A data protection officer (DPO) is an employee or contractor hired to oversee a company’s data protection strategy and ensure compliance with the General Data Protection Regulation (GDPR). The role was introduced in 2018 to promote compliance with the new laws governing how the personal data of EU citizens is handled. All public authorities are required to appoint a data protection officer to comply with GDPR.
Personal information (PI) enables businesses to customize the customer experience and boost sales. However, consumer rights advocacy and privacy regulations, such as the EU’s General Data Protection Regulation (GDPR) and state data privacy laws enacted in the United States, limit the collection of PI. Preeminent among these laws is the California Consumer Privacy Act of 2018 (CCPA).
A managed cloud service handles the complexity of cloud-based IT infrastructure so that in-house teams can continue working towards their business goals. Businesses looking to scale their operations need increasingly sophisticated IT environments. Cloud computing allows teams to do exactly that, yet a decision still needs to be made over who manages the cloud environment; managed cloud service providers fill this gap.
Digital attackers are increasingly targeting the automotive industry. In its 2020 Automotive Cybersecurity Report, for instance, Upstream found that the number of annual automotive cybersecurity incidents had increased by 605% since 2016, with the number of incidents has doubled in 2019 alone.
The simplest way to ensure the safety of all the open source (OSS) components used by your teams and sites, is with a software composition analysis (SCA) tool. You need an automated and reliable way to manage and keep track of your open source usage. With JFrog Xray, you can set up vulnerability and license compliance scanning built into your software development lifecycle (SDLC).
It should come as no surprise that the federal government takes cybersecurity compliance quite seriously. After all, federal agencies manage massive stores of data related to national and international security and public health, as well as the personal information of most residents of the country. FISMA (the Federal Information Security Management Act) defines a set of security requirements intended to provide oversight for federal agencies on this front.
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of reminded me that too often the peanut butter and chocolate sit alone on their own separate shelves.
The purpose of every security team is to provide confidentiality, integrity and availability of the systems in the organization. We call it “CIA Triad” for short. Of those three elements, integrity is a key element for most compliance and regulations. Some organizations have realized this and decided to implement File Integrity Monitoring (FIM). But many of them are doing so only to meet compliance requirements such as PCI DSS and ISO 27001.
Have you ever worked with a company that operates as “close to broken” as reasonably possible? Companies that follow that mindset usually do not have the most robust security practice, and they certainly will walk very close to the edge of compliance. Even if you don’t work in such a dysfunctional enterprise as described above, many companies still do not appreciate the interconnection of security and compliance.
