In July of this year, the Office of the National Cyber Director (ONCD) stated in its release of an RFI on regulatory harmonization that: “When cybersecurity regulations of the same underlying technology are inconsistent or contradictory—or where they are duplicative but enforced differently by different regulators … consumers pay more, and our national security suffers.” This is an understatement. SecurityScorecard agrees and was happy to share our comments with ONCD today.

In 2007, a group of healthcare organizations, technology companies, and government agencies—including the American Hospital Association, Blue Cross Blue Shield Association, the Centers for Medicare & Medicaid Services (CMS), McKesson Corporation, and Microsoft—got together to create a unified approach to information security and privacy. The result was the Health Information Trust Alliance’s Common Security Framework (HITRUST CSF).

A HIPAA (Health Insurance Portability and Accountability Act) questionnaire is essential for evaluating third-party vendors for healthcare organizations to ensure they follow HIPAA regulations and standards. As one of the most breached industries, it is vastly important for healthcare organizations to send out comprehensive security questionnaires to properly assess their vendors’ risks and determine a plan of action on how to remediate those risks or potentially end the business partnership.

Let’s explore the critical differences between SOC and SOX compliance. In the realm of information security and financial reporting, compliance enables organizations to build trust and transparency with stakeholders. To accomplish this, companies must adhere to specific regulations and standards. SOC and SOX represent two pivotal compliance frameworks that help maintain financial reporting integrity and data security.

A number of JUMPSEC clients have expressed a degree of confusion about their preparedness for the new Digital Organisational Resilience Act (DORA). Enacted in December 2022, DORA has mandated regulations for financial sector organisations and their critical third-parties.

Server configuration hardening is a basic requirement for compliance with Payment Card Industry Data Security Standard (PCI DSS) v4.0 that was updated in April 2022 from PCI DSS Version 3.2.1. Server hardening is a fundamental process that ensures the security of servers in the network by reducing the servers attack surface through implementation of secure configurations.

At Fireblocks, a strong commitment to regulatory compliance has always been at the core of our operations. That’s why we’re excited to announce that we’re building out our On-Chain Digital Identity and Programmable Compliance Team, with the strategic appointments of Peter Marton, Director of Digital Identity, and cryptography expert Chaitanya Reddy Konda, Senior Technical Product Manager, Digital Identity and Privacy.

Welcome to our comprehensive guide on ‘Conducting an ISO 27001 Risk Assessment’. This blog is designed to equip you with effective strategies for a successful risk assessment, incorporating the principles of ISO 31000 risk management. Risk assessment is a vital component of a robust information security framework and is in alignment with ISO 31000.

The new rules from the U.S. Securities and Exchange Commission (SEC) on reporting mark a significant shift in the requirements for disclosing cyber breaches, leaving many businesses wondering how their cybersecurity practices will be impacted in the long run. These new rules create significant new disclosure obligations for public companies, requiring timely and detailed disclosures of material cybersecurity incidents and periodic disclosures about cybersecurity risk management and governance.

In today’s rapidly evolving business landscape, organizations face an ever-increasing array of risks and compliance challenges. As businesses strive to adapt to the digital age, it has become imperative to enhance their Governance, Risk Management, and compliance (GRC) strategies. Fortunately, the fusion of artificial intelligence (AI) and GRC practices presents a transformative opportunity.