PCI Security Standards Council publishes PCI DSS 3.2.1

PCI DSS version 3.2.1 replaces version 3.2 to account for effective dates and SSL/early TLS migration deadlines that have passed. No new requirements are added in PCI DSS 3.2.1. PCI DSS 3.2 remains valid through 31 December 2018 and will be retired as of 1 January 2019. “This update is designed to eliminate any confusion around effective […]

How Physical Access Systems Will Be Affected by GDPR

The EU General Data Protection Regulation (GDPR) is marks the biggest change to European data protection law in a generation. With GDPR  set to go into effect on 25 May 2018, security professionals must have a plan for all data stored on physical access systems. IFSEC Global provides insights for GDPR planning here. For firms in […]

3 Ways to Prepare Your Business for GDPR

The EU General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, the Council of the European Union, and the European Commission intend to strengthen and unify data protection for all individuals within the EU and is scheduled to take effect in less than a year, on 25 May 2018. The UK’s Business Matters magazine recommends establishing how your organization deals […]

How to Avoid Common HIPAA Violations

The healthcare industry in the U.S. is highly-regulated at the state and federal levels. The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect patients’ medical records and other sensitive information. Organizations that fail to implement safeguards or report health data breaches can face hefty HIPAA violation penalties. Recent violations settlements include inappropriate […]

Report Recommends NIST Framework, Leadership for the Healthcare Industry to Combat Digital Threats

The healthcare industry in the U.S. is highly-regulated at the state and federal levels. A June 2017 HHS report recommends standardized guidelines, regulations and Dedicated leadership to combat digital health cybersecurity threats in the industry to protect patient privacy and security. For example, the report notes, devices such as smart continuous glucose monitors and insulin delivery […]

Survey finds executive cybersecurity decisions are evolving from compliance to proactive cyber-risk management

A new research study from SMU’s Darwin Deason Institute for Cyber Security finds that executives are changing the way they manage and invest in cybersecurity, moving away from limited, reactive approaches and adopting systemic risk management frameworks that combine hardware, software and operations protocols to mitigate cyber risk. Read about the new study by SMU’s Darwin […]

Businesses Freeze Compliance Budgets, Despite Growing Need

Survey Finds Businesses Freezing Compliance Budgets, Despite Growing Regulatory Burden — Nearly half of businesses have static compliance budgets and rely on labour-intensive manual processes, despite 72% of organisations now viewing compliance as a priority. 72% of businesses view regulatory compliance as a high priority, but despite this more than half (53%) have cut or […]

Best practices for ensuring compliance in the age of cloud computing

Read what according to Amrit Williams are best practices for ensuring compliance in the age of cloud computing on Help Net Security : When was the last time you heard someone utter the sentence, “I’m looking forward to the audit next week.” Most likely, never. Since its invention, the word “audit” has struck … well, if […]