Compliance
Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.
Top Stories
-
Tip
25 Jan 2023
Centralized services as a hedge against shadow IT's escalation
Proliferation of cloud, AI and integration tools has increased the deployment security risks of shadow IT and the need to centralize business functions and share support services. Continue Reading
-
Tip
19 Jan 2023
Building a shared services organization structure
Amid the shifting economic climate and new reality of hybrid workforces, there's no better time for companies to consolidate business functions and centralize support services. Continue Reading
- 01 May 2019
-
Quiz
01 May 2019
Take this cybersecurity-challenges quiz and score CPE credit
Just finished ISM's May 2019 issue? Solidify your knowledge, and get CPE credits too, by passing this 10-question quiz. Continue Reading
-
Feature
26 Mar 2019
As compliance evolves, it's time to re-address data classification
Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data. Continue Reading
-
Tip
04 Mar 2019
To improve incident response capability, start with the right CSIRT
Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability. Continue Reading
-
Tip
31 Jan 2019
How to comply with the California privacy act
Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law. Continue Reading
-
Feature
25 Jan 2019
Infoblox's Cricket Liu explains DNS over HTTPS security issues
Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises. Continue Reading
-
News
23 Jan 2019
Google GDPR fine of $57 million sets record
The Google GDPR fine of $57 million marks the first time a major tech company has been penalized under Europe's new privacy regulations. But the fine is less than the maximum allowable penalty. Continue Reading
-
Feature
26 Dec 2018
CCPA compliance begins with data inventory assessment
In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date. Continue Reading
-
Feature
20 Dec 2018
Security, compliance standards help mitigate BIOS security vulnerabilities
Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
-
Tip
05 Dec 2018
What's different about Google Asylo for confidential computing?
The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings. Continue Reading
-
News
21 Nov 2018
Risk assessments essential to secure third-party vendor management
Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes. Continue Reading
-
Tip
24 Oct 2018
Guide to identifying and preventing OSI model security risks: Layers 4 to 7
Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
-
Tip
24 Oct 2018
How security, compliance standards prevent OSI layer vulnerabilities
Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
-
Tip
24 Oct 2018
How do SLAs factor into cloud risk management?
While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management. Continue Reading
-
Answer
12 Oct 2018
How can companies implement ITSM compliance standards?
In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk. Continue Reading
-
Answer
21 Sep 2018
How can a compliance strategy improve customer trust?
Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity. Continue Reading
-
Tip
20 Sep 2018
Securing remote access for cloud-based systems
Don't believe the hype: Access control in the cloud is not a lost cause. Read these tips to learn how you can better secure remote access to your cloud-based systems. Continue Reading
-
News
13 Sep 2018
Trend Micro apps fiasco generates even more questions
In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has admitted to publishing the Open Any Files app. Continue Reading
-
News
11 Sep 2018
Trend Micro apps on Mac accused of stealing data
Researchers claimed Trend Micro apps in the Mac App Store were stealing data. The company removed the offending features, but researchers are still not sold on Trend Micro's excuse. Continue Reading
-
Opinion
13 Aug 2018
Google's 'My Activity' data: Avoiding privacy and compliance risk
Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
-
Feature
31 Jul 2018
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements
New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general. Continue Reading
-
News
27 Jul 2018
Cybersecurity and physical security: Key for 'smart' venues
With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
-
Blog Post
27 Jul 2018
How Dropbox dropped the ball with anonymized data
Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used. Continue Reading
-
Answer
12 Jul 2018
How can cryptojacking attacks in Chrome be stopped?
Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb. Continue Reading
-
Feature
26 Jun 2018
Identify gaps in cybersecurity processes to reduce organizational risk
Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
-
Quiz
14 Jun 2018
How much do you know about cloud risk assessment?
Preparing to take the CCSP exam? This Domain 3 practice quiz tests your understanding of cloud risk assessment, threat analysis, infrastructure security and more. Continue Reading
-
Tip
12 Jun 2018
Cloud risk management explained: Just how secure are you?
There is no shortage of vulnerabilities in the cloud, but the same is true of any outsourcing arrangement. Practicing cloud risk management is essential to staying secure. Continue Reading
-
Blog Post
30 May 2018
It's GDPR Day. Let the privacy regulation games begin!
GDPR Day -- May 25, 2018 -- has passed and enforcement is now accepting complaints against companies violating the terms of the EU's new privacy regulation. Continue Reading
-
Blog Post
09 May 2018
Google I/O's security and privacy focus missing on day one
It's fairly easy to find stories sparking security and privacy concerns regarding a Google product or service — Search, Chrome, Android, AdSense and more — but if you watched or attended Google ... Continue Reading
-
Blog Post
04 May 2018
'Gen V' attacks: The next cybersecurity problem?
In a recent online presentation, Check Point Software Technologies founder and CEO Gil Shwed stated that "we are at an inflection point" when it comes to cybersecurity. Shwed's statement came on ... Continue Reading
-
Answer
30 Apr 2018
What is included in the mPOS security standard from PCI SSC?
The PCI SSC developed an mPOS security standard to improve mobile payment and PIN systems. Expert Michael Cobb looks at what the requirements are and how they help. Continue Reading
-
Blog Post
27 Apr 2018
GDPR deadline: Keep calm and GDPR on
With the GDPR deadline looming, companies may still be scrambling to do "something" about it, but with less than 30 days to go the best move for many may be to wait and watch, and perhaps just ... Continue Reading
-
Answer
20 Apr 2018
Self-sovereign identity: How will regulations affect it?
Will laws like GDPR and PSD2 force enterprises to change their identity management strategies? Expert Bianca Lopes talks regulations, self-sovereign identity and blockchain. Continue Reading
-
News
18 Apr 2018
IBM's Cindy Compert cooks up a batch of GDPR preparation
GDPR preparation, with practical tips and recipes, was on the menu at RSAC 2018, as IBM CTO Cindy Compert offered practical advice for compliance with the EU privacy regulation. Continue Reading
-
Tip
18 Apr 2018
How enterprises should handle GDPR compliance in the cloud
GDPR compliance in the cloud can be an intimidating concept for some enterprises, but it doesn't have to be. Rob Shapland explains why it's not so different from on premises. Continue Reading
-
Quiz
04 Apr 2018
CCSP practice test: Do you know the cloud computing basics?
Preparing to take the CCSP exam? Test your knowledge of key topics in Domain 1, which covers cloud concepts, reference architectures, security concerns and design principles. Continue Reading
-
Blog Post
31 Mar 2018
Privacy protections are needed for government overreach, too
Following the Facebook-Cambridge Analytica controversy, major tech companies pledged to defend users from corporate data misuse, but they're ignoring a more serious privacy threat. Continue Reading
-
Blog Post
30 Mar 2018
Apple GDPR privacy protection will float everyone's privacy boat
With its embrace of new tools for protecting consumer privacy, Apple GDPR privacy protection will be available to all users as the EU's new privacy protection legislation is set to start ... Continue Reading
-
News
30 Mar 2018
New Facebook privacy features and bug bounty aim to repair damage
News roundup: New Facebook privacy features and updates to the company's bug bounty program are being rolled out. Plus, Drupalgeddon 2.0 threatens over 1 million sites, and more. Continue Reading
-
Answer
21 Mar 2018
When does the clock start for GDPR data breach notification?
As new GDPR data breach notification rules go into effect, companies must be ready to move faster than before. Mimecast's Marc French explains what will change and how to cope. Continue Reading
-
Guide
20 Mar 2018
GDPR compliance requirements and how to best fulfill them
Learn the details of the European Union's new regulations for data security and what your company needs to do now to meet them and avoid expensive penalties. Continue Reading
-
News
20 Mar 2018
Illegitimate Facebook data harvesting may have affected elections
A whistleblower claims a company with suspicious motives exploited Facebook data harvesting to build profiles on 50 million users and influence the 2016 U.S. presidential election and Brexit vote. Continue Reading
-
Answer
19 Mar 2018
What will GDPR data portability mean for enterprises?
Enforcement of the EU's Global Data Protection Regulation is coming soon. Mimecast's Marc French discusses the big questions about GDPR data portability for enterprises. Continue Reading
-
News
09 Mar 2018
DHS cybersecurity audit scores below target security levels
A DHS cybersecurity audit for FISMA compliance by the Office of Inspector General rated the agency below target levels in three of five areas of information security. Continue Reading
-
Answer
27 Feb 2018
How hard will the GDPR right to be forgotten be to get right?
Under GDPR, the right to be forgotten is granted to all EU data subjects. Mimecast's Marc French explains why enterprises will need to be careful about how they manage the process. Continue Reading
-
Blog Post
16 Feb 2018
SheHacks hackathon at BU promotes female tech advancement
For 36 hours during the last weekend in January, more than 1,000 attended one of the largest women's hackathons ever at SheHacks Boston. SheHacks Boston organizer Natalie Pienkowska said that the ... Continue Reading
-
Blog Post
31 Jan 2018
Alphabet unveils Chronicle cybersecurity business unit
There is a new moonshot in cybersecurity, and Google's parent company is calling it Chronicle. Alphabet's cybersecurity business unit launched last week and plans on selling cybersecurity services ... Continue Reading
-
Feature
31 Jan 2018
Cybersecurity professionals: Lack of training leaves skills behind
Cybersecurity professionals' increased workloads leave little time for training, leaving their skill sets -- and their companies' data security -- vulnerable to outside threats. Continue Reading
-
Tip
21 Dec 2017
A look at the key GDPR requirements and how to meet them
Meeting the most important GDPR requirements is a great first step to compliance with the new regulation. Expert Steve Weil outlines how to get started on GDPR compliance. Continue Reading
-
Tip
28 Sep 2017
What a data protection officer can offer enterprises subject to GDPR
The EU GDPR requires that organizations appoint a data protection officer, but is that really necessary for security? Expert Francoise Gilbert examines the compliance requirement. Continue Reading
-
Podcast
06 Sep 2017
Risk & Repeat: Payment card security a growing concern
In this week's Risk & Repeat podcast, SearchSecurity editors discuss new research from Verizon on payment card security and the effectiveness of PCI DSS compliance for enterprises. Continue Reading
-
Answer
04 Sep 2017
What should you do when third-party compliance is failing?
Third-party compliance is a necessary part of securing your organization's data. Expert Matthew Pascucci discusses what to do if you suspect a business partner isn't compliant. Continue Reading
-
News
01 Sep 2017
Enterprise compliance with PCI DSS is up, says Verizon
News roundup: More than half of enterprises are in compliance with PCI DSS, according to a Verizon report. Plus, Turla is on the attack again with a new campaign, and more. Continue Reading
-
Feature
28 Aug 2017
Electronic voting systems in the U.S. need post-election audits
Colorado will implement a new system for auditing electronic voting systems. Post-election audits have been proven to help, but are they enough to boost public trust in the systems? Continue Reading
-
Tip
24 Aug 2017
The difference between security assessments and security audits
Security audits vs. security assessments solve different needs. Organizations may use security audits to check their security stature while security assessments might be the better tool to use. Expert Ernie Hayden explains the differences. Continue Reading
-
Answer
02 Aug 2017
Can a PCI Internal Security Assessor validate level 1 merchants?
A PCI Internal Security Assessor might not be the best bet to validate the compliance of a level 1 service provider. Expert Matthew Pascucci explains why and the alternative. Continue Reading
-
Feature
27 Jul 2017
The GDPR right to be forgotten: Don't forget it
Nexsan's Gary Watson explains that the GDPR right to be forgotten will be an important piece of the compliance picture and means deleting data securely, completely and provably when customers ask for it. Continue Reading
-
Feature
25 Jul 2017
Protecting Patient Information
In this excerpt from chapter two of Protecting Patient Information, author Paul Cerrato discusses the consequences of data breaches in healthcare. Continue Reading
-
Feature
25 Jul 2017
Mobile Security and Privacy
In this excerpt from chapter 11 of Mobile Security and Privacy, authors Raymond Choo and Man Ho Au discuss privacy and anonymity in terms of mathematics. Continue Reading
-
Podcast
02 Jun 2017
Risk & Repeat: GDPR compliance clock is ticking
In this week's Risk & Repeat podcast, SearchSecurity editors discuss GDPR compliance and how the EU law will affect enterprise data privacy and security across the globe. Continue Reading
-
Answer
01 Jun 2017
How does a privacy impact assessment affect enterprise security?
A privacy impact assessment can help enterprises determine where their data is at risk of exposure. Expert Matthew Pascucci explains how and when to conduct these assessments. Continue Reading
-
News
31 May 2017
GDPR breach notification rule could complicate compliance
Don't forget the huge fines: When it comes to the new 72-hour GDPR breach notification rule, the cost of compliance must be weighed against harsh GDPR penalties. Continue Reading
-
News
30 May 2017
EU GDPR compliance puts focus on data tracking, encryption
The EU's General Data Protection Regulation is less than a year away. Experts explain why data tracking, encryption and other measures are crucial for GDPR compliance. Continue Reading
-
News
24 May 2017
GDPR compliance help is on the way for Microsoft cloud customers
With GDPR compliance set to be mandatory in one year, Microsoft will help get its cloud customers ready for the new data protection regulation. Continue Reading
-
News
24 May 2017
Q&A: GDPR compliance tips from CSPi's Gary Southwell
With one year left, it's time to prioritize GDPR compliance; Gary Southwell, CSPi's general manager, offers advice for protecting personal data under the EU's new privacy regulation. Continue Reading
-
News
23 May 2017
Q&A: Time to get GDPR compliant, CSPi's Gary Southwell says
Companies doing business in EU face challenge to get GDPR compliant as enforcement of the strict new General Data Protection Regulation is just one year away. Continue Reading
-
Answer
08 May 2017
How should companies prepare for EU GDPR compliance?
Companies that don't meet GDPR compliance standards by May 2018 will be fined. Expert Matthew Pascucci looks at how Microsoft is preparing, and what other companies should do to comply with GDPR. Continue Reading
-
Opinion
01 May 2017
Q&A: GDPR compliance with Microsoft CPO Brendon Lynch
Failure to achieve compliance with the EU's General Data Protection Regulation in the next 12 months can trigger fines of up to 4% of a company's gross annual revenue. Continue Reading
-
News
27 Apr 2017
AWS promises to be GDPR compliant by May 2018 deadline
Amazon promises all AWS cloud services will be GDPR compliant before enforcement of the new EU data privacy regulation starts in 2018, offers customers assistance. Continue Reading
- 26 Apr 2017
-
News
07 Apr 2017
Windows 10 telemetry data collection details revealed
Microsoft exposes Windows 10 telemetry practices just a week before Creators Update; may allay privacy concerns over Windows 10 data collection. Continue Reading
-
News
05 Apr 2017
Internet security protocol bodies ISOC, OTA announce merger
The two leading internet security protocol bodies, Online Trust Alliance and Internet Society, merge to work for improved IoT security and online security. Continue Reading
-
Tip
23 Mar 2017
Is encryption one of the required HIPAA implementation specifications?
When it comes to encryption, the HIPAA implementation specifications are complicated. Expert Joseph Granneman explains whether it's required or addressable. Continue Reading
-
News
22 Feb 2017
Microsoft commits to GDPR compliance in the cloud by 2018 deadline
Microsoft vows GDPR compliance in all cloud services when enforcement of the new EU data privacy regulation begins in May 2018, but companies still must take action to avoid fines. Continue Reading
-
News
21 Feb 2017
Windows 10 privacy issues persist, says EU privacy watchdog
Windows 10 privacy issues remain as EU's top privacy watchdog group, the Article 29 Working Party, issues a second warning letter to Microsoft to simplify, clarify data collection. Continue Reading
-
News
26 Jan 2017
Microsoft defeats DOJ appeal in cloud data privacy case
Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center. Continue Reading
-
News
13 Jan 2017
Microsoft privacy tools give users control over data collection
New Microsoft privacy tools will give users control over the data collected on the web and within Windows. Experts hope the tools will offer data privacy transparency. Continue Reading
-
Tip
10 Jan 2017
How to maintain digital privacy in an evolving world
Protecting a user's digital privacy across different technologies requires a plethora of tools. Expert Matthew Pascucci explores the different ways to protect sensitive data. Continue Reading
-
Answer
11 Mar 2016
What are the latest SEC Risk Alert findings?
The latest SEC Risk Alert from the OCIE has important updates for financial services firms. Expert Mike Chapple reviews the report. Continue Reading
-
Answer
26 Jan 2016
Is the FedRAMP certification making a difference?
There was speculation in the security world over whether the FedRAMP certification would be helpful or not. Now that it's in full use, Mike Chapple looks at the state of FedRAMP. Continue Reading
-
Feature
23 Nov 2015
'Going dark': Weighing the public safety costs of end-to-end encryption
'Going dark' -- or the FBI's inability to access data because of encryption -- could put public safety at risk, intelligence officials say. But tech companies argue that strong encryption is needed to protect corporate and customer data. Continue Reading
-
News
20 Nov 2015
Safe Harbor framework update in danger of capsizing
News roundup: Rights groups join critics of Safe Harbor framework update, OPM breach testimony pushback, FBI hiring part of cybersecurity issue for Justice Department. Plus: recycled malware, Microsoft's security push. Continue Reading
-
Tip
17 Nov 2015
Life after the Safe Harbor agreement: How to stay compliant
Now that the Safe Harbor agreement is invalid, U.S. and EU organizations need to find new ways to securely handle data so they can stay in business. Continue Reading
-
Tip
21 Jul 2015
PCI DSS 3.1 marks the end of SSL/early TLS encryption for retailers
The early arrival of PCI DSS 3.1 could leave organizations scrambling. The biggest change to the standard -- and the top priority for organizations -- is the end of SSL and early TLS. Continue Reading
-
Answer
02 Jul 2015
What do organizations need to know about privacy in a HIPAA audit?
A HIPAA audit covers privacy compliance, and organizations need to be prepared. Expert Mike Chapple discusses privacy in the audits. Continue Reading
-
Tip
01 Jul 2015
A new trend in cybersecurity regulations could mean tougher compliance
State cybersecurity regulations may mean compliance will get more complicated, and that has experts worried. Learn what's causing this trend and what organizations should prepare for. Continue Reading
-
Answer
01 Apr 2015
Do HIPAA compliance requirements change during health crises?
Outbreaks of Ebola caused widespread fear, but should enterprises be worried about the effect on HIPAA compliance requirements? Compliance expert Mike Chapple explains. Continue Reading
-
Tip
06 Mar 2015
What Apple Pay tokenization means for PCI DSS compliance
Tokenization is a key technology underlying Apple Pay, promising to boost payment data security. Mike Chapple examines how Apple Pay's tokenization system works, and whether it will provide any PCI DSS compliance relief. Continue Reading
-
Answer
14 Jan 2015
What's the best way to find enterprise compliance tools?
Looking for compliance tools? Expert Mike Chapple explains why the best place to start the search is within your own information security infrastructure. Continue Reading
-
Tip
07 Nov 2014
The 10 questions to ask during a mobile risk assessment
To both embrace the benefits of BYOD and shore up the security gaps created by it, ask these 10 questions when conducting a mobile risk assessment. Continue Reading
-
Tip
13 Aug 2014
FAQ: Were executives held accountable after the Target data breach?
Target Corp. has made major executive changes in the months following its massive 2013 data breach as the company strives to reassure customers and rework digital information security processes. Continue Reading
-
Tip
12 Nov 2013
PCI DSS version 3.0: The five most important changes for merchants
PCI DSS version 3.0 isn't a wholesale revision, but longtime PCI expert Ed Moyle says merchants' transitions must start now to avoid problems later. Continue Reading
-
Feature
01 Nov 2013
The history of the PCI DSS standard: A visual timeline
The origins of the PCI Data Security Standard date back to the late 1990s. Explore key events in the history of PCI DSS, from Y2K to PCI DSS 3.0. Continue Reading
-
Feature
03 Jun 2013
Are FedRAMP security controls enough?
Cloud service providers are working with authorized third-party auditors to meet FedRAMP security controls. The 3PAOs tell us how it’s going, so far. Continue Reading
-
Video
22 May 2013
The impact of cloud and social media on risk management strategies
More organizations are incorporating the cloud and social media into business processes, changing enterprises’ risk management strategies. Continue Reading
-
Tip
18 Jun 2012
With JOBS Act, Sarbanes-Oxley compliance likely won't get easier
While SMBs may benefit from the JOBS Act, Sarbanes-Oxley compliance for enterprises may remain largely unchanged. Expert Mike Chapple explains why. Continue Reading
-
Tip
10 Feb 2012
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Continue Reading
-
Answer
06 Sep 2011
Comparing certifications: ISO 27001 vs. SAS 70, SSAE 16
Learn about ISO 27001 vs. SAS 70, and why enterprises should pay attention to SSAE 16 over SAS 70. Continue Reading
-
Tip
27 Jan 2011
Cloud security standards provide assessment guidelines
The Cloud Security Alliance Cloud Controls Matrix helps cloud providers and customers to evaluate security controls. Continue Reading
-
Tip
04 Nov 2010
Are you in compliance with the ISO 31000 risk management standard?
The ISO 31000 risk management standard is becoming an important development tool for shaping existing and new programs. Learn if your programs are in compliance with the standard. Continue Reading