The Federal Information Security Management Act (FISMA) is a United States federal law enacted in December 2002 under the E-Government Act. The act mandates federal agencies to develop, document and implement an information security program, considering both processes and systems controls, to “protect information and information systems from unauthorized access, use, disclosure, disruption, modification, or […]
Data security news & resources
PCI-DSS 4.0 is coming; are you ready?
This time next year, PCI DSS 4.0 will come fully into effect, replacing the current standard, 3.2. 1, that has been in place since 2018. PCI SSC’s newest version shouldn’t come as a surprise to most. It was first released in March 2022. But with a two year grace period to allow vendors and credit […]
What must companies disclose to the Securities and Exchange Commission (SEC) in the event of a data breach?
Over the past 18 months, the Securities and Exchange Commission (SEC) has levied an onslaught of fines against public companies for inadequate disclosures of cybersecurity issues. In the latter half of 2021, British company Pearson agreed to pay $1 million, while First American Financial agreed to a settlement of $500,000. Then, just last week, the […]
What does the new era of data privacy laws means for you?
Data privacy advocates rejoice! 2023 is going to be one for the legislative history books, with the enforcement of four new state data privacy laws in the US. Colorado, Connecticut, Utah, and Virginia will all begin enforcing GDPR-style legislation this year, closely following in the footsteps of California – the first ever state to implement […]
What is Fourth party data sharing? Could be the silent security risk !
Outsourcing has become the bedrock of business in the digital world. Need marketing support? An app developer? Product packaging? Whatever the task, there’s a third-party out there that can do the work for you. But did you ever stop and think about your third-parties, third-parties? Just as your business acquires new skills and saves time […]
What is shared cybersecurity defense?
Hands up if your organization uses cloud applications like Microsoft 365, Google Workspace, Slack or AWS? If you do, you’re in the majority. It’s estimated that 90% of companies use the cloud. It’s a huge part of the future of work. But the cloud is complex—especially when it comes to security. This is because it […]
How to avoid holiday cybersecurity scams?
It’s October: the start of fall, the impending holiday season and, of course, cybersecurity awareness month. While you might not initially think thanksgiving, Black Friday and cybersecurity have much in common, there’s actually a lot to know about, especially when it comes to phishing. You see, there’s been a general trend in recent years of […]
Is employee & B2B personal data covered under the CPRA?
On August 31st, the California legislative session notably adjourned without the enactment of Assembly Bill 1102. This bill would have extended the exemption for the inclusion of employee and B2B personal data within the California Privacy Rights Act (CPRA). Without the exemption in place, compliance and governance around B2B and HR personal information will become […]
What is the NIST privacy framework?
The NIST Privacy Framework is a tool to help organizations identify, manage and mitigate privacy risks to data such as PII and PHI.
What is a software bill of materials?
A SBOM is an inventory of metadata. It enables developers to track each of the components used to create their customized software.
Do you need CMMC compliance? You will soon.
Use a data-centric approach to proactively prevent sensitive data exposure to third parties or vendors in our increasingly connected world.