What you need to know about ISO 27000 standards
For companies looking to get their data practices in order, the ISO 2700 standards provide a valuable starting point to use when crafting policy.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
August 2024
CPRA will transform how companies treat employee data
California’s data protection law applies not just to consumers, but to employees. And it’s finally taking effect.
What You Need to Know About the ISOO CUI Registry
We’ve written a lot about various security frameworks, from CMMC to ISO 27001, and throughout all of them, one of the core elements is the need to protect CUI. Information that is controlled at a very high – SECRET, Classified, or other – level is tightly bound by specific rules and can only be handled by select individuals. Completely base, public information is freely available and completely uncontrolled. But there’s a lot of information somewhere in the middle.
Soc 2 Compliance: An Overview of What Your Business Needs to Know
No matter the business size, the threat of data breaches or hacks is a dark cloud that hangs over every company. If data is mishandled, leaked, or stolen, the repercussions for businesses can be devastating. Cyberattacks on businesses can cause severe financial losses due to fines, legal fees, and remediation costs. As businesses are legally obliged to inform customers of a data breach, once customers find out, they can also cause irreparable damage to reputation, customer distrust, and loss of business.
Preparing for DORA: What financial institutions need to know
In this article, we outline the main elements of DORA, as well as key recommendations for preparing effectively for this important new regulation.
TrustCloud Product Updates: August 2024
Our teams are always hard at work improving the TrustCloud platform. Here are this month’s biggest updates. Introducing our ServiceNow integration! This is a bidirectional integration with ServiceNow to pull ticket details into TrustCloud. Teams can create new ServiceNow tasks in TrustCloud and attach ServiceNow links as evidence to your tests. The integration also supports automatic task creation from TrustCloud. Just go to Admin -> Connected Apps, where you can automate task creation.
How financial services companies discover, classify, and manage sensitive data with Datadog
As financial services companies, such as banks, hedge funds, and stock exchanges, move to the cloud, sensitive data often unintentionally moves with them. To help avoid costly breaches and address governance, risk, and compliance (GRC) requirements such as PCI-DSS, GDPR, and SOC 2, these organizations may need to identify where in the cloud sensitive data can leak and be able to redact it at scale.
Mastering API Compliance in a Regulated World
As we continue our Summer School blog series, let's focus on a vital aspect of modern application security: the relationship between API posture governance, API security, and the constantly changing regulatory compliance landscape. In today's interconnected world, where APIs are crucial for digital interactions, organizations are challenged with securing their APIs while complying with complex regulations designed to protect sensitive data and critical infrastructure.
Streamlining Legal Workflows with NotatePDF
In the fast-paced world of legal practice, managing cases, documents, and communication is a constant challenge. Legal professionals must juggle numerous tasks, from drafting and reviewing documents to coordinating with clients and colleagues. The sheer volume of information and the need for accuracy and timeliness often lead to inefficiencies, errors, and missed deadlines. These challenges are further compounded by the demand for secure handling of sensitive data and compliance with strict regulations.
Staying Ahead of the Curve: Preparing for the PCI DSS 11.6 Requirement
In part one of our series on PCI DSS 4.0, we covered the updates in the latest version 4.0.1 and how to operationalize those changes. In this blog we are going to dig deeper into Requirement 11.6, how to interpret the nuance and automate the current guidance. Guidance that will become a mandate in March, 2025. Let’s start with what Requirement 11.6 is and why it’s so important.
The EU AI Act: A roadmap for trustworthy AI
As artificial intelligence (AI) continues to revolutionize various sectors, ensuring it is developed and deployed in alignment with ethical standards and fundamental rights is critical for businesses that use it. The European Union's Artificial Intelligence Act (AI Act), formally adopted on March 13, 2024, addresses this critical necessity by establishing a comprehensive and detailed legal framework for AI systems within the EU.
What Steps Are Involved in An ISO 27001 Audit?
As the strongest and most well-recognized security certification around the world, ISO 27001 is a very popular – and very stringent – framework to adhere to. If you’re a business operating anywhere in the world, and you want to achieve security levels that build confidence and open doors with customers and clients who value trust, ISO 27001 is a great option.
Secure, Compliant, Privacy Preserving Analytics/RAG for Data Lakes
Discover how our intelligent data masking solution ensures secure, compliant, and privacy-preserving analytics for your data lakes. Protecto maintains data integrity while empowering your organization to leverage analytics or enable AI/RAG without compromising privacy or regulatory compliance.
Navigating Quebec's Law 25: Essential Compliance Tips and FAQs
Quebec’s Law 25, also known as Bill 64, imposes strict rules on how organizations handle personal information. With the final phase of implementation now in effect (September 2023), businesses need to ensure Law 25 compliance to avoid hefty fines and maintain customer trust. Here’s what you need to know, along with answers to frequently asked questions.
Navigating Japan METI's Upcoming Cybersecurity Rating System: Strategies for Businesses to Enhance Cyber Defense
On April 9, 2024, Japan's Ministry of Economy, Trade and Industry (METI) announced its intention to implement a cybersecurity rating system for companies by fiscal year 2025.
Cybersecurity Compliance as a Service: Your Ticket to Saving Money, Time, and Sanity with Cybersecurity Compliance
Maintaining Cybersecurity compliance is an arduous task, fraught with challenges. It's costly and time-consuming, and often, the complexity of regulations outpaces an organization's ability to manage them effectively.
Key Strategies for Strengthening Cybersecurity in 2024
Imagine a world where your online security is rock-solid, your data is as safe as a locked vault, and cyber threats can't get through. Sounds ideal, right? In 2024, this level of security is more achievable than ever. With the right strategies, including ensuring cybersecurity compliance, you can turn cybersecurity from a constant concern into one of your biggest strengths.
Should small businesses worry about the NIS2 Directive in Europe?
The EU tightens cybersecurity requirements for critical infrastructure and services with the new NIS2 Directive – what does this mean for small businesses?
How to set up your first security program
There's no one size fits all when it comes to setting up your organization’s first security program. Each organization has a unique set of business needs, guardrails to implement, and data it needs to protect, which is why it’s important to remember that every security program is going to look a bit different. If you’re in the process of setting up your first security program, here are some steps I recommend you take and apply to your organization's unique needs.
The Role of ISO 27001 in Enhancing Information Security
In today's digital age, information security is paramount for organizations of all sizes and industries. Protecting sensitive data from cyber threats, unauthorized access, and other vulnerabilities is a critical concern. One of the most effective frameworks for achieving robust information security is ISO 27001. This international standard provides a comprehensive approach to managing and safeguarding information assets. This article delves into the role of ISO 27001 in enhancing information security, exploring its key principles, benefits, and implementation strategies.
DPDP vs. GDPR: Navigating the Complexities of Data Protection Compliance
As data privacy concerns rise globally, regulations like the General Data Protection Regulation (GDPR) in the European Union and the Digital Personal Data Protection (DPDP) Act in India have been established to safeguard personal information. While both frameworks aim to protect individuals’ data, they vary in scope, requirements, and enforcement. In this blog, we’ll explore the similarities and differences between DPDP and GDPR, focusing on key regulatory requirements.
ISO 27001 vs NIST: The Differences and How They Overlap
When you consider national and global cybersecurity, a handful of names stand out. Two of the largest are NIST and ISO/IEC. Both of these organizations have issued plenty of rulings and frameworks for securing digital systems, and in a sense, they can be viewed as competitors. So, what’s the difference, where is the overlap, and which option is right for your business?
What is HIPAA and How to Become Compliant
HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA is a U.S. law that was enacted in 1996 to protect sensitive patient health information from being disclosed without the patient's consent or knowledge and is enforced by the Department of Health and Human Services (HHS). The purpose of HIPAA is to protect the privacy of patients’ medical information and secure the handling of health information in the age of electronic health records.
Leverage GSMA compliance to drive secure firewall configurations with Firewall Analyzer
The GSM Association, which stands for the Global System for Mobile Communications Association and is known more commonly as the GSMA, developed the Security Accreditation Scheme (SAS), a security standard and audit-based certification program that addresses various aspects of eSIM production and management. ManageEngine Firewall Analyzer now supports GSMA compliance for mobile operators and companies within the mobile ecosystem.
Zero to 80% Faster - How to Leverage AI to Accelerate Security Reviews
Stop wasting your team's time answering security questionnaires. It's time to supercharge the way you complete security reviews by leveraging AI to unlock unprecedented speed and accuracy. We'll explore proven strategies for fast tracking the way your team completes security questionnaires using advanced AI tools and automation. You'll learn best practices like maintaining a centralized knowledge base and leveraging a public-facing trust portal to get ahead of questions.
Enhanced Compliance Monitoring with NIST 800-53 Integration
Illuminate 5.1.0 is now available, bringing substantial improvements to our compliance capabilities. This update represents a significant step forward, with NIST 800-53 as the cornerstone of our compliance framework. Let’s explore the key features and improvements implemented to support your organization’s security and compliance needs. Important Note: To run Illuminate 5.1.0, your environment must run Graylog 6.0 or higher.
Navigating the New Era of ISO 27001: Insights for IT and Security Leaders
In our border and perimeter free world, connected infrastructure becomes more and more complex. Security tools need to keep up by adjusting to the new application delivery models and adapting to the shifting threat environment. That's why the recent update to the ISO 27001 compliance standard is so pivotal — it introduces new controls around data security, DevOps, and network security to help future-proof our cybersecurity strategies.
API Security Testing on Free Swagger collection
API security is a critical aspect of modern web applications, ensuring that your APIs are robust and secure from potential threats. In our latest video, we dive into API security testing using a free Swagger collection. Swagger, an open-source framework, allows developers to design, build, document, and test their APIs with ease. By leveraging Swagger collections, you can perform comprehensive security testing to identify vulnerabilities such as injection flaws, data exposure, and improper authentication. This proactive approach helps in mitigating risks and protecting your API endpoints from malicious attacks.
Understanding DORA: The New European Regulation
With the rise in cyberattacks, robust measures are essential to reduce attack surfaces and respond swiftly to threats. Compliance with regulations like the Digital Operational Resilience Act (DORA) is crucial to prevent severe penalties and ensure business continuity. This blog post looks at DORA and introduces our white paper about this important new European regulation.
DORA's Reach: How UK ICT Service Providers Are Affected
The Digital Operational Resilience Act (DORA) is set to reshape the landscape of financial services in the European Union. But its impact extends beyond EU borders, particularly affecting UK-based Information and Communication Technology (ICT) service providers. Let’s explore how DORA might influence these providers and what steps they should consider taking.
Top Strategies for Building a Robust Corporate Compliance Program
No wonder building a strong corporate compliance program is necessary to protect your business and ensure long-term success. Through it, you can address complex issues and avoid legal risks. Ultimately, you can promote a positive reputation for your business. That being said, how can you build an effective corporate compliance program? In today's guide, we'll walk through top strategies from the perspective of the experts. So, just read on.
Move From FedRAMP to DoD with Impact Level Assessment
We’ve written extensively before about FedRAMP’s impact levels. As a brief refresher, there are four: You can read our full guide to these four impact levels, how they’re calculated, and what they mean in this post. One important thing to know here is that FedRAMP is not the be-all and end-all security framework for the government.
Industry-specific criteria in SOC 2+
SOC 2+ reports have become increasingly crucial for organizations aiming to demonstrate their commitment to security and compliance. While the standard SOC 2 framework provides a solid foundation, many industries require additional criteria to address their unique risks and regulatory requirements. This article explores the concept of industry-specific criteria in SOC 2+ reports and how they enhance the value of these assessments for specialized sectors.
The Importance of Due Diligence in Corporate Governance
Due diligence is a critical component of corporate governance, serving as a cornerstone for effective decision-making. It helps organizations mitigate risks and ensure compliance with legal and regulatory standards. Understanding the importance of due diligence can significantly enhance corporate governance practices.
Data Governance & Compliance: Navigating the Digital Maze
Is your company grappling with an increasing volume and complexity of information? A strong data governance framework is essential to harness the power of data while lessening risks. This strategic framework ensures data is managed effectively, meets quality standards, and supports informed decision-making, quality standards, and supporting informed decisions. As regulatory compliance burdens intensify, data governance has become critical to organizational success.
Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy
If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.
Boost Your Cyber Resilience with DORA and NIS2
In this episode of CISO Conversations: EU Data Regulations, Richard Cassidy, EMEA Field CISO at Rubrik, is joined by Jack Poller to dive further into the topic of DORA and NIS2, specifically how they help vendors build strong cyber resilience and data security strategies, effective insights for DORA and NIS2 compliance, and the balance between compliance and ransomware attacks.
Top 5 help center articles for tests
Running tests against your security controls and other systems is a critical aspect of protecting your organization from a potential data breach and ensuring that you maintain compliance. Vanta’s platform has automated tests with continuous monitoring that run on an hourly basis against your controls as well as customized tests that you can adapt to your organization's needs.
Cybersecurity: The Unsung Hero of SOX Compliance
The Sarbanes-Oxley Act of 2002 (SOX) was enacted to restore public confidence in the wake of major corporate and accounting scandals. The legislation aims to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. One key aspect of SOX compliance is ensuring the integrity and security of financial data. In the digital age, cybersecurity practices play a crucial role in adhering to SOX requirements.
What is the Most Frustrating Experience in SOC 2 Audit and Attestation?
The SOC 2 (Service Organization Control 2) audit and attestation process is something that has been devised by the American Institute of Certified Public Accountants (AICPA) in order to ensure that organizations which provide services have secure procedures to govern data so as not to compromise the welfare of their clients. For this reason, achieving SOC 2 compliance is crucial for service agencies especially those involved with sensitive customer data.
The Role of Automation in Managed File Transfer: Streamlining Workflows
In an era where efficiency and security are paramount, automation has become a critical component of Managed File Transfer (MFT) solutions. Automation in MFT streamlines workflows, reduces manual intervention, and ensures that file transfers are executed consistently and securely. This article delves into the role of automation in MFT and how it contributes to streamlined business operations.
CMMC Compliance: Customer and Shared Responsibility Matrix
CMMC is a familiar framework to any contractor working as part of the defense industrial base and handling any form of controlled unclassified information. Whether it’s compliance in general, a specific clause relating to DFARS 252.204-7012 in your contract, or impetus from another source, you’re going to need to implement security standards from NIST SP 800-171 and adhere to the rules laid out in the Cybersecurity Maturity Model Certification framework.
Get Ready for NIS2 with BlueVoyant
Identify gaps and achieve NIS2 readiness with BlueVoyant.
NIS 2 and EU Cybersecurity Act: Mandatory System Hardening
The NIS2 Directive is the European Union’s flagship cybersecurity law, poised to significantly strengthen cyber defenses across the EU when it takes effect on 17 October 2024. This upgraded version of the 2016 NIS Directive (NIS1) not only introduces stricter rules but also broadens its reach, covering more sectors and businesses, ensuring comprehensive protection and a stronger security posture.