HackDig : Dig high-quality web security articles

Exploring ESG Through a GRC Lens

Oftentimes, three-letter acronyms trend and become buzzwords. At other times, they act as catalysts by influencing the business environment in which an organization operates. Such acronyms include CSR (corporate social responsibility), GRC (governance, risk, and compliance), and the most recent one, ESG (environmental, social, and governance). These are impo
Publish At:2022-08-02 01:06 | Read:222 | Comments:0 | Tags:Featured Articles Regulatory Compliance environmental Govern

PCI 4.0: The wider meanings of the new Standard

The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance.  In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.In our series about how the new standard differs from the pre
Publish At:2022-07-07 01:06 | Read:387 | Comments:0 | Tags:Featured Articles PCI PCI Compliance PCI DSS Regulatory Comp

NIST SP 800-161r1: What You Need to Know

Modern goods and services rely on a supply chain ecosystem, which are interconnected networks of manufacturers, software developers, and other service providers. This ecosystem provides cost savings, interoperability, quick innovation, product feature diversity, and the freedom to pick between rival providers. However, due to the many sources of compone
Publish At:2022-06-22 02:14 | Read:475 | Comments:0 | Tags:Featured Articles Regulatory Compliance NIST Risk Management

What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018.  The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that.  This, of course, creates a couple of problems
Publish At:2022-06-14 06:12 | Read:740 | Comments:0 | Tags:Featured Articles PCI PCI DSS pci dss requirements Regulator

Navigating Cybersecurity with NERC CIP as the North Star

Working in the Electric Utility sector of critical infrastructure gives a person a very unique perspective on how many of the pieces of the puzzle fit together to provide uninterrupted services to a broad population. My personal experience as a software engineer in the electrical industry introduced me to the nuances that the average person doesn’t consider
Publish At:2022-06-10 02:13 | Read:541 | Comments:0 | Tags:Featured Articles ICS Security NERC CIP Critical Infrastruct

NERC CIP Audits: Top 8 Dos and Don’ts

My time at NERC had me involved with quite a few projects over my seven-year career there. I was involved with CIP compliance audits, investigations, auditor training, and many advisory sessions. Typically, I was advising entities across North America on different tactics, techniques, and insight from best practices I have seen. I wanted to share a few of th
Publish At:2022-06-07 06:11 | Read:851 | Comments:0 | Tags:Featured Articles NERC CIP Regulatory Compliance audits comp

Building a Strong Business Case for Security and Compliance

Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure they adhere to it to remain
Publish At:2022-05-10 02:12 | Read:1537 | Comments:0 | Tags:Featured Articles Regulatory Compliance business compliance

Compliance does not equal security: 7 cybersecurity experts share their insights

It is often stated that security is hard.  Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge.  Conversely, compliance is the opposite.  Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a satisfactory way to
Publish At:2022-05-02 17:52 | Read:1676 | Comments:0 | Tags:Featured Articles Regulatory Compliance compliance crowdsour

PCI DSS 4.0 and ISO 27001 – the dynamic duo

It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed by version
Publish At:2022-04-28 02:08 | Read:1431 | Comments:0 | Tags:Featured Articles Regulatory Compliance ISO 27001 PCI Compli

Top Tips for Moving from Compliance to Cybersecurity Excellence

Compliance should be an essential part of business operations, regardless of industry. Taking preventative measures to manage compliance and mitigate risk can feel like a hassle upfront, but it can save your organisation huge costs in the long run. Compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. However, your eff
Publish At:2022-04-20 02:08 | Read:1530 | Comments:0 | Tags:Regulatory Compliance frameworks security cyber cybersecurit

Regulatory Compliance – Holding Security Back or Forcing us to Reassess old biases?

A recent survey conducted by IBM and Censuswide of the UK market explored some of the drivers for modernisation and revealed some interesting challenges that organisations currently face as more and more businesses expand their digital boundaries. The most interesting finding was the that one of the drivers for modernisation (according to 28% of participants
Publish At:2022-04-19 02:08 | Read:1540 | Comments:0 | Tags:Featured Articles Regulatory Compliance security

How to Use NIST’s Cybersecurity Framework to Protect against Integrity-Themed Threats

span class="entry-content post-content">With the CIA Triad, confidentiality commands much of the attention. Organizations fret over the unauthorized disclosure of their data, so they try to reduce the risks of that type of an incident. In so doing, however, enterprises commonly overlook the other two, integrity in particular.Ron Ross, a fellow at the Nationa
Publish At:2022-04-13 06:04 | Read:1451 | Comments:0 | Tags:Featured Articles Regulatory Compliance framework NIST secur

Ultimate Guide to CPRA for US Businesses

span class="entry-content post-content">To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws. Moreover, users have become increasingly aware and educated about their
Publish At:2022-04-11 06:04 | Read:2335 | Comments:0 | Tags:Featured Articles IT Security and Data Protection Regulatory

The Obsession with Faster Cybersecurity Incident Reporting

Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting
Publish At:2022-03-22 06:03 | Read:1553 | Comments:0 | Tags:Featured Articles Regulatory Compliance incident response in

What Is CPS 234 and Who Needs to Comply with It?

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new Standard emerged as an
Publish At:2022-03-07 02:07 | Read:2271 | Comments:0 | Tags:Featured Articles Regulatory Compliance Australia compliance

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud