We’ve written a lot about various security frameworks, from CMMC to ISO 27001, and throughout all of them, one of the core elements is the need to protect CUI. Information that is controlled at a very high – SECRET, Classified, or other – level is tightly bound by specific rules and can only be handled by select individuals. Completely base, public information is freely available and completely uncontrolled. But there’s a lot of information somewhere in the middle.

For companies looking to get their data practices in order, the ISO 2700 standards provide a valuable starting point to use when crafting policy.

No matter the business size, the threat of data breaches or hacks is a dark cloud that hangs over every company. If data is mishandled, leaked, or stolen, the repercussions for businesses can be devastating. Cyberattacks on businesses can cause severe financial losses due to fines, legal fees, and remediation costs. As businesses are legally obliged to inform customers of a data breach, once customers find out, they can also cause irreparable damage to reputation, customer distrust, and loss of business.

In this article, we outline the main elements of DORA, as well as key recommendations for preparing effectively for this important new regulation.

Our teams are always hard at work improving the TrustCloud platform. Here are this month’s biggest updates. Introducing our ServiceNow integration! This is a bidirectional integration with ServiceNow to pull ticket details into TrustCloud. Teams can create new ServiceNow tasks in TrustCloud and attach ServiceNow links as evidence to your tests. The integration also supports automatic task creation from TrustCloud. Just go to Admin -> Connected Apps, where you can automate task creation.

As financial services companies, such as banks, hedge funds, and stock exchanges, move to the cloud, sensitive data often unintentionally moves with them. To help avoid costly breaches and address governance, risk, and compliance (GRC) requirements such as PCI-DSS, GDPR, and SOC 2, these organizations may need to identify where in the cloud sensitive data can leak and be able to redact it at scale.

As we continue our Summer School blog series, let's focus on a vital aspect of modern application security: the relationship between API posture governance, API security, and the constantly changing regulatory compliance landscape. In today's interconnected world, where APIs are crucial for digital interactions, organizations are challenged with securing their APIs while complying with complex regulations designed to protect sensitive data and critical infrastructure.

In part one of our series on PCI DSS 4.0, we covered the updates in the latest version 4.0.1 and how to operationalize those changes. In this blog we are going to dig deeper into Requirement 11.6, how to interpret the nuance and automate the current guidance. Guidance that will become a mandate in March, 2025. Let’s start with what Requirement 11.6 is and why it’s so important.

As artificial intelligence (AI) continues to revolutionize various sectors, ensuring it is developed and deployed in alignment with ethical standards and fundamental rights is critical for businesses that use it. The European Union's Artificial Intelligence Act (AI Act), formally adopted on March 13, 2024, addresses this critical necessity by establishing a comprehensive and detailed legal framework for AI systems within the EU.