Security audit, compliance and standards

Get tips from the experts on security audits, compliance and standards. Advice is offered on data privacy and theft, audit planning and management, how to work with auditors, and compliance with standards, regulations and guidelines such as PCI DSS, GLBA, HIPPA, SOX, FISMA, ISO 17799 and COBIT.

Top Stories

Tip 27 Oct 2021
5 IT security policy best practices

As businesses and technologies grow and evolve, it's important IT security policies do, too. Follow these five best practices to ensure policies are fresh and relevant. Continue Reading
By
- Diana Kelley, SecurityCurve
Tip 01 Sep 2021
Blockchain for identity management: Implications to consider

Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
By
- Jessica Groopman, Kaleido Insights

Tip 01 Sep 2021
Blockchain for identity management: Implications to consider

Blockchain has changed the way IAM authenticates digital identities. Consider these 14 implications when asking how and where IAM can benefit your organization. Continue Reading
By
- Jessica Groopman, Kaleido Insights
News 25 Aug 2021
AWS launches Backup Audit Manager compliance tool

A new AWS Backup feature, the Audit Manager, tracks backup activities to help customers determine if they are meeting business and regulatory compliance requirements. Continue Reading
By
- Johnny Yu
News 22 Jul 2021
US Senate mulling bill on data breach notifications

The Senate Intelligence Committee introduced a bill that would require federal agencies and companies providing critical infrastructure to report network breaches to DHS. Continue Reading
By
- Shaun Nichols, TechTarget
Feature 07 Jun 2021
Hackers vs. lawyers: Security research stifled in key situations

The age-old debate between sharing information or covering legal liability is a growing issue in everything from bug bounties to disclosing ransomware attacks. Continue Reading
By
- Shaun Nichols, TechTarget
News 25 May 2021
Chaos in Maricopa County: The election audit explained

The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading
Podcast 25 May 2021
Risk & Repeat: Recapping RSA Conference 2021

Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 12 Nov 2020
New Yugabyte release boosts distributed SQL database security

Yugabyte now has row-level geo-partitioning for its open source distributed SQL database, enhanced multi-region features and several new features to improve security. Continue Reading
By
- Sean Michael Kerner
Tip 30 Oct 2020
Updated FFIEC 'Business Continuity' handbook highlights planning

The FFIEC handbook on business continuity has been updated by the organization to place greater emphasis on planning, with more detailed information on testing and exercises. Continue Reading
By
- Paul Kirvan
Tip 24 Aug 2020
ISO and FFIEC business continuity standards compared

Global standards aid the process of creating and updating a business continuity plan. The requirements of two popular standards can ensure that your BC team doesn't miss any steps. Continue Reading
By
- Paul Kirvan
Tip 28 Jul 2020
What the CCPA means for content security

Now that the CCPA is in full effect, businesses must adjust their processes to better protect content. Organizations should prioritize security to avoid fines. Continue Reading
By
- Laurence Hart, CGI Federal
Tip 07 Jul 2020
Navigate the DOD's Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification requires DOD contractors to achieve baseline security standards. Explore the five levels of certification and how to achieve them. Continue Reading
By
- Mike Chapple, University of Notre Dame
Answer 21 May 2020
Should IT consider NIAP-certified products for MDM?

The average organization may not require military-grade security for its endpoint management platform, but IT pros should take note of which products meet that standard. Continue Reading
By
- Robert Sheldon
Tip 11 Mar 2020
Updating the data discovery process in the age of CCPA

Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
By
- Michael Cobb
Tip 14 Jan 2020
HIPAA compliance checklist: The key to staying compliant in 2020

Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
- Richard Mackey
Feature 10 Dec 2019
Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading
By
- Sandra Gittlen
News 21 Aug 2019
Salesforce DNSSEC project aims to boost site security, speed, uptime

Salesforce, which juggles multiple DNS providers to serve customers while complying with global data-privacy regulations, spearheads new DNS models to enable deeper encryption. Continue Reading
By
- Don Fluckinger, Senior News Writer
Feature 02 Aug 2019
Why is third-party risk management essential to cybersecurity?

Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 06 Jun 2019
Why larger GDPR fines could be on the horizon

There haven't been many fines under the General Data Protection Regulation since the EU data privacy law went into effect a year ago. But experts warn that will likely change. Continue Reading
By
- Mekhala Roy
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
Tip 20 Feb 2019
Key steps to put your zero-trust security plan into action

There are three key categories of vendor zero-trust products. Learn what they are, and how to evaluate and implement the one that's best for your company. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 02 Oct 2018
Seven criteria for evaluating today's leading SIEM tools

Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Feature 08 Aug 2018
SIEM benefits include efficient incident response, compliance

SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Tip 17 May 2018
How security operations centers work to benefit enterprises

One key support system for enterprises is security operations centers. Expert Ernie Hayden reviews the basic SOC framework and the purposes they can serve. Continue Reading
By
- Ernie Hayden, 443 Consulting LLC
Answer 14 Mar 2018
What does the GDPR definition of personal data include?

The definition of personal data in the EU's GDPR data protection rules is broad enough to include any type of data that can be used to directly or indirectly identify a person. Continue Reading
By
- Bridget Botelho
News 09 Mar 2018
DHS cybersecurity audit scores below target security levels

A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security. Continue Reading
By
- Michael Heller, TechTarget
Opinion 08 Mar 2018
The EU's GDPR will make us better storage managers

The European Union's General Data Protection Regulation has organizations worldwide rethinking storage management to their and their customers' benefit. Continue Reading
By
- Rich Castagna
Tip 11 Jan 2018
Security compliance standards as a guide in endpoint plans

Consider security compliance regulations for your industry as a starting point and a guide for planning your specific approach to enterprise endpoint protection. Continue Reading
By
- Brien Posey
Buyer's Guide 30 Aug 2017

Selecting the best object-based storage platform for your needs

Object-based storage systems can provide the scalability needed to meet organizations' increasing unstructured data storage requirements. Learn how to pick the right platform. Continue Reading
Feature 28 Aug 2017
Electronic voting systems in the U.S. need post-election audits

Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems? Continue Reading
By
- Madelyn Bacon, TechTarget
Feature 28 Aug 2017
The leading object storage vendors offer broad range of options

Explore how the leading object storage systems can be accessed, how they integrate with the cloud, what data security they provide and the various deployment options they offer. Continue Reading
By
- Scott D. Lowe, ActualTech Media
Tip 24 Aug 2017
The difference between security assessments and security audits

Security audits vs. security assessments solve different needs. Organizations may use security audits to check their security stature while security assessments might be the better tool to use. Expert Ernie Hayden explains the differences. Continue Reading
By
- Ernie Hayden, 443 Consulting LLC
Feature 12 Jul 2017
Analyzing products from the leading object storage vendors

When evaluating the leading object-based storage systems, it is important to consider which product can best support your uses cases and unique site requirements. Continue Reading
By
- Scott D. Lowe, ActualTech Media
Feature 12 Jun 2017
Know why patch management tools are required in the IT infrastructure

Regulations, efficiency and protection are the main drivers for purchasing patch management tools. See why automated patch management is a requirement for most businesses. Continue Reading
By
- Earl Follis
Feature 07 Jun 2017
Questions to ask object storage vendors before evaluating products

Before investing in object storage architecture, it is vital to understand your options, including whether you should buy software, hardware or a combination of both. Continue Reading
By
- Scott D. Lowe, ActualTech Media
Podcast 02 Jun 2017
Risk & Repeat: GDPR compliance clock is ticking

In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
Feature 11 May 2017
Object storage systems ease data capacity and archival concerns

If your organization can identify with any of the object storage use cases noted here, it might be time to consider adding this technology to your storage portfolio. Continue Reading
By
- Scott D. Lowe, ActualTech Media
Answer 21 Dec 2016
Should one cybersecurity mistake mean the end of a CEO's career?

In one case, a tenured CEO made one cybersecurity mistake and was fired. Expert Mike O. Villegas discusses whether this sets a precedence for enterprises going forward. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Definition 16 Nov 2016
PCI assessment

A PCI assessment is an audit of the 12 credit card transaction compliance requirements required by the Payment Card Industry Data Security Standard. Continue Reading
By
- TechTarget Contributor
Tip 17 Jun 2016
How CMMI models compare and map to the COBIT framework

Following ISACA's recent acquisition of the CMMI Institute, expert Judith Myerson takes a closer look at COBIT and CMMI models and how they compare to one another. Continue Reading
By
- Judith Myerson
Feature 09 Feb 2016
Comparing the top vulnerability management tools

Expert Ed Tittel compares how the top-rated vulnerability management tools measure up against each other so you can select the right one for your organization. Continue Reading
By
- Ed Tittel
Answer 26 Jan 2016
Is the FedRAMP certification making a difference?

There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 19 Jan 2016
Seven criteria for buying vulnerability management tools

Expert contributor Ed Tittel describes purchasing criteria for full-featured vulnerability management tools for small organizations to large enterprises. Continue Reading
By
- Ed Tittel
Feature 18 Nov 2015
EMC RSA Security Analytics: SIEM product overview

Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Feature 18 Nov 2015
Splunk Enterprise: SIEM product overview

Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Feature 18 Nov 2015
IBM Security QRadar: SIEM product overview

Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data. Continue Reading
By
- Karen Kent, Trusted Cyber Annex
Feature 04 Nov 2015
Comparing the top Web fraud detection systems

Expert Ed Tittel explores the features of the top Web fraud detection systems and compares critical purchasing criteria. Continue Reading
By
- Ed Tittel
Feature 20 Aug 2015
Introduction to Web fraud detection systems

Expert Ed Tittel explores the purpose of Web fraud detection systems and services, which are designed to reduce the risks inherent in electronic payments and e-commerce. Continue Reading
By
- Ed Tittel
Answer 06 Sep 2011
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16

Learn about ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Continue Reading
By
- SearchSecurity
Definition 30 Sep 2008
Class C2

Class C2 is a security rating established by the U.S. National Computer Security Center (NCSC) and granted to products that pass Department of Defense (DoD) Trusted Computer System Evaluation Criteria (TCSEC) tests. Continue Reading
By
- TechTarget Contributor
Answer 09 Jul 2008
Is the Orange Book still relevant for assessing security controls?

Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. Continue Reading
By
- Mike Rothman, Securosis
Answer 10 Mar 2008
Does SOX provision email archiving?

Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Continue Reading
By
- Mike Rothman, Securosis