On the internet, we’re all Hansel and Gretel. But the trail of breadcrumbs we leave behind when searching, posting on social media or shopping online aren’t designed to help us find our way back home. Instead, they’re designed to help the companies we interact with provide a richer, more customized and useful online experience.

Which cybersecurity framework is the best one to use for an organization? This is one of the most frequently asked questions when embarking on the cybersecurity journey. Often, the answer falls quite unsatisfyingly along the explanatory lines about how there is no one-size-fits-all solution, and how there are advantages and disadvantages to each.

On September 14, the White House released Executive Order M-21-30, emphasizing and reminding us that there are NIST guidelines for securing any software being sold to the US Government. According to the Executive Order (EO), self-attestation is a requirement for software vendors or agencies and acts as a “conformance statement” outlined by the NIST Guidance.

From TVs to watches, fridges, lightbulbs, or coffee machines, it seems everything needs to be connected now to be marketable. The Internet of Things (IoT) environment is growing in homes and workplaces, but it has established itself way ahead of regulation. IoT devices do not currently have to comply with any specific cybersecurity standards and malicious actors are already making use of these endpoints.

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.

In May 2021 President Joe Biden issued out Executive Order 14028. The order focused on “Improving the Nation’s Cybersecurity” to support and protect the nation’s critical infrastructure and Federal Government networks. This directly relates to the trustworthiness and transparency in ALL digital infrastructure – IT, OT, IoT, IIoT.

On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) published the CERT-In_Directions_70B_28.04.2022 — a new document that imposes strict requirements on service providers, organisations, and cybersecurity teams. The new directions caused many controversies, leading to CERT-In publishing two supplemental documents: frequently asked questions on cybersecurity directions and No. 20(3)/2022 CERT-In.

GDPR Regulation is an international Data Privacy law that upholds the rights of citizens of the EU. It gives citizens more control over how their data is used in the organization. If your company handles the personal information of people in the EU, then they are expected to comply with GDPR. Like any other regulation, GDPR too requires an organization to abide by the rules and requirements outlined in the law.

The rapid increase of cybersecurity challenges in recent years, such as growing ransomware attacks, has forced the US to devise new mandatory regulations. These requirements are aimed to help combat cybercrime by increasing organizations’ level of cybersecurity capabilities. Complying with these regulations is necessary to keep organizations accountable for their mandatory security posture.

Data privacy rules have never been crucial for organisations to follow until the General Data Protection Regulation (GDPR) enforcement. This blog is divided into two sections. The first section will discuss a general overview, definitions and common queries related to a data protection policy. The second section will explain how a business can write and operationalise a data protection policy.