Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

California Confidentiality of Medical Information Act vs. HIPAA

Patient health information is governed by robust rules that determine how this data is handled, stored, and accessed. Federal laws, such as the Health Insurance Portability and Accountability Act (HIPAA) and various state laws strengthen patient rights. HIPAA set a baseline for regulatory compliance with patient health information. Under the “preemption” language in the rule, no state may create less effective or weaker medical privacy protection for individuals.

The surprising truth about cybersecurity and autism

This is a guest blog by Kim Crawley. I’ve worked in cybersecurity for about a decade, but I’ve been autistic for my entire life. Careers usually start in adulthood, but autism is something children are born with. And contrary to what some people assume, autism doesn’t disappear at age 18. Autism is for life. Unfortunately, once autistic people become adults, services become a lot less plentiful.

Why OPSEC Is For Everyone, Not Just For People With Something To Hide - Part II

This is a follow-up/continuation to Part One of the series, where I recommend reading to help provide some background into why we should all consider reviewing our OPSEC (Operational Security), not just those with something to hide. Have you actually thought about how much you are tracked on a daily basis? Think about everything you post on social media, what you search, the apps that are generating metadata (with or without your consent), what your phone knows about you.

How Do Cyber Attackers Hide Their Tracks After Committing Digital Fraud?

According to IBM, it takes an average of 197 days to detect a breach. Today's attackers go above and beyond to evade alerting capabilities and make it look like they were never there. While that number tends to be shorter for Insider Threats, Insiders also tend to be much better at deception and covering their tracks as well.

NIST CSF Categories and Framework Tiers

NIST CSF stands for the National Institute of Standards and Technology Cybersecurity Framework. The NIST CSF consists of best practices, standards, and guidelines to manage cybersecurity program risk. This voluntary framework is divided into three primary parts: the framework core, profiles, and tiers. The NIST CSF core comprises five functions, where each function are further broken down into categories and subcategories. There are currently 23 categories and 108 subcategories in the NIST CSF.

How website security and SEO are intimately connected

Learning how to optimize your website can be a challenge. At one time, it was only about figuring out what Google wanted, which was largely keywords. Now, it’s much more complex. Google is focused on not only delivering high-quality, relevant search results, but also on protecting people from malware and unscrupulous websites. Not only that, a hack of your website by others can give Google false information that directly impacts your rankings.

New Kubernetes PCI DSS Compliance Packs, And More

As enterprises adopt cloud-first or cloud-native strategies, Kubernetes is by far the most important strategic consideration. At the same time, for the large subset of these enterprises which take payment from consumers, PCI DSS has never been more critical. More than ever, enterprises have to pay attention to data security (and their commitment to improving security posture) in order to meet compliance requirements. So what has to change to meet compliance in a Kubernetes-based environment?