Making sure your environment is compliant with regulatory requirements can be a challenge. No matter your company’s size or industry, ensuring you have the required security controls is never a set-it-and-forget-it process. With your IT environment, your user base and the threat landscape evolving all the time, you have to adjust constantly. Indeed, with so much to keep track of, even your best efforts at keeping your company compliant can fall short, unless you have help.

ISO 27001 is an international standard that focuses on information security. This standard guides the establishment, implementation, maintenance, and continuous improvement of an information security management system (ISMS).

No matter where you host your data, there are always risks. The public cloud is no exception. While providers like Amazon, Microsoft and Google offer security features, ultimately, cloud security is your responsibility. Where do you start? This article explains the key elements of a strong security posture in the cloud and how to choose the right security software solutions for your organization.

The Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, is designed to keep individuals’ medical information and health records safe. Healthcare organizations must ensure HIPAA compliance, even — perhaps especially — during the current global pandemic. The Office for Civil Rights (OCR) at the U.S.

Securing your cloud environment effectively is no easy task. What cloud security issues should you be prepared for? What are the most serious security risks? Which best practices are most effective at keeping your data safe? In this article, we will explore the two primary cloud models and the principal security concerns you will face when using each model.

Data loss prevention (DLP) tools and processes help ensure that critical data is not accessed by or tampered with by unauthorized users. The underlying technology that can make or break your success in data loss prevention is data classification. This article explains how data classification affects the success of your data loss prevention measures.

More and more organizations are recognizing the power and value of data classification. By accurately classifying and labeling the information you store, you can: If your organization is like most, you now rely on cloud platforms like SharePoint Online, OneDrive and Exchange Online, and you need to know exactly what types of data is being stored there so you can ensure sensitive content is properly protected.

In 2019, a data heist at Citrix shook the cybersecurity world. The attackers stole business documents from a shared network drive and from a drive associated with a web-based tool used in Citrix’s consulting practice. The hackers gained this access to Citrix’s IT infrastructure through a password spraying attack, a technique that exploits weak passwords, leading to criticism that the software giant needlessly compromised its clients by failing to establish a sound password strategy.

As cybersecurity threats evolve, companies must adapt and rethink their security strategies. This means moving away from traditional technologies and towards new cybersecurity frameworks. One such framework is the NIST cybersecurity framework, which comprises five major functions: These five functions are the pillars of a well-rounded and effective cybersecurity strategy that is designed to improve a company’s capacity to counteract threats.

For anyone managing a SQL Server database, understanding permissions is critical to ensuring that only authorized users are able to view and modify data. This article explains the different types of SQL Server permissions, including server-level and database-level user permissions, and provides guidance on how to manage them.