business structure and what departments may be affected is also crucial. In order to implement a new culture aimed at helping minimize risks in cybersecurity, the security policies themselves may need to be reviewed.   Examples of security policies that involved the human side...
Read more

Data Security: Best Practices for Keeping Data Secure

There is not an exact science to data security, however, with the General Data Protection Regulation (GDPR) coming into effect in 2018, the financial penalties and loss of reputation may cause more organizations to work on an effective solution. Some best practices include checks of processes, policies, people, and of course software. Though many organizations may not feel as if they have the time or bandwidth to analyze their current situation, good or bad, companies need to know where current IT practices stand.
Read more

5 Things to Know About GDPR Compliance

  What is the GDPR? The General Data Protection Regulation, (GDPR) requires organizations to protect personal data and the privacy of European Union (EU) citizens on transactions occurring within EU member states. Effective May 25, 2018, this regulation replaces the data protection directive from 1995, and consists of 99 articles, adding responsibilities and in some cases new roles to organizations.  Essentially, data protection will become a fundamental right and this regulation not only protects the rights and freedom of that data,  but it also: Defines the process/steps dataholders must take to protect data Stresses enforcement expectations of the GDPR Allows for larger fines to be enforced Requires disclosures for data security breaches Personal data, as defined by the GDPR,  is any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Read more

Is Security Awareness Required With Docker Security?

    One of the greatest concerns associated with new technological advances is the understanding of security. As we approach an era of technological advancement, it has become increasingly important to create effective defenses against threats to data compromise. A major factor to preventing data compromise is the increase of security awareness. The 2017 Cyberthreat Defense Report reported increasing rates of poor security awareness among employees and management surveyed during the past 4 years.
Read more
Page 1 of 212