Utility companies are increasingly being targeted by cybercriminals. Although the highest profile utility cyber attack in recent memory was the May 7 ransomware attack on Colonial Pipeline that caused gas shortages on the East Coast, power companies of all kinds are popular with criminals for a reason: they can’t afford a shutdown and they have the money to pay a ransom.
Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It has changed the way that development teams think. As a result, continuously improving performance and delivering releases faster have become standard.
Financial institutions are one of the most heavily regulated industries around, and for good reason. Access to the personal information and funds of their customers makes banks a popular target with hackers, and a dangerous location for a cybersecurity breach. With all of the regulations a bank needs to obey, it’s possible you may have overlooked the Payment Card Industry Data Security Standard, or PCI DSS.
Cybercrime is one of the most significant threats facing companies today. With the average cost of a data breach reaching an all-time high of $4.24 million , the business case for cybersecurity has never been stronger. Still, some businesses seem to misunderstand the urgency of meeting current cybersecurity standards. It may help to consider the legal consequences of poor cybersecurity.
Black Duck provides a comprehensive SCA solution for managing security, quality, and license compliance risks associated with open source use. Given today’s development trends, your organization is undoubtedly leaning heavily on open source in any number of ways. According to Synopsys’ annual Open Source Security and Risk Analysis (OSSRA) report.
According to a study conducted by Ropes & Gray, 57% of senior-level executives rate “risk and compliance” as the top two categories they feel the least prepared to address. There are a lot of misconceptions about compliance and risk management. Both help to prevent security threats to the organization’s legal structure and physical assets. And often, when people hear the terms compliance and risk management, they assume the two are the same.
The emerging Cybersecurity Maturity Model Certification (CMMC) will mandate nearly the entire federal government supply chain and over 300,000 contractors to get audited and certified against the CMMC protocol. The caveat is that some organizations that build Commercial-Off-The-Shelf items or Commercially Available Off-The-Shelf (COTS) products for the Department of Defense (DoD) do NOT require a CMMC certificate . However, the devil is in the details!
Our Data Privacy Services team collates the most interesting practical ramifications from implementing the new SCCs with our GDPR services customers. In our latest update of the Data Privacy Periodic Table , we included reference to the EU’s June 2021 release of substantially updated Standard Contractual Clauses (SCCs), triggered by 2020’s Schrems II ruling. The new, far more substantial SCCs have been largely welcomed.
ISO/IEC 27001 is the leading international standard for regulating data security through a code of practice for information security management. Its creation was a joint effort of two prominent international standard bodies - the International Organization for Standardization (ISO), and the International Electrotechnical Commission (IEC). This is why the standard is formally prepended with ISO/IEC, though "IEC" is commonly left to simplify referencing.
