Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

Latest Content tagged with Compliance
Page 1 / 2   >   >>
Data Loss, Leakage Top Cloud Security Concerns
Quick Hits  |  7/17/2019  | 
Compliance, accidental exposure of credentials, and data control are also primary concerns for senior IT and security managers.
Why You Need a Global View of IT Assets
Commentary  |  7/10/2019  | 
It may seem obvious, but many companies lose sight of the fact that they can't protect what they don't know they even have.
Marriott Faces $124 Million GDPR Fine in UK
Quick Hits  |  7/9/2019  | 
The proposed penalty is for a data breach beginning in 2014 that affected more than 500 million customers worldwide.
Britain Looks to Levy Record GDPR Fine Against British Airways
News  |  7/8/2019  | 
The penalty is a sign of things to come, say experts.
The Case for Encryption: Fact vs. Fiction
Commentary  |  7/2/2019  | 
The common belief that encryption enables bad behavior primarily used by thieves, international terrorists, and other villainous characters is simply not true. Here's why.
How GDPR Teaches Us to Take a Bottom-Up Approach to Privacy
Commentary  |  6/28/2019  | 
Looking at underlying security needs means organizations are more likely to be in compliance with privacy regulations.
The Life-Changing Magic of Tidying Up the Cloud
Commentary  |  6/17/2019  | 
Most companies' cloud security operations would benefit significantly from clean-up, alignment, and organization.
Apple Pledges Privacy, Beefs Up Security
News  |  6/12/2019  | 
The company hits back at the data economy and fellow tech giants Facebook and Google by announcing its own single sign-on service. A host of other iterative security improvements are on their way as well.
Unmixed Messages: Bringing Security & Privacy Awareness Together
Commentary  |  6/10/2019  | 
Security and privacy share the same basic goals, so it just makes sense to combine efforts in those two areas. But that can be easier said than done.
Healthcare Breach Expands to 19.6 Million Patient Accounts
News  |  6/5/2019  | 
LabCorp says its third-party debt-collection provider, AMCA, notified the company that information on 7.7 million patients had leaked. Expect more healthcare companies to come forward.
Why FedRAMP Matters to Non-Federal Organizations
Commentary  |  6/4/2019  | 
Commercial companies should explore how FedRAMP can help mitigate risk as they move to the cloud.
Medical Debt Collector Breach Highlights Supply Chain Dangers
News  |  6/4/2019  | 
The breach of the website of American Medical Collection Agency leaves the personal and financial information of nearly 12 million patients at risk.
Certifiably Distracted: The Economics of Cybersecurity
Commentary  |  6/3/2019  | 
Is cybersecurity worth the investment? It depends.
GDPR's First-Year Impact by the Numbers
Slideshows  |  5/31/2019  | 
The latest statistics on GDPR spending, compliance rates, enforcement and consumer attitudes on privacy protection.
Incident Response: 3 Easy Traps & How to Avoid Them
Commentary  |  5/23/2019  | 
Sage legal advice about navigating a data breach from a troubleshooting cybersecurity outside counsel.
Data Asset Management: What Do You Really Need?
News  |  5/22/2019  | 
At Interop, a cybersecurity and privacy leader explains her approach to data management and governance at a massive, decentralized company.
Proving the Value of Security Awareness with Metrics that 'Deserve More'
Commentary  |  5/22/2019  | 
Without metrics that matter to the business, awareness programs will continue to be the bastard child of security.
Resolution Requires Cybersecurity Training for Members of Congress
Quick Hits  |  5/14/2019  | 
A bipartisan resolution would mandate IT and cybersecurity training for all members of Congress, their staff, and employees.
California Consumer Privacy Act: 4 Compliance Best Practices
Commentary  |  4/30/2019  | 
Companies that get ahead of the January 2020 data privacy deadline can minimize the risk of sanctions and also gain a competitive advantage in the marketplace.
Microsoft 365 Updated with New Compliance, Encryption, Privacy Controls
News  |  4/30/2019  | 
New tools, such as Compliance Manager and Advanced Message Encryption, aim to give businesses more options for data privacy.
How to Help Your Board Navigate Cybersecurity's Legal Risks
Commentary  |  4/30/2019  | 
What's worse than a massive data breach? A massive data breach followed by a shareholder derivative lawsuit. Learn whats at stake and what CISOs can do to mitigate the damage.
A Rear-View Look at GDPR: Compliance Has No Brakes
Commentary  |  4/29/2019  | 
With a year of Europe's General Data Protection Regulation under our belt, what have we learned?
Will the US Adopt a National Privacy Law?
Commentary  |  4/23/2019  | 
Probably not before the 2020 election. But keep an eye on this Congress as legislators debate how to define personal data and what limits to place on how companies use it.
Legacy Apps: The Security Risk Lurking in Dusty Corners
Commentary  |  4/17/2019  | 
Four best practices to keep old code from compromising your enterprise environment.
7 Tips for an Effective Employee Security Awareness Program
Slideshows  |  4/17/2019  | 
Breaches and compliance requirements have heightened the need for continuous and effective employee training, security experts say.
Benefiting from Data Privacy Investments
Commentary  |  4/16/2019  | 
GDPR-ready companies experience lower overall costs associated with data breaches, research finds.
When Your Sandbox Fails
Commentary  |  4/11/2019  | 
The sandbox is an important piece of the security stack, but an organization's entire strategy shouldn't rely on its ability to detect every threat. Here's why.
Senate Bill Would Ban Social Networks' Social Engineering Tricks
Quick Hits  |  4/10/2019  | 
Bill takes aim at tactics used to convince people to give up their personal data, designing games that addict kids, and more.
Merging Companies, Merging Clouds
Commentary  |  4/10/2019  | 
Integrating cloud environments is anything but easy. Evaluating the security risks in doing so must be a starting component of an overall M&A strategy.
Privacy & Regulatory Considerations in Enterprise Blockchain
Commentary  |  4/3/2019  | 
People who understand information governance, privacy, and security should be active participants on the distributed ledger technology implementation team to ensure success.
In the Race Toward Mobile Banking, Don't Forget Risk Management
Commentary  |  4/1/2019  | 
The rise of mobile banking and payment services has sparked widespread adoption, making a focus on risk essential.
The 'Twitterverse' Is Not the Security Community
Commentary  |  3/27/2019  | 
The drama on social media belies the incredible role models, job, training, and networking opportunities found in the real world of traditional cybersecurity.
Data Privacy Manifestos: Competitive Advantage or the Start of Something Bigger?
Commentary  |  3/26/2019  | 
Facebook is the latest company to weigh in with a corporate manifesto focused on privacy. Though it's a welcome trend, only time will tell how many follow through.
A Glass Ceiling? Not in Privacy
Commentary  |  3/25/2019  | 
According to a new study, female professionals in the US privacy profession outnumber males 53% to 47%.
Businesses Manage 9.7PB of Data but Struggle to Protect It
News  |  3/21/2019  | 
What's more, their attempts to secure it may be putting information at risk, a new report finds.
The Insider Threat: It's More Common Than You Think
Commentary  |  3/20/2019  | 
A new study shows why security teams must look holistically across cybersecurity, compliance, technology, and human resources to truly address the business effects of workforce risk.
The Case for Transparency in End-User License Agreements
Commentary  |  3/13/2019  | 
Why it behooves technology companies to consider EULAs as an opportunity to accurately inform customers about privacy issues and other important information.
Bots Plague Ticketing Industry
News  |  2/28/2019  | 
Bots now account for 39.9% of all ticketing traffic, mostly originating in North America.
Stay Ahead of the Curve by Using AI in Compliance
Commentary  |  2/27/2019  | 
Although human oversight is required, advanced technologies built on AI will become pivotal in building safer financial markets and a safer world.
Embracing DevSecOps: 5 Processes to Improve DevOps Security
Commentary  |  2/27/2019  | 
In the cyber threat climate of the 21st century, sticking with DevOps is no longer an option.
Privacy Ops: The New Nexus for CISOs & DPOs
Commentary  |  2/18/2019  | 
No longer can privacy be an isolated function managed by legal or compliance departments with little or no connection to the organization's underlying security technology.
3 Ways Companies Mess Up GDPR Compliance the Most
Commentary  |  1/28/2019  | 
The best way to conform to the EU's new privacy regulation is to assume that you don't need to hold on to personal data, versus the opposite.
PCI Council Releases New Software Framework for DevOps Era
News  |  1/18/2019  | 
The PCI Software Security Framework will eventually replace PCI DA-DSS when it expires in 2022.
The Rx for HIPAA Compliance in the Cloud
Commentary  |  1/18/2019  | 
For medical entities, simply following HIPAA cloud service provider guidelines is no longer enough to ensure that your practice is protected from cyber threats, government investigations, and fines.
Managing Security in Today's Compliance and Regulatory Environment
Commentary  |  1/4/2019  | 
Instead of losing sight of the cybersecurity forest as we navigate the compliance trees, consolidate and simplify regulatory compliance efforts to keep your eyes on the security prize.
Cryptographic Erasure: Moving Beyond Hard Drive Destruction
Commentary  |  12/18/2018  | 
In the good old days, incinerating backup tapes or shredding a few hard drives would have solved the problem. Today, we have a bigger challenge.
Bringing Compliance into the SecDevOps Process
Commentary  |  12/6/2018  | 
Application security should be guided by its responsibility to maintain the confidentiality, integrity, and availability of systems and data. But often, compliance clouds the picture.
6 Ways to Strengthen Your GDPR Compliance Efforts
Slideshows  |  12/5/2018  | 
Companies have some mistaken notions about how to comply with the new data protection and privacy regulation and that could cost them.
7 Real-Life Dangers That Threaten Cybersecurity
Slideshows  |  11/26/2018  | 
Cybersecurity means more than bits and bytes; threats are out there IRL, and IT pros need to be prepared.
Divide Remains Between Cybersecurity Awareness and Skill
Quick Hits  |  11/19/2018  | 
Organizations understand the need for critical data protection but may lack the resources to respond.
Page 1 / 2   >   >>


The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13643
PUBLISHED: 2019-07-18
Stored XSS in EspoCRM before 5.6.4 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The attack begins by storing a new stream message containing an XSS payload. The stored payload can then be triggered by clicking a malicious link on the...
CVE-2019-13644
PUBLISHED: 2019-07-18
Firefly III before 4.7.17.1 is vulnerable to stored XSS due to lack of filtration of user-supplied data in a budget name. The JavaScript code is contained in a transaction, and is executed on the tags/show/$tag_number$ tag summary page.
CVE-2019-13645
PUBLISHED: 2019-07-18
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file names. The JavaScript code is executed during attachments/edit/$file_id$ attachment editing.
CVE-2019-13646
PUBLISHED: 2019-07-18
Firefly III before 4.7.17.3 is vulnerable to reflected XSS due to lack of filtration of user-supplied data in a search query.
CVE-2019-13647
PUBLISHED: 2019-07-18
Firefly III before 4.7.17.3 is vulnerable to stored XSS due to lack of filtration of user-supplied data in image file content. The JavaScript code is executed during attachments/view/$file_id$ attachment viewing.