The role of the CISO is expanding alongside the growing adoption of digital technologies, which has resulted in a faster and more interconnected workforce. The dynamic and evolving nature of cyber threats is posing challenges for security teams in terms of visibility and expertise required to defend against them.

Each week we look at the data losses, hacker attacks, and the state of security in the United States and around the world. This week things seem to be particularly bleak. We always expect to see some breaches in major companies, but this week we learned about widespread employee credential losses in countless corporations throughout the United States and the world.

Fairfax Oral and Maxillofacial Surgery, or Fairfax OMS, is a dental practice that first opened in Burke, Virginia, in 1980. The organization offers a mix of dental surgery services, such as bone grafting, wisdom tooth extraction, dental implants, and more. The organization accepts patients in Washington, D.C., Maryland, and six separate locations throughout Virginia. There are more than 87 employees in the organization, and it generates about $16 million in annual revenue.

Risk management is a team sport. So whether we are assessing health risks during a pandemic, understanding the effect of natural disasters, or trying to block a cybersecurity attack, risk communication serves a vital purpose. Risk communication aims to inform and educate individuals so they can make informed decisions and take appropriate actions in the face of uncertainty.

As expected, the Securities and Exchange Commission adopted new rules today requiring publicly traded companies to make more disclosures about the cyber risks they have and the specific cyber attacks they suffer.

Identity theft is a crime that is unfortunately common and is devastating for the victim. Serious cases can require enormous amounts of time and money to recover. The three primary categories of identity theft include online identity theft, financial identity theft and medical identity theft.

Australia is using the Security of Critical Infrastructure Act 2018 (SOCI Act 2018) as a framework to help the country mitigate and remediate threats to the country’s critical infrastructure. This comes after several high-profile cyber attacks raised Australia’s awareness of the need for cybersecurity and the standardization of cyber security measures for priority organizations.

You don’t need a professional to be PCI-compliant, but professional expertise can make navigating the notoriously complex PCI DSS requirements easier. An experienced cybersecurity firm with qualified assessment staff can speed up compliance, enhance a firm’s security posture according to priority actions, and help the firm achieve a high level of security and peace of mind. However, you must use a professional for your business to be PCI-certified.

The Massachusetts Data Security Law (201 CMR 17.00) safeguards the personal information of Massachusetts residents. The law went into effect on March 1, 2010, and at the time, was one of the most comprehensive data privacy laws passed in the United States. Since the law’s passing, a variety of U.S. States have passed more robust data privacy legislation, including the notable California Consumer Privacy Act (CCPA) and Virginia Consumer Data Privacy Act (VCDPA).

You’re facing a SOC 2 audit, and you don’t quite know what to expect or how to prepare for it. Although an independent auditor will inspect your company’s IT security program, you’re not entirely sure what information the resulting report may contain. To get fully prepared, it can be helpful to look at some real-life SOC 2 audit report examples. In the following article, we’ll look at a few sample SOC 2 reports, but first, let’s address the obvious question.