HackDig : Dig high-quality web security articles for hackers

Cybersecurity Maturity Model Certification (CMMC) and Why You Should Care

The U.S. Department of Defense released the first version of the Cybersecurity Maturity Model Certification (CMMC) back on January 31, 2020. Since that time, there has been a flurry of different industry experts working towards helping clients understand and prepare for getting certified under CMMC. But what is it?The Cybersecurity Maturity Model Certificati
Publish At:2020-09-10 00:53 | Read:166 | Comments:0 | Tags:Regulatory Compliance certification CMMC Department of Defen

What Is the EU Cybersecurity Act and What Does It Mean for US-Based Businesses?

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act. On 27 June, the European Cybersecur
Publish At:2020-08-31 01:00 | Read:195 | Comments:0 | Tags:Regulatory Compliance business Cyber Security EU legislation

Future-Proofing Data With a Data Encryption Plan

Data volume storage needs are growing exponentially across hybrid multicloud environments. Meanwhile, companies are being faced with a greater number of regulations to follow, as well as increased exposure to data ransomware, theft and misuse. Many regulations, such as the General Data Protection Regulation, highlight encryption as an example of appropriate
Publish At:2020-07-08 10:58 | Read:282 | Comments:0 | Tags:Cloud Security Data Protection data encryption Compliance Da

Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guid
Publish At:2020-06-08 01:09 | Read:530 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST operat

Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.What benefits have those organizations experienced in achieving compliance, for instance?
Publish At:2020-05-25 01:18 | Read:500 | Comments:0 | Tags:Featured Articles Regulatory Compliance data privacy data pr

Best Practices for Scoring Your Environment’s Security Measures

For most practical uses today, a combination of hardening and vulnerability detection is required to secure even the most basic digital environment.In each area it is important to see the progress you’re making in these competencies so that you can improve and build on the work you and your team have done over time. But with so many assets in your digital en
Publish At:2020-05-24 10:04 | Read:435 | Comments:0 | Tags:Regulatory Compliance compliance dashboard Security Scoreboa

A Look at Trump’s Executive Order to Secure the Bulk Power System

On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the power grid as the primary driver. In my opinion, perhaps more interesting is the inherent ties to the NERC standards, namely CIP-010 R4 and CIP-013, t
Publish At:2020-05-24 09:56 | Read:374 | Comments:0 | Tags:ICS Security Regulatory Compliance Critical Infrastrucutre P

Ad Hoc or Managed Penetration Testing: Which One Is Best for You?

Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-neede
Publish At:2020-05-03 08:13 | Read:531 | Comments:0 | Tags:Application Security Data Protection Risk Management Securit

Achieve Flexibility in Business Through Digital Trust and Risk Management

I grew up watching professional football back in the 70s, when defenses were so good they had their own nicknames. The Pittsburgh Steelers had the “Steel Curtain,” the Miami Dolphins had the “No-Name Defense” and the Dallas Cowboys had the “Doomsday Defense.” The Cowboys’ defense was based on a newfangled concept cal
Publish At:2020-04-21 10:39 | Read:818 | Comments:0 | Tags:CISO digital trust Business Continuity Customer Experience D

Grow Your Business With an Evolving Cloud Security Strategy

We have all heard the castle-and-moat analogy to describe traditional centralized approaches to cybersecurity. As cloud security becomes increasingly important in the modern landscape, I think we should add one more component to the analogies we use to think about security: fog. Sometimes the fog is so thick that you can barely see what is in front of you or
Publish At:2020-03-17 10:37 | Read:606 | Comments:0 | Tags:Cloud Security Security Intelligence & Analytics Business Co

What is ISO 27701?

If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to business-level security related certifications are ISO/IEC 27001
Publish At:2020-03-05 00:53 | Read:762 | Comments:0 | Tags:Regulatory Compliance GDPR ISO 27701 ISO27001 ISO27002

Scalable Data Protection Is Critical to Support Data Privacy

Modern privacy regulations are founded on a variety of principles going back to 1890 that sought to protect citizens from “yellow journalism.” Over the following years, governments enacted legislation that sought to respect an individual’s right to privacy, including their image and their correspondence. Following an uptick in data breache
Publish At:2020-02-26 10:55 | Read:946 | Comments:0 | Tags:Data Protection Automation Compliance Data Privacy Forrester

The Past, Present and Future of Security Information and Event Management (SIEM)

With the release of the 2020 Gartner Magic Quadrant for Security Information and Event Management (SIEM), we feel that it is an appropriate time to reflect on the evolution of SIEM over the years. Starting out as a tool originally designed to assist organizations with compliance, SIEM evolved into an advanced threat detection system, then into an investigati
Publish At:2020-02-24 09:37 | Read:841 | Comments:0 | Tags:Incident Response Security Intelligence & Analytics Advanced

3 Trends in Data Privacy Breach Laws That Will Carry Over to 2020

During 2019, new privacy laws were introduced, and many current laws evolved in the United States and across the global landscape. With the General Data Protection Regulation (GDPR) in full effect, we saw expensive fines levied upon companies that fell victim to data privacy breaches. As we move into a new year, probably the biggest takeaway from 2019 is tha
Publish At:2020-02-12 10:40 | Read:2364 | Comments:0 | Tags:Data Protection Government Automation Compliance Data Breach

Assessment Frameworks for NIS Directive Compliance

According to the NIS Directive, Member States should adopt a common set of baseline security requirements to ensure a minimum level of harmonized security measures across EU and enhance the overall level of security of operators providing essential services (OES) and digital service providers (DSP).The NIS Directive sets three primary objectives:to improve t
Publish At:2020-02-09 10:21 | Read:895 | Comments:0 | Tags:Regulatory Compliance compliance dps ENISA NCSC NIS OES

Tools

Tag Cloud