Articles Tagged with ''compliance''

How insight-driven security builds business resiliency

February 18, 2021

The acceleration of digitization initiatives was paramount to ensure business continuity during this global crisis. As we rebuild economic stability in 2021, technology – especially automation and security – will play a significant role in positioning enterprises to return to growth.

Merging security compliance and DevOps

Ray Kruck

February 10, 2021

A more foundational goal is to make security and compliance part of the development process from the start. This is a transition that requires DevOps to bring along risk, security and compliance teams into the shared responsibility of making the organization resilient to change. But bringing the idea of shared responsibility to fruition can be difficult because there is a natural tension between DevOps and SecOps, as they have different charters and cultures. DevOps can be seen as more of a do culture (Atlassian calls this a “do-ocracy”) and SecOps can be seen as a control culture and they are inherently in conflict. To fulfill the promise of teaming for shared responsibility, DevOps and SecOps should align on three key objectives: collaboration, communication and integration.

Kroll adds three seasoned cybersecurity experts to Cyber Risk practice

January 21, 2021

Kroll, a division of Duff & Phelps, announced the hiring of three seasoned cyber experts in North America: John (Jack) Bennett, a managing director in the San Francisco office; Steve Bergman, a managing director in the Washington D.C. office; and John deCraen, an associate managing director in the Dallas office.

New plug-in allows consumers to “Opt-Out Easy” of websites’ data collection

January 15, 2021

Consumers can easily identify opportunities to opt out of sharing personal data through the first-of-its-kind “Opt-Out Easy” browser plug-in developed by researchers from Carnegie Mellon’s CyLab Security and Privacy Institute. The plug-in makes opt-out choices more accessible to users, automatically extracting privacy information from websites’ policies and presenting it in a user-friendly way.

Beware of paying that ransomware threat

Christian Contardo Doreen Edelman Kathleen McGee

December 31, 2020

Educate your organization on ransomware threats, including best practices and compliance; paying that ransom may not be the best idea.

New report helps enterprises move beyond compliance

December 18, 2020

The World Economic Forum today launched a new report that outlines how organizational leaders can influence their companies and encourage the responsible use of technology and build ethical capacity. “Ethics by Design” – An Organizational Approach to Responsible Use of Technology integrates psychology and behavioral economics findings from interviews and surveys with international business leaders. It aims to shape decisions to prompt better and more ethical behaviors. The report promotes an approach that focuses less on individual “bad apples” and more on the “barrel”, the environments that can lead people to engage in behaviors contrary to their moral compass. The report outlines steps and makes recommendations that have proven more effective than conventional incentives such as compliance training, financial compensation or penalties.

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

Analyzing the EDPB’s draft recommendations on supplementary measures

In the wake of Schrems II, the EDPB’s much-anticipated recommendations provide extensive guidance on supplementary measures parties can use to legally transfer data out of the EEA in the absence of an adequacy decision.

David M. Stauss

November 20, 2020

In a flurry of activity last week, the European Data Protection Board (EDPB) and the European Commission made major announcements affecting cross-border data transfers out of the EEA. First, the EDPB announced the adoption of draft recommendations on measures that supplement cross-border data transfer tools as well as recommendations on the European Essential Guarantees for surveillance measures. The below post will examine the EDPB’s draft recommendations on supplementary measures. The draft new standard contractual clauses will be discussed in a separate post.

90% of fraud analysts want better resources to conduct anonymous and auditable investigations

October 22, 2020

Authentic8 released the results of its 2020 Global Financial Crimes Survey, conducted in partnership with the Association of Certified Financial Crime Specialists (ACFCS).

Compliance activities and fines cost organizations nearly $4m per year

October 15, 2020

Telos Corporation, provider of cyber, cloud and enterprise security solutions, unveiled new findings from a survey conducted by independent research firm Vanson Bourne that highlights organizations’ ongoing struggle to keep up with IT security and privacy compliance regulations.

GRC leaders lack confidence in security data they provide to regulators

September 28, 2020

Senior risk and compliance professionals within financial services company’s lack confidence in the security data they are providing to regulators, according to Panaseer's 2020 GRC Peer Report. Results from a global external survey of over 200+ GRC leaders* reveal concerns on data accuracy, request overload, resource-heavy processes and lack of end-to-end automation.

Retail security professionals are facing an increasingly complex array of security challenges — everything from organized retail crime to evolving cyber-physical threats and public safety concerns.