Compliance

Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.

Top Stories

Tip 20 May 2025
Best practices for board-level cybersecurity oversight

Corporate boards must play an increasingly active role in overseeing cybersecurity strategies. Here's what they need to know, from SEC disclosure requirements to best practices. Continue Reading
By
- Jerald Murphy, Nemertes Research
News 06 May 2025
ServiceNow expands AI governance, emphasizes ROI

Enterprises remain nervous about deploying AI agents in production, as IT vendors vie to demonstrate the value and comprehensiveness of their platforms. Continue Reading
By
- Beth Pariseau, Senior News Writer

Tip 29 Mar 2022
Deploy an information barrier policy for Microsoft Teams

Mistakes happen, but can be costly when they involve compliance. Office 365 information barriers can prevent inadvertent sharing to protect the organization's sensitive data. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
Tip 24 Mar 2022
How to overcome GDPR compliance challenges

As GDPR fines and penalties increase, organizations must prioritize compliance to avoid financial and reputational damages. Learn about the top challenges and their solutions. Continue Reading
By
- Paul Kirvan
Definition 21 Mar 2022
COPPA (Children's Online Privacy Protection Act )

The Children's Online Privacy Protection Act of 1998 (COPPA) is a federal law that imposes specific requirements on operators of websites and online services to protect the privacy of children under 13. Continue Reading
By
- Katie Terrell Hanna
News 16 Mar 2022
Biden signs law on reporting critical infrastructure cyber attacks

President Joe Biden signed a law that requires critical infrastructure entities to report cyber attacks within 72 hours and report ransom payments in 24 hours. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Tip 15 Mar 2022
How endpoint encryption works in a data security strategy

Companies should use encryption to keep data on endpoints protected should an attacker successfully get hold of a device or breach enterprise security measures. Continue Reading
By
- Michael Cobb
Tip 11 Mar 2022
How to write an information security policy, plus templates

Infosec policies are key to any enterprise security program. Read up on types of security policies and how to write one, and download free templates to start the drafting process. Continue Reading
By
- Paul Kirvan
Definition 02 Mar 2022
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)

The North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) plan is a set of standards aimed at regulating, enforcing, monitoring and managing the security of the Bulk Electric System (BES) in North America. Continue Reading
By
- Rahul Awati
- Ben Cole, Executive Editor
Tip 25 Feb 2022
Privacy-enhancing technology types and use cases

Data is key to companies' success, but maintaining its privacy and ensuring regulatory compliance is difficult. Learn about privacy-enhancing technologies that keep data protected. Continue Reading
By
- Michael Cobb
Tip 23 Feb 2022
Crosswalk cloud compliance to ensure consistency

Combining a risk management framework with security policies can be tricky, but crosswalking -- especially in the cloud -- can help address inconsistencies and maintain compliance. Continue Reading
By
- Diana Kelley, SecurityCurve
News 10 Feb 2022
Why Massachusetts' data breach reports are so high

Massachusetts discloses breaches of companies that affect just a single resident, giving the commonwealth a much larger number of 2021 incidents than other states. Continue Reading
By
- Peyton Doyle, News Editorial Assistant
Guest Post 09 Feb 2022
How automated certificate management helps retain IT talent

Organizations shouldn't waste their IT pros' time on unnecessary tasks -- especially during a skills shortage. Learn about the benefits of automated digital certificate management. Continue Reading
By
- Tim Callan
Feature 28 Jan 2022
4 data privacy predictions for 2022 and beyond

Data privacy will continue to heat up in 2022. From regulations to staffing to collaboration, will these data privacy predictions come to fruition in the next 12 months and beyond? Continue Reading
By
- Isabella Harford, TechTarget
News 24 Jan 2022
Monero and the complicated world of privacy coins

Monero is known for being one of the most common cryptocurrencies seen in illicit transactions, but its development community paints a different picture of the privacy coin. Continue Reading
By
- Alexander Culafi, Senior News Writer
Tip 21 Jan 2022
Top cloud security standards and frameworks to consider

Cloud security standards and frameworks are key to securing systems and maintaining privacy. Read up on available options and advice for selecting the best for your organization. Continue Reading
By
- Paul Kirvan
Guest Post 28 Dec 2021
How to make security accessible to developers

Apps are too often released with flaws and vulnerabilities. Learn how to make security accessible to developers by integrating best practices into the development lifecycle. Continue Reading
By
- Aakash Shah, Om Vyas
Guest Post 10 Dec 2021
The business benefits of data compliance

Beyond appeasing auditors and avoiding fines, data compliance offers several business benefits. Discover how data compliance can build trust and improve publicity. Continue Reading
By
- Mitesh Athwani
Feature 09 Dec 2021
GDPR as we enter 2022: Challenges, enforcement and fines

Take a look at where GDPR stands as it reaches its fourth birthday, including enforcement and fine changes, current challenges, how COVID-19 affected it and more. Continue Reading
By
- Isabella Harford, TechTarget
Definition 22 Nov 2021
snooping

Snooping, in a security context, is unauthorized access to another person's or company's data. Continue Reading
By
- Andrew Froehlich, West Gate Networks
Guest Post 15 Nov 2021
Reduce the risk of cyber attacks with frameworks, assessments

Don't rely on a compliance mandate to reduce the risk of cyber attacks or on a cyber insurer to cover an attack's aftermath. Assessments and frameworks are key to staying safe. Continue Reading
By
- Kayne McGladrey
Tip 05 Nov 2021
Steps for building a privacy program, plus checklist

Organizations need to prioritize privacy now more than ever. Follow these steps, and use our checklist to create a privacy program that ensures compliance and mitigates threats. Continue Reading
By
- Paul Kirvan
Tip 04 Nov 2021
7 best practices to ensure GDPR compliance

Complying with the EU's GDPR data privacy mandates remains challenging. These best practices -- such as hiring a data protection officer and classifying data -- can help. Continue Reading
By
- Michael Cobb
Definition 03 Nov 2021
Report on Compliance (ROC)

A Report on Compliance (ROC) is a form that must be completed by all Level 1 Visa merchants undergoing a PCI DSS (Payment Card Industry Data Security Standard) audit. Continue Reading
By
- Paul Kirvan
Definition 27 Oct 2021
Securities and Exchange Commission (SEC)

The Securities and Exchange Commission (SEC) is the U.S. government agency that oversees the nation's securities industry. Continue Reading
By
- Paul Kirvan
Feature 30 Sep 2021
10 CCPA enforcement cases from the law's first year

It's been more than a year since CCPA enforcement began, and organizations started hearing from the California attorney general. Explore 10 early cases of alleged noncompliance. Continue Reading
By
- Alissa Irei, Senior Site Editor
Definition 30 Sep 2021
Secure Electronic Transaction (SET)

Secure Electronic Transaction (SET) is a system and electronic protocol to ensure the integrity and security of transactions conducted over the internet. Continue Reading
By
- Rahul Awati
Tip 21 Sep 2021
The benefits of an IT management response

Many organizations create management responses to traditional audit findings. But did you know organizations can do them after IT audits and assessments, too? Continue Reading
By
- Ed Moyle, SecurityCurve
Definition 20 Sep 2021
COBIT

COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices. Continue Reading
By
- Katie Terrell Hanna
Tip 05 Aug 2021
How to use the NIST framework for cloud security

Aligning the NIST Cybersecurity Framework with cloud services such as AWS, Azure and Google Cloud can improve cloud security. Read how to best use the framework for the cloud. Continue Reading
By
- Ed Moyle, SecurityCurve
News 25 May 2021
Chaos in Maricopa County: The election audit explained

The controversy about an election audit of Maricopa County, Ariz., involves accusations of deleted databases, bamboo fibers and potentially ruined voting machines. Continue Reading
By
- Alexander Culafi, Senior News Writer
Podcast 25 May 2021
Risk & Repeat: Recapping RSA Conference 2021

Election security, nation-state threats and supply chain attacks were major topics at this year's RSA Conference, which was held as a virtual event. Continue Reading
By
- Rob Wright, Senior News Director
Tip 07 May 2021
How to successfully automate GRC systems in 7 steps

There is more to automating GRC programs than technology alone. This implementation roadmap helps IT leaders effectively plan, deploy and monitor GRC activities and tools. Continue Reading
By
- Paul Kirvan
Tip 06 May 2021
How to use CIS benchmarks to improve public cloud security

Safeguarding public cloud environments is a shared responsibility. Cloud customers should use CIS benchmarks to ensure cloud security at the account level. Continue Reading
By
- Dave Shackleford, Voodoo Security
Tip 09 Apr 2021
Exploring GRC automation benefits and challenges

Governance, risk and compliance is a crucial enterprise task but can be costly and time-consuming. This is where GRC automation fits in. Learn about its benefits and challenges. Continue Reading
By
- Paul Kirvan
Feature 30 Mar 2021
Feds debate while states act on data privacy laws

As Congress debates its next move on how to regulate big tech, states are already enacting legislation. Their push will likely serve as a model for the federal government. Continue Reading
By
- Makenzie Holland, Senior News Writer
Guest Post 04 Mar 2021
Rebuild security and compliance foundations with automation

Instead of patchwork security fixes, financial organizations need to embrace automation, create and deploy secure software and address implementation problems. Continue Reading
By
- Ehsan Foroughi
Guest Post 08 Jan 2021
7 cybersecurity priorities CISOs should focus on for 2021

For 2021, Vishal Salvi argues that CISOs should tie cybersecurity to business agendas better, invest in cloud security, implement IT hygiene, modernize security architecture and more. Continue Reading
By
- Vishal Salvi
Tip 13 Nov 2020
How to use the Mitre ATT&CK framework for cloud security

Learn how to use the Mitre ATT&CK security framework to keep your enterprise cloud environment -- whether AWS, GCP, Azure, Azure AD or Microsoft 365 -- secure. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 07 Jul 2020
5 PCI DSS best practices to improve compliance

Increased rates of PCI noncompliance are worth examining, as are PCI DSS best practices and tips for small and medium-sized companies. Read more in-depth compliance coverage here. Continue Reading
By
- Katie Donegan, Social Media Manager
Tip 28 May 2020
5 steps to determine residual risk during the assessment process

Even the best security controls have data management gaps that create risk. Here are steps to identify and offset residual risk during an assessment. Continue Reading
By
- Judith Myerson
Feature 01 May 2020
One security framework may be key to cyber effectiveness

The Mitre ATT&CK security framework could best enable effective cybersecurity, according to The Chertoff Group, as could joining information sharing and analysis organizations. Continue Reading
By
- Michael Heller, TechTarget
01 May 2020

One security framework may be key to cyber effectiveness

Continue Reading
Tip 17 Mar 2020
Get to know the elements of Secure Access Service Edge

Cloud services use cases continue to expand, but implementation challenges remain. Discover Secure Access Service Edge, or SASE, offerings and how they can simplify connectivity. Continue Reading
By
- Dave Shackleford, Voodoo Security
Feature 16 Mar 2020
How privacy compliance rules will affect IT security

As companies scramble to comply with consumer data privacy compliance mandates, like GDPR, CCPA and others on the horizon, IT security will shoulder much of the process burden. Continue Reading
By
- Ben Cole, Executive Editor
Tip 11 Mar 2020
Updating the data discovery process in the age of CCPA

Privacy regulations are changing the enterprise data discovery process. Now, automation is key for fulfilling data discovery mandates, including those for CCPA and GDPR. Continue Reading
By
- Michael Cobb
Tip 05 Mar 2020
Use this CCPA compliance checklist to get up to speed

California leads the pack in terms of state regulations on data privacy and transparency. Now, it's time for businesses to be proactive with this CCPA compliance checklist. Continue Reading
By
- Mike Chapple, University of Notre Dame
Tip 03 Mar 2020
Balance fraud compliance and prevention with these tips

IT leaders must be vigilant against cyberfraud. Use this list of fraud compliance statutes and prevention tips to protect IT resources, customers and your company's reputation. Continue Reading
By
- Paul Kirvan
Tip 27 Feb 2020
Privacy controls to meet CCPA compliance requirements

Existing risk management programs are a solid foundation for CCPA compliance requirements. Learn the privacy controls needed to remain CCPA-compliant and improve IT security. Continue Reading
By
- Anne Kimbol
News 25 Feb 2020
Securiti.ai wins RSA Innovation Sandbox Contest

Securiti.ai, which offers an AI-powered 'PrivacyOps' platform, took home the title of 'Most Innovative Startup' at RSA Conference's Innovation Sandbox Contest. Continue Reading
By
- Arielle Waldman, News Writer
Feature 17 Feb 2020
Fighting PCI non-compliance could require new frameworks, zero trust

Falling PCI DSS compliance rates could force the PCI Security Standards Council to be more open to other regulatory frameworks and make enterprises aim higher in terms of data security. Could zero trust be part of the solution? Continue Reading
By
- Michael Heller, TechTarget
Feature 29 Jan 2020
How to implement a holistic approach to user data privacy

IoT devices flood the market with promises to make daily life more convenient. Learn how to embrace user consent to benefit your organization and enhance user data privacy. Continue Reading
By
- Katie Donegan, Social Media Manager
Feature 21 Jan 2020
Understanding the CSA Cloud Controls Matrix and CSA CAIQ

Uncover how the CSA Cloud Controls Matrix and CSA CAIQ can be used to assess cloud providers' controls and risk models, ensure cloud compliance and more. Continue Reading
By
- Ed Moyle, SecurityCurve
- Diana Kelley, SecurityCurve
Tip 14 Jan 2020
HIPAA compliance checklist: The key to staying compliant in 2020

Putting together a HIPAA compliance program can be fraught with difficulty. Review best practices and a HIPAA compliance checklist to avoid common pitfalls and pass an audit. Continue Reading
By
- Reda Chouffani, Biz Technology Solutions
- Richard Mackey
Opinion 23 Dec 2019
Shared responsibility model transparency boosts cloud security

The shared responsibility model delineates where company and CSP security responsibilities start and end. This is critical not only for compliance, but also the big security picture. Continue Reading
By
- Lee Penn
Feature 10 Dec 2019
Best practices to help CISOs prepare for CCPA

With the CCPA taking effect in 2020, check out security chiefs' best practices to get ahead and stay ahead of impending data privacy and protection compliance regulations. Continue Reading
By
- Sandra Gittlen
News 19 Nov 2019
CrowdStrike: Incident response times still too long

A CrowdStrike study revealed it takes enterprise security teams almost seven days of nonstop work to detect, investigate and contain the average incident. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 14 Nov 2019
InfoTrax settles FTC complaint, will implement infosec program

InfoTrax settled an FTC complaint over an extensive data breach that lasted two years. Now, it can no longer collect any personal data until it implements its own infosec program. Continue Reading
By
- Alexander Culafi, Senior News Writer
News 13 Nov 2019
Microsoft to apply CCPA protections to all US customers

Microsoft said it will apply the California Consumer Privacy Act across the nation and extend the law's data privacy protections to customers in all fifty states. Continue Reading
By
- Alexander Culafi, Senior News Writer
- Rob Wright, Senior News Director
Feature 01 Nov 2019
Report shows CISOs, IT unprepared for privacy regulations

Several data management principles are common across new and developing privacy regulations, but Internet Society reports that many U.S. organizations are falling behind. Continue Reading
By
- Ben Cole, Executive Editor
01 Nov 2019

Report shows CISOs, IT unprepared for privacy regulations

Continue Reading
Feature 28 Oct 2019
How the future of data privacy regulation is spurring change

Some companies have taken steps to improve data governance in anticipation of data privacy rules. Experts discuss the challenges of compliance in a shifting regulatory landscape. Continue Reading
By
- Mary K. Pratt
Tip 30 Sep 2019
How PCI DSS compliance milestones can be a GDPR measuring stick

Constantly evolving regulations can cause confusion for security officers, but sometimes, there is process overlap. Here's how achieving compliance with PCI DSS can help meet GDPR mandates. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Feature 02 Aug 2019
Why is third-party risk management essential to cybersecurity?

Attackers know third parties hold many of the keys to the enterprise network, so third-party risk management is crucial for security professionals. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 29 Jul 2019
Untangling GDPR fines with Synopsys' Tim Mackey

Tim Mackey of Synopsys tries to clear up some of the mystery around how GDPR regulators determine the fines levied on companies for major data breaches or privacy violations. Continue Reading
By
- Michael Heller, TechTarget
Answer 26 Jun 2019
What is the best way to write a cloud security policy?

Enterprises new to the cloud can write new security policies from scratch, but others with broad cloud usage may need an update. Consider these policy writing best practices. Continue Reading
By
- Nick Lewis
Answer 26 Jun 2019
What are the top cloud security certifications for 2019?

Cloud security certifications serve to bolster security professionals' resumes and boost value to employers. Learn about the top certifications available from expert Nick Lewis. Continue Reading
By
- Nick Lewis
Tip 19 Jun 2019
What holistic network security tools offer an organization

Tools that provide a holistic approach to monitoring the IT infrastructure come in a variety of configurations and delivery models. Learn what's available. Continue Reading
By
- Mary K. Pratt
News 06 Jun 2019
Why larger GDPR fines could be on the horizon

There haven't been many fines under the General Data Protection Regulation since the EU data privacy law went into effect a year ago. But experts warn that will likely change. Continue Reading
By
- Mekhala Roy
Feature 31 May 2019
Explore this NGFW comparison of leading vendors on the market

Explore some of the top NGFWs currently on the market -- based on features and user reviews -- to help you make a buying decision Continue Reading
By
- Linda Rosencrance
Feature 14 May 2019
6 firewall selection criteria to purchase NGFWs

These six key factors will help your company determine the best NGFW product for your organization's needs. Continue Reading
By
- Mike O. Villegas, K3DES LLC
News 08 May 2019
Google I/O 2019 keynote brings focus on security and privacy

After being a no-show at last year's conference, security and privacy improvements were big themes at Google I/O's first day, including discussion on federated learning. Continue Reading
By
- Michael Heller, TechTarget
Feature 08 May 2019
Next-generation firewalls vs. traditional and UTMs

Learn the advantages of next-generation firewalls that protect enterprise networks from attacks and intrusion, as well as the differences between NGFWs and traditional firewalls. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Opinion 01 May 2019
Putting cybersecurity for healthcare on solid footing

CISO Kevin Charest talks security threats he sees in the healthcare field and the means his company is using to thwart them, including HCSC's Cyber Fusion Center. Continue Reading
By
- Alan R. Earls
01 May 2019

Putting cybersecurity for healthcare on solid footing

Continue Reading
Quiz 01 May 2019
Take this cybersecurity-challenges quiz and score CPE credit

Just finished ISM's May 2019 issue? Solidify your knowledge, and get CPE credits too, by passing this 10-question quiz. Continue Reading
By
- Brenda L. Horrigan, Executive Managing Editor
Feature 26 Mar 2019
As compliance evolves, it's time to re-address data classification

Compliance rules like GDPR and the CCPA require a fresh look at companies' data classification policy, and particularly how it defines its wide variety of unstructured data. Continue Reading
By
- Mary K. Pratt
Tip 04 Mar 2019
To improve incident response capability, start with the right CSIRT

Is your organization ready to build a computer security incident response team? Here are the questions that should be answered when building a CSIRT to maximize incident response capability. Continue Reading
By
- Peter Sullivan
Tip 31 Jan 2019
How to comply with the California privacy act

Organizations that handle California consumer data have a year to comply with CCPA. Expert Steven Weil discusses what enterprises need to know about the California privacy law. Continue Reading
By
- Steven Weil, Point B
Feature 25 Jan 2019
Infoblox's Cricket Liu explains DNS over HTTPS security issues

Cricket Liu, chief DNS architect at Infoblox, explains how DNS over HTTPS and DNS over TLS improve security, as well as challenges the new protocols may soon raise for enterprises. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 23 Jan 2019
Google GDPR fine of $57 million sets record

The Google GDPR fine of $57 million marks the first time a major tech company has been penalized under Europe's new privacy regulations. But the fine is less than the maximum allowable penalty. Continue Reading
By
- Michael Heller, TechTarget
Feature 26 Dec 2018
CCPA compliance begins with data inventory assessment

In this SearchCIO Q&A, multiple experts sound off on major questions businesses have about CCPA compliance ahead of its January 2020 enforcement date. Continue Reading
By
- Kassidy Kelley
Feature 20 Dec 2018
Security, compliance standards help mitigate BIOS security vulnerabilities

Cybersecurity vulnerabilities associated with PCs often overlook BIOS. Read for strategies to offset these threats and for preventing unauthorized BIOS modifications. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Tip 05 Dec 2018
What's different about Google Asylo for confidential computing?

The Google Asylo framework is an open source alternative for confidential computing. Expert Rob Shapland explains how it works and how it's different from other offerings. Continue Reading
By
- Rob Shapland
News 21 Nov 2018
Risk assessments essential to secure third-party vendor management

Panelists at Infosec North America advised those charged with third-party vendor management to perform due diligence and assess the innate risk vendors create for business processes. Continue Reading
By
- Kassidy Kelley
Tip 24 Oct 2018
Guide to identifying and preventing OSI model security risks: Layers 4 to 7

Each layer of the Open Systems Interconnection presents unique vulnerabilities that could move to other layers if not properly monitored. Here's how to establish risk mitigation strategies for OSI layer security in Layers 4 through 7. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Tip 24 Oct 2018
How security, compliance standards prevent OSI layer vulnerabilities

Each layer of the Open Systems Interconnection presents unique -- but connected -- vulnerabilities. Here's how to establish OSI security and compliance best practices. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Tip 24 Oct 2018
How do SLAs factor into cloud risk management?

While you may not have much control over the infrastructure used by cloud service providers, you’re not completely at their mercy when it comes to cloud risk management. Continue Reading
By
- (ISC) 2
Answer 12 Oct 2018
How can companies implement ITSM compliance standards?

In this Ask the Expert, IT governance expert Jeffrey Ritter discusses his formula to successfully align new technology with ITSM compliance standards -- all while minimizing risk. Continue Reading
By
- Jeffrey Ritter, University of Oxford
Answer 21 Sep 2018
How can a compliance strategy improve customer trust?

Privacy compliance strategy can help build consumer trust and improve security if companies stop looking at the regulations as an obstacle and more as a business opportunity. Continue Reading
By
- Kassidy Kelley
Tip 20 Sep 2018
Securing remote access for cloud-based systems

Don't believe the hype: Access control in the cloud is not a lost cause. Read these tips to learn how you can better secure remote access to your cloud-based systems. Continue Reading
By
- (ISC) 2
News 13 Sep 2018
Trend Micro apps fiasco generates even more questions

In addition to other Trend Micro apps banished from the Mac App Store for gathering data inappropriately, the company has admitted to publishing the Open Any Files app. Continue Reading
By
- Michael Heller, TechTarget
News 11 Sep 2018
Trend Micro apps on Mac accused of stealing data

Researchers claimed Trend Micro apps in the Mac App Store were stealing data. The company removed the offending features, but researchers are still not sold on Trend Micro's excuse. Continue Reading
By
- Michael Heller, TechTarget
Opinion 13 Aug 2018
Google's 'My Activity' data: Avoiding privacy and compliance risk

Google's Activity Controls create privacy and compliance risks for organizations, as well as a potential gold mine for social engineering hacks. Here's how to avoid those threats. Continue Reading
By
- Daniel Allen, N2 Cyber Security Consultants
Feature 31 Jul 2018
Citrix's Peter Lefkowitz on impact of GDPR privacy requirements

New consumer privacy laws are changing the global privacy landscape. Citrix's Peter Lefkowitz explains how Citrix is approaching GDPR compliance and privacy issues in general. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 27 Jul 2018
Cybersecurity and physical security: Key for 'smart' venues

With sustainability being a huge driver of modern business development, protecting consumers' cyber- and physical security is an essential element when designing smart cities and venues. Continue Reading
By
- Ben Cole, Executive Editor
Blog Post 27 Jul 2018
How Dropbox dropped the ball with anonymized data

Dropbox came under fire for sharing anonymized data with academic researchers after questions emerged about how the data was protected and used. Continue Reading
By
- Rob Wright, Senior News Director
Answer 12 Jul 2018
How can cryptojacking attacks in Chrome be stopped?

Google instituted an aggressive ban on all cryptomining extensions for Chrome after cryptojacking attacks started to become more common. Learn how the ban works with Michael Cobb. Continue Reading
By
- Michael Cobb
Feature 26 Jun 2018
Identify gaps in cybersecurity processes to reduce organizational risk

Organizational risk is a given at modern companies. But as threats persist, identifying preventable cybersecurity gaps presents an opportunity to strengthen enterprise defenses. Continue Reading
By
- Mary K. Pratt
Quiz 14 Jun 2018
How much do you know about cloud risk assessment?

Preparing to take the CCSP exam? This Domain 3 practice quiz tests your understanding of cloud risk assessment, threat analysis, infrastructure security and more. Continue Reading
By
- (ISC) 2
Tip 12 Jun 2018
Cloud risk management explained: Just how secure are you?

There is no shortage of vulnerabilities in the cloud, but the same is true of any outsourcing arrangement. Practicing cloud risk management is essential to staying secure. Continue Reading
By
- (ISC) 2
Blog Post 30 May 2018
It's GDPR Day. Let the privacy regulation games begin!

GDPR Day -- May 25, 2018 -- has passed and enforcement is now accepting complaints against companies violating the terms of the EU's new privacy regulation. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor