HackDig : Dig high-quality web security articles for hackers

7 Challenges that Stand in the Way of Your Compliance Efforts

Compliance is very important to any organization. Organizations have many standards to choose from including PCI, CIS, NIST and so on. Oftentimes, there are also multiple regulations that are applicable in any country. So, organizations need to commit some time and resources in order to apply security standards and achieve compliance.Even so, organizations e
Publish At:2020-11-16 00:37 | Read:105 | Comments:0 | Tags:Featured Articles Regulatory Compliance compliance complianc

Avionics Safety and Secured Connectivity: A Look at DO-326A/ED-202A, DO-355 and DO-356

One of the major improvements that the avionics industry is undergoing is an Internet of Things (IoT) upgrade. And this is inevitably affecting how airlines approach aircraft safety. From the beginning, safety has been paramount to the aviation industry. But while it is a welcome innovation, the incorporation of IoT devices in aircraft comes with attendant c
Publish At:2020-11-12 03:01 | Read:111 | Comments:0 | Tags:Regulatory Compliance Aviation certification IoT Plane regul

UAE’s Information Assurance Regulation – How to Achieve Compliance

For years, the United Arab Emirates (UAE) has committed itself to adopting information technology (IT) and electronic communication. The UAE’s Telecommunications Regulatory Authority (TRA) noted that this policy has made the state’s government agencies and organizations more efficient as well as has improved the ability for individuals to collaborate around
Publish At:2020-10-15 00:19 | Read:251 | Comments:0 | Tags:Government Regulatory Compliance compliance National Cyber R

Achieving Compliance with Qatar’s National Information Assurance Policy

Qatar is one of the wealthiest countries in the world. Finances Online, Global Finance Magazine and others consider it to be the wealthiest nation. This is because the country has a small population of under 3 million but relies on oil for the majority of its exports and Gross Domestic Product (GDP). These two factors helped to push the country’s GDP measure
Publish At:2020-10-08 01:01 | Read:280 | Comments:0 | Tags:Featured Articles Regulatory Compliance Complaince data Info

Cybersecurity Maturity Model Certification (CMMC) and Why You Should Care

The U.S. Department of Defense released the first version of the Cybersecurity Maturity Model Certification (CMMC) back on January 31, 2020. Since that time, there has been a flurry of different industry experts working towards helping clients understand and prepare for getting certified under CMMC. But what is it?The Cybersecurity Maturity Model Certificati
Publish At:2020-09-10 00:53 | Read:364 | Comments:0 | Tags:Regulatory Compliance certification CMMC Department of Defen

What Is the EU Cybersecurity Act and What Does It Mean for US-Based Businesses?

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act. On 27 June, the European Cybersecur
Publish At:2020-08-31 01:00 | Read:453 | Comments:0 | Tags:Regulatory Compliance business Cyber Security EU legislation

Future-Proofing Data With a Data Encryption Plan

Data volume storage needs are growing exponentially across hybrid multicloud environments. Meanwhile, companies are being faced with a greater number of regulations to follow, as well as increased exposure to data ransomware, theft and misuse. Many regulations, such as the General Data Protection Regulation, highlight encryption as an example of appropriate
Publish At:2020-07-08 10:58 | Read:442 | Comments:0 | Tags:Cloud Security Data Protection data encryption Compliance Da

Final Version of NIST SP 1800-23 Guides Identification of Threats to OT Assets

In September 2019, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) announced the release of a draft practice guide entitled, “NIST Special Publication (SP) 1800-23: Energy Sector Asset Management.” The NCCoE spent the next two months collecting comments from the public to improve their guid
Publish At:2020-06-08 01:09 | Read:834 | Comments:0 | Tags:ICS Security Regulatory Compliance Energy Sector NIST operat

Observing a Privacy Milestone: Expert Thoughts on GDPR’s 2nd Anniversary

May 25, 2020 marks the second anniversary of when the European Union’s General Data Protection Regulation (GDPR) took full effect. Undoubtedly, many organizations have succeeded in achieving compliance with the Regulation by now. But that raises some important questions.What benefits have those organizations experienced in achieving compliance, for instance?
Publish At:2020-05-25 01:18 | Read:716 | Comments:0 | Tags:Featured Articles Regulatory Compliance data privacy data pr

Best Practices for Scoring Your Environment’s Security Measures

For most practical uses today, a combination of hardening and vulnerability detection is required to secure even the most basic digital environment.In each area it is important to see the progress you’re making in these competencies so that you can improve and build on the work you and your team have done over time. But with so many assets in your digital en
Publish At:2020-05-24 10:04 | Read:604 | Comments:0 | Tags:Regulatory Compliance compliance dashboard Security Scoreboa

A Look at Trump’s Executive Order to Secure the Bulk Power System

On May 1st President Trump signed an Executive Order on “Securing the United States Bulk-Power System.” The order cites foreign adversaries and their increased creation and usage of vulnerabilities against the power grid as the primary driver. In my opinion, perhaps more interesting is the inherent ties to the NERC standards, namely CIP-010 R4 and CIP-013, t
Publish At:2020-05-24 09:56 | Read:571 | Comments:0 | Tags:ICS Security Regulatory Compliance Critical Infrastrucutre P

Ad Hoc or Managed Penetration Testing: Which One Is Best for You?

Penetration testing is no longer an extraordinary security engagement. Due to regulatory mandates, internal policies, business executive requests and the overall desire to avoid becoming the next breach victim, testing is now commonplace among many organizations. The kind of testing, however, can still be a question. Do you need ad hoc testing, that as-neede
Publish At:2020-05-03 08:13 | Read:687 | Comments:0 | Tags:Application Security Data Protection Risk Management Securit

Achieve Flexibility in Business Through Digital Trust and Risk Management

I grew up watching professional football back in the 70s, when defenses were so good they had their own nicknames. The Pittsburgh Steelers had the “Steel Curtain,” the Miami Dolphins had the “No-Name Defense” and the Dallas Cowboys had the “Doomsday Defense.” The Cowboys’ defense was based on a newfangled concept cal
Publish At:2020-04-21 10:39 | Read:1031 | Comments:0 | Tags:CISO digital trust Business Continuity Customer Experience D

Grow Your Business With an Evolving Cloud Security Strategy

We have all heard the castle-and-moat analogy to describe traditional centralized approaches to cybersecurity. As cloud security becomes increasingly important in the modern landscape, I think we should add one more component to the analogies we use to think about security: fog. Sometimes the fog is so thick that you can barely see what is in front of you or
Publish At:2020-03-17 10:37 | Read:876 | Comments:0 | Tags:Cloud Security Security Intelligence & Analytics Business Co

What is ISO 27701?

If you have a familiarity with any information security frameworks and certifications, it’s more than likely you have heard of International Organisation for Standardisation (ISO) and possibly the International Electrotechnical Commission (IEC). From my experience, the most commonly referred to business-level security related certifications are ISO/IEC 27001
Publish At:2020-03-05 00:53 | Read:1052 | Comments:0 | Tags:Regulatory Compliance GDPR ISO 27701 ISO27001 ISO27002

Tools