Web Exclusive Stories - Articles - Page 210

Healthcare Data Compliance: Maintaining Integrity, Privacy and Security

Four healthcare security lessons learned during the initial COVID-19 surge

August 10, 2020

By looking at hospitals – and the resulting mad scramble and actions they took to protect their patients – there are four lessons that can be distilled to help those in the thick of a spike or for those planning for the next surge.

We are all Jeff Bezos

Mike Fong

August 7, 2020

As much of the world continues to hunker down at home in response to COVID-19, threat actors continue to find ways of exploiting the crisis to gather sensitive and valuable information from individuals. But while we’re busy making sure that our primary computers and cloud-based accounts are locked down, it’s often the devices we least suspect – our smartphones – that provide the opening that hackers need. The 2018 hacking of Jeff Bezos’s iPhone X, perhaps the most famous example of smartphone hacking, provides an important reminder that these most personal of devices should be used with appropriate caution, especially in this time of upheaval.

Revised NIST Cyber Security Framework - Security Magazine

How to lead an economical and efficient infosec program

Vinay Sridhara

August 7, 2020

Today's challenging reality presents an opportunity for CISO’s to reevaluate the economics and efficiencies of their current infosec program. To do so, CISO’s must narrow their focus on maximizing their return on investments and shift to a risk-based prioritization strategy. No matter the situation, CISO’s are always expected to meet goals and drive results. Even though security professionals cannot reduce risk to zero, they can reduce risk significantly by first eliminating the most impactful risks facing their organization. Below, I discuss the four critical steps of leading an economical and efficient information security program while following a risk-based approach.

Outsourcing Data: Don't Take a Fairytale Approach

The good, the bad and the ugly: Standard contractual clauses after Schrems II

Mike Slipsky

Saad Gul

August 7, 2020

Countless businesses export data from the European Union to the United States. Does your human resources office have information on European employees? The sales department information on European clients? That is personal data. The question is if data exports can continue in the wake of the Court of Justice of the European Union’s (CJEU) ruling in the “Schrems II” case.

The Uncharted Path for New Security Leaders

Hiring a CISO: The evolving role of your security executive

Karen Turrini

Douglas Gladstone

August 6, 2020

Before COVID, cybersecurity was a concern for businesses everywhere. In fact, in Microsoft’s 2019 Global Risk Perception Survey, 57 percent of companies ranked cybersecurity as a higher risk than economic uncertainty and brand reputation or damage. Looking ahead, what does all of this mean for the role of the Chief Information Security Officer (CISO)? Not only is it more important than ever before, but the role has shifted since the start of COVID.

Authentication vs. authorization | Why we need authorization standards and what it means for enterprise cybersecurity

I witnessed the transition from bespoke authentication to standards-based authentication. It’s time to do the same for authorization.

Bill Mann

August 6, 2020

Twenty years ago, almost everything in the IT world was on-premises: hardware and software, including the tools you used to verify who your users were and what they could do in your systems. In today’s cloud-native world, almost nothing is on-prem, and because of the explosion of apps, remote users and devices, it has become a considerably more complicated task, by orders of magnitude, to verify the identity of a user — or a service — and determine policies that say what they are and aren’t allowed to do.

Making the business case for security by design

Rodney Joffe

August 6, 2020

Organizations need to evolve their thinking around cybersecurity to stay ahead of these changing threats. A holistic approach that effectively builds security into all infrastructure and processes from the ground up is cost-effective and necessary to safeguard valuable employee and customer data. This requires an overall shift in philosophy – and adopting the concept of security by design is a key first step.

Top 3 Misconceptions About Data After Death - Security Magazine

Salesforce policy change poses grave security implications

W. Curtis Preston

July 31, 2020

COVID-19 has completely changed our world from six months ago, as we continue to battle the grave health implications, face extended stay at home orders, and grapple with the insurmountable ramifications on our economy. The pandemic has also forever changed the cyber threat landscape, with our workforce becoming more dispersed, and potentially more vulnerable, than ever as organizations switch out of the confines of their offices and move entire data streams to their laptops and home offices. On top of this, Salesforce has announced it is ending its Data Recovery service on July 31st, which is putting all of the data protection responsibilities, and the dire consequences that comes along with it, on the backs of the customer.

Security services and PPP loans – What did you receive?

Tim Lozier

July 30, 2020

Here, we took a look to see what companies within the Security and Patrol Service industry took PPP Loans, and the impact on the industry.

The Long and Winding Road to Cyber Recovery

A call for industry coordination around DLT security

Stephen Scharf

July 28, 2020

As the financial services industry moves toward an ever-greater dependence on technology, we must always keep an eye on the future to ensure that any new technological advancement or implementation delivers the same, if not better, benefits and risk management capabilities. One emerging area that has garnered a lot of attention in recent years is Distributed Ledger Technology (DLT). While DLT holds great promise, there is currently no clear path around how to implement the technology in a way that addresses documented and evolving security risks.