Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Legislation

What is the NYDFS Cybersecurity Regulation? (23 NYCRR 500)

The NYDFS Cybersecurity Regulation (23 NYCRR 500) is a set of regulations from the New York State Department of Financial Services (NYDFS) that places cybersecurity requirements on all Covered Entities (financial institutions and financial services companies). It includes 23 sections outlining requirements for developing and implementing an effective cybersecurity program, requiring Covered Entities to assess their cybersecurity risk and develop a plan to proactively address them.

SOX Compliance: What Should You Expect?

After several large corporate accounting scandals in the early 2000s that led to investors losing billions of dollars, the US government passed the Sarbanes-Oxley Act of 2002. Commonly referred to as SOX, the bill established and expanded financial and auditing requirements for publicly traded companies in order to protect investors and the public from fraudulent accounting practices.

UPDATE 7: The Data Privacy Periodic Table

Since our last update in January, there has been an unprecedented amount of activity in the data privacy world. And yes, we probably do say that every time! New laws have passed in Virginia and Colorado. The UK’s post-Brexit EU adequacy was confirmed. Plus of course, the EU’s significant changes to Standard Contractual Clauses and the reawakening of the debates over Identity Verification, especially in the context of social media.

AppSec Decoded: New executive order changes dynamic of software security standards

In this episode of AppSec Decoded, we discuss the impact of the new executive order by the Biden administration on organizations working with the government. The past year has led many people and organizations to depend more on technology, completely changing the way they operate. With the increased dependency of technology, it should come as no surprise that the number of breaches and security risks have increased as well.

AppSec Decoded: New executive order changes dynamic of software security standards | Synopsys

In this episode of AppSec Decoded, Tim Mackey, principal security strategist at Synopsys Cybersecurity Research Center (CyRC), discusses how the new executive order from the Biden administration will change the way government entities or the heads of those entities operate to adjust to the surge of security threats.

What is SOX Compliance? Requirements & Controls

Although the Sarbanes-Oxley Act of 2002 (SOX) has been around for nearly two decades, many companies still struggle to meet compliance requirements. Initially enacted in response to public companies mishandling financial reporting, SOX is a compliance requirement for all public companies. Understanding SOX compliance, as well as its requirements and controls, helps organizations create more robust governance processes.

New Bill Could Force U.S. Businesses to Report Data Breaches Quicker

A bipartisan Senate bill would require some businesses to report data breaches to law enforcement within 24 hours or face financial penalties and the loss of government contracts. The legislation from Senate Intelligence Chair and Democratic Senator Mark Warner with Republican Senators Marco Rubio and Susan Collins is just one of several new cybersecurity bills that will likely be debated this year. If passed, the bill could require certain U.S.

Key takeaways from the U.S. executive order on cybersecurity

On May 12, 2021, President Biden signed an executive order calling on federal agencies to improve their cybersecurity practices. Following the recent SolarWinds and Colonial Pipeline attacks, it is clear that security incidents can severely impact the economy and civilians' day-to-day lives and that cybersecurity needs to be a high-priority issue. We encourage you to read the full executive order.

16 Countries with GDPR-like Data Privacy Laws

Coming into force on May 25th, 2018, the General Data Protection Regulation (GDPR) was a landmark for data protection. Trading blocs, governments, and privacy organizations took note, and over the last three years, GDPR has inspired new data privacy legislation worldwide.