Computer System Security Requirements for IRS 1075: What You Need to Know

The IRS 1075 publication lays out a framework of compliance regulations to ensure federal tax information, or FTI, is treated with adequate security provisioning to protect its confidentiality. This may sound simple ...

NERC CIP Audits: Top 8 Dos and Don’ts

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, ...

The Next Milestone for the NYS DFS Cybersecurity Regulation is Approaching

The landmark NYS DFS cybersecurity regulation that took effect in New York State in March 2017 is approaching its third of four milestones. This was the first regulation of its kind that ...

The California Consumer Privacy Act of 2018 (AB 375): What You Need to Know

On June 28, California passed a sweeping data privacy law after only one week of work. Unless AB 375 (the California Consumer Privacy Act of 2018) is amended before its January 1, ...

The GDPR Deadline Has Passed – Now What?

I was listening to Jenny Radcliffe interviewing Sarah Clarke on The Human Factor podcast the other day. (If you haven’t tuned in to this podcast, you are definitely missing out on a ...
ICANN Still Working on Interim Compliance Model for GDPR

ICANN Still Working on Interim Compliance Model for GDPR

The Internet Corporation For Assigned Names and Numbers (ICANN) is still in the process of developing an interim compliance model to address concerns surrounding GDPR. In an earlier blog post, I mentioned ...

GDPR Is Coming, So What Now for WHOIS Domain Registration Data?

When the European Union General Data Protection Regulation (GDPR) comes into force on May 25, 2018, what will happen to currently-available domain registration data in WHOIS? The GDPR restricts how personal data ...

ISO 27001 and Why It Matters for Your Business

ISO 27001 is a set of standards for information security management systems (ISMS). Created by the International Organization for Standardization, an independent, non-governmental organization, ISO 27001 is a part of the broader ...

How to Use NIST’s Cybersecurity Framework to Protect against Integrity-Themed Threats

When it comes to the CIA triad, confidentiality generally commands most of the attention. Organizations are worried about the unauthorized disclosure of their data, so they concentrate on reducing the risks of ...

An Analog to Security and Compliance: The Wonder Twins

Security and compliance are two sides of the same coin, although they are often seen as adversaries. The truth is, much like the 1980s power siblings, the Wonder Twins (whose powers only ...
Loading...