Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

PCI 4.0 — the PCI Standards Security Council’s first update since 2018 to the PCI Data Security Standards (PCI DSS) — is a major iteration that shifts away from the traditional point-in-time assessment. Do you remember how an auditor would annually determine the PCI compliance status of a merchant’s or service provider’s system on a specific day in a specific month and assume — somehow — that the snapshot characterized their status all year?

If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System, ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security Management because it has broken out of the realms of the cybersecurity industry and into the world of business.

HIPAA is a legal healthcare privacy standard passed into law by the Clinton administration. The law standardized how private healthcare information had to be protected and stored by hospitals. In its earliest years of inception, these rules were straightforward. Things have changed considerably. With the digitalization of healthcare records, it’s now easier than ever for patients and hospitals to access records, but it’s also easier for bad actors.

California Consumer Privacy Act is a data privacy regulation introduced to protect the privacy of personal data and uphold the rights of consumers. So, it is an obligation for organizations to achieve and maintain CCPA Compliance if they are dealing with the personal data of citizens of California. However, now CCPA will soon be replaced with the latest version which is known as the California Privacy Right Act (CPRA).

Security questionnaires (SQs) are not fun. They’re time-consuming, tedious work and sometimes, they’re the one thing standing between you and a closed deal. Fortunately, the emergence of AI in the security space has resulted in many day-to-day workflows being streamlined – with SQs being one of them. Security questionnaire automation solutions have been on the rise.

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.

Kobalt.io is a Managed Security Service Provider (MSSP) with the mission of developing and managing cybersecurity programs for small and mid-sized businesses, making big-budget security affordable to smaller organizations. It builds on world-class frameworks and toolsets, combining the power of the cloud and data at scale to address the complexity of cybersecurity for small businesses.

February’s product update includes many exciting announcements from Vanta. We announced Custom Frameworks and Controls and other improvements to the Vanta experience: ‍ ‍