Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Compliance

vista infosec

How to Use the Terraform Destroy Command to Control Cyber Attack Damage

May 23, 2024 By Narendra Sahoo In VISTA InfoSec
In many cases, cutting something off is necessary to avoid bigger damage. This is the idea behind controlled infrastructure removal, the elimination of some parts of your cloud infrastructure to contain an attack or remove a potential attack surface. It is an important part of infrastructure-as-code (IaC) management and something organizations need to be familiar with as they secure their cloud environments and the apps they develop.
Read Post
ignyte Team

Guide: What is FedRAMP Tailored and What is The Difference?

May 23, 2024 By Max Aulakh In Ignyte
In the past, we’ve talked a lot about the various FedRAMP guidelines required to reach either a single Authority to Operate or a generalized Provisional Authority to Operate. One thing that can be said to be common to all of these is that, in general, you’re talking about FedRAMP Moderate Impact Levels when you discuss these kinds of standards and certification processes. This is because around 80% of cloud service providers and offerings are classified as Moderate impact.
Read Post
SecurityScorecard

The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

May 23, 2024 By SecurityScorecard In SecurityScorecard
This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).
Read Post
graylog

Monitoring for PCI DSS 4.0 Compliance

May 23, 2024 By The Graylog Team In Graylog
Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs.
Read Post
Featured Post
securitysenses

How to Choose the Right ASVS Level for Your Organization

May 22, 2024 By Chester Avey In SecuritySenses
The Application Security Verification Standard (ASVS) developed by the Open Web Application Security Project (OWASP) provides a robust framework for conducting penetration testing (pentesting) and security audits of web applications and infrastructure. In the evolving landscape of network security, with risks emerging in sophistication and frequency, maintaining a baseline level of compliant security procedures is highly recommended.
Read Post
tripwire

HITRUST: the Path to Cyber Resilience

May 22, 2024 By John Salmi In Tripwire
Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its fundamental tenets: risk management. It is, perhaps, understandable that we overlook risk management.
Read Post
vanta

Announcing Vanta's industry-first partnership to automate HITRUST e1

May 22, 2024 By Vanta In Vanta
Today we’re excited to announce that Vanta has partnered with HITRUST Services Corp., the leader in cybersecurity assurances, to be the first automated compliance solution for the HITRUST e1 Assessment and reseller of the HITRUST MyCSF platform. Vanta is the first pre-built solution that includes the controls, documents, and policies necessary to demonstrate your commitment to safeguarding data and protected health information (PHI) — all in a way that can be validated by HITRUST. ‍
Read Post

Vodafone Idea becomes Industry First to achieve SOC2 Type 2 Attestation

May 22, 2024 By VISTA InfoSec In VISTA InfoSec
In a significant achievement for the Indian telecommunications industry, Vodafone Idea (Vi) has become the first Indian company to secure the SOC 2 Type 2 attestation. This significant milestone not only underscores its unwavering commitment to data security but also cements its position as an industry leader in fostering trust and transparency. The attestation was conducted by VISTA InfoSec, a global Information Security Consulting firm with offices based in the US, UK, Singapore, and India specializing in GDPR, PCI DSS, HIPAA, ISO 27001, and other types of security compliance standards.
View Video
archTIS

DFARS 7012 Class Deviation and NIST 800-171 Rev 3 Guidance for DIBs

May 21, 2024 By Irena Mroz In archTIS
NIST 800-171 revision 3 was released on May 14, 2024, prompting DoD to issue an indefinite class deviation for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). US Defense Industrial Base (DIB) contractors must now comply with NIST SP 800-171 revision 2 rather than the version in effect at the time the solicitation is issued, as was previously required.
Read Post
ionix

Understanding the NIS 2 Directive

May 21, 2024 By Ralf Schmitz In IONIX
By expanding its scope and introducing modernized requirements, the new NIS 2 Directive challenges organizations to elevate their cyber preparedness. This article explores how the directive affects a wide range of sectors and the critical infrastructure within them, detailing the requirements for compliance and highlighting the key role that IONIX plays in supporting organizations in meeting these regulations.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.