Risk //

Compliance

News & Commentary
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Kaan Onarlioglu, Senior Security Researcher, AkamaiCommentary
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
By Kaan Onarlioglu Senior Security Researcher, Akamai, 12/18/2018
Comment0 comments  |  Read  |  Post a Comment
Bringing Compliance into the SecDevOps Process
Joe Ward, Senior Security Analyst, Bishop FoxCommentary
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
By Joe Ward Senior Security Analyst, Bishop Fox, 12/6/2018
Comment0 comments  |  Read  |  Post a Comment
6 Ways to Strengthen Your GDPR Compliance Efforts
Steve Zurier, Freelance Writer
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
By Steve Zurier Freelance Writer, 12/5/2018
Comment0 comments  |  Read  |  Post a Comment
7 Real-Life Dangers That Threaten Cybersecurity
Curtis Franklin Jr., Senior Editor at Dark Reading
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
By Curtis Franklin Jr. Senior Editor at Dark Reading, 11/26/2018
Comment3 comments  |  Read  |  Post a Comment
Divide Remains Between Cybersecurity Awareness and Skill
Dark Reading Staff, Quick Hits
Organizations understand the need for critical data protection but may lack the resources to respond.
By Dark Reading Staff , 11/19/2018
Comment1 Comment  |  Read  |  Post a Comment
Audits: The Missing Layer in Cybersecurity
Brennan P. Baybeck, CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of DirectorsCommentary
Involving the audit team ensures that technology solutions are not just sitting on the shelf or being underutilized to strategically address security risks.
By Brennan P. Baybeck CISA, CISM, CRISC, CISSP, Vice Chair of ISACA Board of Directors, 10/18/2018
Comment2 comments  |  Read  |  Post a Comment
6 Reasons Why Employees Violate Security Policies
Ericka Chickowski, Contributing Writer, Dark Reading
Get into their heads to find out why they're flouting your corporate cybersecurity rules.
By Ericka Chickowski Contributing Writer, Dark Reading, 10/16/2018
Comment5 comments  |  Read  |  Post a Comment
GDPR Report Card: Some Early Gains but More Work Ahead
Chris Babel, CEO, TrustArcCommentary
US companies paid the most, to date, to meet the EU's General Data Protection Regulation, according to a recent study, but UK companies made greater progress in achieving compliance goals.
By Chris Babel CEO, TrustArc, 10/4/2018
Comment0 comments  |  Read  |  Post a Comment
How Data Security Improves When You Engage Employees in the Process
Robert E. Crossler, Assistant Professor of Information Systems, Washington State UniversityCommentary
When it comes to protecting information, we can all do better. But encouraging a can-do attitude goes a long way toward discouraging users' risky behaviors.
By Robert E. Crossler Assistant Professor of Information Systems, Washington State University, 9/28/2018
Comment6 comments  |  Read  |  Post a Comment
A 'Cyber Resilience' Report Card for the Public Sector
Ger Daly, Managing Director, Accenture Defense & Public SafetyCommentary
Government agencies are making great strides in defending themselves against cyberattacks, according to new research from Accenture. But technology alone won't solve the problem.
By Ger Daly Managing Director, Accenture Defense & Public Safety, 9/26/2018
Comment0 comments  |  Read  |  Post a Comment
Payment Security Compliance Takes a Turn for the Worse
Dark Reading Staff, Quick Hits
This is the first time in six years that Verizon's "Payment Security Report" shows a downward trend, leaving cardholders vulnerable.
By Dark Reading Staff , 9/25/2018
Comment6 comments  |  Read  |  Post a Comment
The Top 5 Security Threats & Mitigations for Industrial Networks
Barak Perelman, CEO, IndegyCommentary
While vastly different than their IT counterparts, operational technology environments share common risks and best practices.
By Barak Perelman CEO, Indegy, 9/18/2018
Comment0 comments  |  Read  |  Post a Comment
The Role of Incident Response in ICS Security Compliance
John Moran, Senior Product Manager, DFLabsCommentary
The data-driven nature of IR can provide many of the reporting requirements governing industrial control system safety, finance, consumer privacy, and notifications.
By John Moran Senior Product Manager, DFLabs, 9/7/2018
Comment0 comments  |  Read  |  Post a Comment
Polish Parliament Enacts National Cybersecurity System
Dark Reading Staff, Quick Hits
The system classifies security incidents and splits national incident response into three separate teams.
By Dark Reading Staff , 8/28/2018
Comment0 comments  |  Read  |  Post a Comment
The GDPR Ripple Effect
Tim Critchley, CEO at SemafoneCommentary
Will we ever see a truly global data security and privacy mandate?
By Tim Critchley CEO at Semafone, 8/23/2018
Comment0 comments  |  Read  |  Post a Comment
How to Gauge the Effectiveness of Security Awareness Programs
Ira Winkler, CISSP, President, Secure MentemCommentary
If you spend $10,000 on an awareness program and expect it to completely stop tens of millions of dollars in losses, you are a fool. If $10,000 prevents $100,000 in loss, that's a 10-fold ROI.
By Ira Winkler CISSP, President, Secure Mentem, 8/21/2018
Comment0 comments  |  Read  |  Post a Comment
Proving ROI: How a Security Road Map Can Sway the C-Suite
Jo-Ann Smith, Director of Technology Risk Management and Data Privacy at  AbsoluteCommentary
When executives are constantly trying to cut the fat, CISOs need to develop a flexible structure to improve baseline assessments and target goals, tactics, and capabilities. Here's how.
By Jo-Ann Smith Director of Technology Risk Management and Data Privacy at Absolute, 8/21/2018
Comment1 Comment  |  Read  |  Post a Comment
The Uncertain Fate of WHOIS, & Other Matters of Internet Accountability
Dark Reading Staff, CommentaryVideo
Paul Vixie discusses the uncertain fate of WHOIS in the age of GDPR, the risks of domain name homographs, and other underpinnings of the Internet that are hard to trust and harder to fix.
By Dark Reading Staff , 8/20/2018
Comment3 comments  |  Read  |  Post a Comment
How GDPR Could Turn Privileged Insiders into Bribery Targets
Mark Coates, VP, EMEA, Dtex SystemsCommentary
Regulatory penalties that exceed the cost of an extortion payout may lead to a new form of ransomware. These four steps can keep you from falling into that trap.
By Mark Coates VP, EMEA, Dtex Systems, 8/2/2018
Comment0 comments  |  Read  |  Post a Comment
White House Email Security Faux Pas?
E.J. Whaley, Solutions Engineer at GreatHornCommentary
The Executive Office of the President isn't complying with the DMARC protocol, but that has fewer implications than some headlines would suggest.
By E.J. Whaley Solutions Engineer at GreatHorn, 6/22/2018
Comment1 Comment  |  Read  |  Post a Comment
More Stories
Current Conversations
More Conversations
Worst Password Blunders of 2018 Hit Organizations East and West
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
8 Security Tips to Gift Your Loved Ones For the Holidays
Steve Zurier, Freelance Writer,  12/18/2018
2019 Attacker Playbook
Ericka Chickowski, Contributing Writer, Dark Reading,  12/14/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security 2018
This Dark Reading Tech Digest explores the biggest news stories of 2018 that shaped the cybersecurity landscape.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-20228
PUBLISHED: 2018-12-19
Subsonic V6.1.5 allows internetRadioSettings.view streamUrl CSRF, with resultant SSRF.
CVE-2018-20230
PUBLISHED: 2018-12-19
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
CVE-2018-20231
PUBLISHED: 2018-12-19
Cross Site Request Forgery (CSRF) in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfa_enable_tfa parameter due to missing nonce validation.
CVE-2018-20227
PUBLISHED: 2018-12-19
RDF4J 2.4.2 allows Directory Traversal via ../ in an entry in a ZIP archive.
CVE-2018-19790
PUBLISHED: 2018-12-18
An open redirect was discovered in Symfony 2.7.x before 2.7.50, 2.8.x before 2.8.49, 3.x before 3.4.20, 4.0.x before 4.0.15, 4.1.x before 4.1.9 and 4.2.x before 4.2.1. By using backslashes in the `_failure_path` input field of login forms, an attacker can work around the redirection target restricti...