Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Under the direction of the Department of Homeland Security (DHS), The Transportation Security Administration (TSA) secures transportation systems in the United States, including oil and natural gas pipelines. The TSA Pipeline Security Guidelines are recommended best practices that protect the over 2.7 million miles of pipelines transporting natural gas, oil, and other hazardous materials across the U.S. from physical and cyber threats.

The Health Information Trust Alliance Common Security Framework (HITRUST CSF) is a cybersecurity framework designed to help organizations meet regulatory compliance and risk management needs when dealing with sensitive and regulated data. The HITRUST CSF features a risk-based and compliance approach that integrates various regulations and standards. It also includes certification for compliance validation, providing an additional layer of trust for HITRUST-certified organizations.

After years of debates, discussions, and negotiation delays, the Central Government of India published its Digital Personal Data Protection Act, 2023 (DPDP) on August 11, 2023. In its last week before being enacted, the Act rapidly passed throughout both houses of Parliament and was ascended into publication by President Droupadi Murmu. India is the 19th country within the Group of 20 (G20) to pass a comprehensive data protection law.

If you’re considering partnering with a service provider, it’s essential also to consider the security risks they could introduce to your organization. In this post, we outline the primary cybersecurity risks associated with service providers and provide tips for managing them to help you safely benefit from this strategy for reducing operational costs. Take a tour of UpGuard’s Vendor Risk Management solution >

All covered entities must comply with HIPAA or face fines of up to $50,000 for every violation. However, with such high cybersecurity standards and insufficient implementation guidance, it's not surprising that HIPAA violations are common occurrences. To overcome the challenges of adhering to HIPAA’s stringent safeguards, covered entities are turning to HIPAA compliance software for support.

Web communications can be routed over the Hypertext Transfer Protocol (HTTP) and the Hypertext Transfer Protocol Secure (HTTPS). The latter ensures encrypted data transfer between a website and a user. Some sites will offer both HTTP and HTTPS connections, but any HTTP connection may be vulnerable to cyber attacks. To require that all connections route over HTTPS, you can set up an HTTPS Strict Transport Policy (HSTS) to enforce secure connections.

With violation penalties of up to $100,000 per month until full compliance is achieved, every entity processing cardholder data can't afford to miss a PCI DSS compliance gap. But with the expanding digital landscape increasing the complexity of information security, complying with the Payment Card Industry Data Security Standard is difficult unless you leverage a product that can help you track your compliance efforts.

Third-party risk management (TPRM) is reviewing and mitigating risks associated with outsourcing business operations to third-party vendors or service providers. Risks are varied but include cybersecurity risks like data breaches or reputational risks that affect business continuity. If your organization wants to create a TPRM program or upgrade your current risk management strategy, focusing on customization can be critical in setting your organization apart.