Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

UpGuard

What is the Security of Critical Infrastructure Act 2018 (SOCI Act 2018)?

Australia is using the Security of Critical Infrastructure Act 2018 (SOCI Act 2018) as a framework to help the country mitigate and remediate threats to the country’s critical infrastructure. This comes after several high-profile cyber attacks raised Australia’s awareness of the need for cybersecurity and the standardization of cyber security measures for priority organizations.

Do You Need to Hire a Professional to Be PCI-Compliant?

You don’t need a professional to be PCI-compliant, but professional expertise can make navigating the notoriously complex PCI DSS requirements easier. An experienced cybersecurity firm with qualified assessment staff can speed up compliance, enhance a firm’s security posture according to priority actions, and help the firm achieve a high level of security and peace of mind. However, you must use a professional for your business to be PCI-certified.

What is the Massachusetts Data Security Law? Guide + Tips

The Massachusetts Data Security Law (201 CMR 17.00) safeguards the personal information of Massachusetts residents. The law went into effect on March 1, 2010, and at the time, was one of the most comprehensive data privacy laws passed in the United States. Since the law’s passing, a variety of U.S. States have passed more robust data privacy legislation, including the notable California Consumer Privacy Act (CCPA) and Virginia Consumer Data Privacy Act (VCDPA).

What is an ISMS (Information Security Management System)?

An information security management system (ISMS) is a broad term that encompasses an organization’s information security policies, practices, and procedures regarding information security and how these are assessed, optimized, and implemented over time. An ISMS aims to ensure all risks are mitigated and that all risk management processes work effectively.

What is the Washington My Health My Data (MHMD) Act?

Washington’s My Health My Data Act (MHMD Act) regulates businesses and service providers that process or collect consumer health data from state residents. The act’s broad definition of “health data” carries compliance implications for a wide range of entities, including many that fall outside the scope of the Health Insurance Portability and Accountability Act (HIPAA).

Choosing a Financial Services Cyber Risk Remediation Product

In 2022, the finance industry suffered the second-highest number of data breaches. Besides implementing an attack surface management solution, the finance sector must also ensure its remediation product can quickly and efficiently address cybersecurity risks. If you’re in the market for a cyber risk remediation product, this post outlines the key features to look for to maximize the ROI of your new IT security tool. Learn how UpGuard protects financial services from data breaches >

Choosing a Tech Cyber Risk Remediation Product (Key Features)

Cyber risk remediation, the process of actively identifying, remediating, and mitigating cybersecurity risks, is particularly critical for the technology industry. With its characteristic enthusiasm towards adopting the latest trends in innovation, without a cyber threat remediation product, tech companies are unknowingly increasing their risk to a swatch of data breach risks.

The LastPass Data Breach (Event Timeline And Key Lessons)

In August 2022, LastPass suffered a data breach with escalating impact, ultimately resulting in a mass user exodus toward alternative password manager solutions. This post provides an overview of the timeline of events during the LastPass cyber attack and critical lessons to help you avoid suffering a similar fate. Learn how UpGuard streamlines Vendor Risk Management >

Understanding the California IoT Security Law (SB-327)

In September 2019, California signed Senate Bill 327, also known as the California Internet of Things (IoT) Security Law. While not an extensively written piece of legislation like the California Consumer Privacy Act (CCPA), SB-327 took effect on January 1, 2020, and focuses on manufacturers of connected devices—requiring updated security standards that protect both devices and end-users. Learn how UpGuard can help your organization update security standards and monitor risk >

What is the SSL Not Available Risk?

So you've received a critical risk finding for SSL not available, which means your domain does not have an SSL certificate installed on the server. To resolve this finding, you can generate and supply an up-to-date SSL/TLS certificate on your site. SSL, which stands for secure sockets layer, and its successor TLS, or transport layer security, are internet protocols for securing traffic between systems with an encryption algorithm.