Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance

Navigating the EU compliance landscape: How Detectify helps support customers in their NIS2 Directive, CER, and DORA compliance challenges

Navigating the complex and ever-changing compliance landscape is difficult for many companies and organizations. With many regulations, selecting the appropriate security tooling that aligns with the compliance needs of your business becomes a significant challenge.

Planning with Purpose: 10 Tips to Develop a Year-Long Security and Compliance Training Program

Our team at KnowBe4 recently got together to talk about planning for annual security and compliance training. You might be thinking, “Aren’t you a little late in planning for the year? It’s March already...” We are actually talking about 2025. Not everyone trains millions of learners all around the world like we do, so your planning for compliance and security training might be on a different timescale.

Meet EO 14028 requirements with Datadog Log Management, Cloud Workload Security, and Cloud SIEM

As of August 2023, only 3 out of 23 US government agencies were compliant with Office of Management and Budget (OMB) requirements for log management and security observability. These requirements are outlined in M-21-31, a 2021 memorandum that was issued following Executive Order 14028 on improving national cybersecurity. Until all of these agencies implement the new requirements, the federal government’s ability to fully detect, investigate, and remediate cybersecurity threats will be constrained.

5 ways Vanta customers saved time and money automating their SOC 2

SOC 2 is a popular compliance framework used to evaluate and validate an organization’s information security practices. By getting a SOC 2 report, you’ll be able to develop a trusting relationship with your customers, unlock new revenue opportunities, and build a strong security posture. ‍ The process of getting your SOC 2 often takes significant time, effort, and resources.

PCI DSS Requirement 8 - Changes from v3.2.1 to v4.0 Explained

In our ongoing series of articles on the Payment Card Industry Data Security Standard (PCI DSS), we’ve been examining each requirement in detail. Today, we turn our attention to Requirement 8: Identify Users and Authenticate Access to System Components. This requirement is built on two fundamental principles User identification and authentication,1) identifying individuals or processes on a system and 2) verifying their authenticity.

Leveraging BoxyHQ's Open-Source SSO for Greater Market Reach and Compliance: MonkeyFit

In the ever-evolving tech landscape, companies face myriad challenges in scaling, security, and compliance. MonkeyFit's journey, as detailed in a comprehensive case study, demonstrates the power of strategic solutions in overcoming such hurdles.

What is Compliance Automation

In recent years almost every company has been utilizing technological solutions like artificial intelligence which has given rise to the importance of Compliance automation. It is a practice to protect the sensitive information of the companies. Hence, Compliance automation software keeps track of the company’s internal systems. Businesses process automation to achieve the main goals of the organizations effectively with the least amount of monitoring.

Risk Management Essentials: How to Operationalize Risk Reporting

This virtual workshop delves into the core of risk management reporting. Led by our panel of industry experts, this session will equip you with the essential skills to not only analyze and report on organizational risks, but also communicate them effectively to leadership teams. Discover how to construct a robust reporting framework and master the art of presenting metrics with finesse.

The Role of Penetration Testing in NIS2 Compliance: Insights from KomodoSec

As the cybersecurity landscape continues to evolve, the importance of rigorous and proactive security measures has never been more pronounced. The Network and Information Security (NIS2) Directive, an initiative by the European Union, is set to redefine cybersecurity standards for essential and important entities, emphasizing the need for robust risk management, incident response, and business continuity planning.