The Federal Information Security Management Act (FISMA) is a United States federal law enacted in December 2002 under the E-Government Act. The act mandates federal agencies to develop, document and implement an information security program, considering both processes and systems controls, to “protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or […]
Data security news & resources
PCI-DSS 4.0 is coming; are you ready?
This time next year, PCI DSS 4.0 will come fully into effect, replacing the current standard, 3.2. 1, that has been in place since 2018. PCI SSC’s newest version shouldn’t come as a surprise to most. It was first released in March 2022. But with a two year grace period to allow vendors and credit […]
What does the new era of data privacy laws means for you?
Data privacy advocates rejoice! 2023 is going to be one for the legislative history books, with the enforcement of four new state data privacy laws in the US. Colorado, Connecticut, Utah, and Virginia will all begin enforcing GDPR-style legislation this year, closely following in the footsteps of California – the first ever state to implement […]
How can DLP help in Cyber Forensics?
Courtroom dramas may be fun to watch on TV, but no enterprise legal team actually wants to end up on the stand. And yet, with the rise of cyber-attacks, whistleblower complaints and class-action lawsuits, commercial disputes over data loss and theft are increasingly commonplace. Your day in court could be round the corner, so it’s […]
How did Dropbox data breach of 100 GitHub repositories occur?
It looks like Dropbox has dropped the ball. In a blog post published on November 1st, the company revealed that it had suffered a data breach after a successful phishing lure fooled numerous employees. Read on to discover how this breach happened, and the critical learnings to apply to your organization. What’s Dropbox? For those […]
Key findings from Cyentia Information Risk Insights Study
There’s a new kid on the block in the cybersecurity research sphere. The Cyentia Institute, a dedicated research center, has just released the third edition of its annual Information Risk Insights Study, abbreviated to IRIS. With support from the Cybersecurity and Infrastructure Security Agency (CISA), this year the study was bigger than ever, combining insights […]
A quick-start guide to data compliance for startups
It’s a well-known fact in the security community that compliance and privacy should be built into operations, software and culture from the ground up. While organizations that have been around for decades don’t have the luxury of doing this, startups are perfectly placed to bake in compliance from the outset. Curious how to do it? […]