If your organization has a presence in California or does business with California residents, then it probably needs to comply with the California Consumer Privacy Act (CCPA). CCPA compliance is no easy task but never fear: Using this checklist and our CCPA audit guide can help smooth the way.

First things first: It is crucial to understand the difference between Governance, Risk and Compliance (GRC) and Integrated Risk Management (IRM) because this sets the stage for long term strategic risk management and breaks down the siloed approach to risk that exists in many organizations today. It is because GRC is sometimes implemented from a compliance-driven strategy rather than a risk driven initiative.

The Higher Education Community Vendor Assessment Tool (HECVAT) is a security assessment template that attempts to generalize higher education information security and data protection questions and issues regarding cloud services for consistency and ease of use. HECVAT has various versions that are free to use and provide a consistent, streamlined third-party risk assessment framework.

The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can detect all of them. Organizations must prioritize their coverage of vulnerabilities that they determine will have the biggest impact.

After they entered, they may have left all the other windows and doors open Before working in cyber-security, I once worked at a company, when I was approached to look at another staff member’s email account which was “acting a bit funny”. When I looked, I found the sent mailbox was filling every 5 seconds with a new sent email, each to a seemingly random recipient, each purporting to be able to help the recipients “Meet girls” or “enlarge” one’s whatnot.

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a cybersecurity professional (e.g. digital forensics expert, cybersecurity analyst, incident response commander, etc.) means that this is an area where the field of knowledge is intimidating because it’s so expansive.

One thing I have noticed is that each industry comes up with their own terms and acronyms. Unfortunately, these inventions often vary depending on the person you speak to due to a lack of a governing body that decides on an exact definition. At times, acronyms can even overlap, causing further confusion. Therefore, when it comes to definitions, I always look to ask a variety of persons from across industries on how they would define certain terms.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Extortion methods have been pretty consistent the past couple of years, but a new one popped up this week which seems to be focused on the online small business owner. I wonder how this one will pan out.

In advance of the RSA Conference 2020, we wanted to get a pulse of attendees’ perceptions on a few topics, specifically challenges facing modern SOCs (security operations centers) and the value they are getting from technologies such as analytics, automation, and their SIEM tools. To get this, we fielded a series of questions to the Twitter-verse and received nearly 17,000 votes! After going through the results, we found a few interesting things…