Security News

Here is a quick guide into how healthcare providers can ensure HIPAA compliance when using the cloud. As cloud platforms that are working with healthcare providers are concerned with protected health information, each platform is considered a HIPAA business associate.

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. A further 29.3% said that they had no confidence in their own company's compliance when it came to PCI DSS. Lack of confidence in the PCI standards.

Asurity announces David Roell has joined the company as Vice President, Compliance Products and Analytics at its subsidiary RiskExec. Prior to joining the Asurity organization, David served as Lead Data Scientist, HMDA Operations at the Consumer Financial Protection Bureau.

As demands on the compliance function grow more intense, Chief Compliance Officers must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. These working models require CCOs to embrace new roles, and in some cases, assertively expand how their function is thought of by stakeholders and business leaders, including acting as a strategic business advisor and championing the use of analytics to better manage new layers of risk.

Despite the 49% of organizations in the report who said they are completing an initial risk assessment before granting access to third parties, these assessments are typically focused on the security controls the organization has in place or the organizational risk score. A third-party organization may pass a risk assessment and be in compliance one day, but an unexpected threat to business operations may push it out of compliance the next.

LexisNexis Financial Crime Digital Intelligence is a new solution that leverages digital identity data to transform financial crime compliance workflows. LexisNexis Financial Crime Digital Intelligence provides a dedicated and customized workspace including purpose-built financial crime compliance capabilities such as access to additional sanctions risk features, storage capacity and user role configuration.

According to Enterprise Management Associates and BlueCat's recently published research report, nearly 3 in 4 enterprises have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams. The research, based on a survey of 212 networking and cloud professionals, found that the consequences of dysfunction between these teams extend far past the security realm.

When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.

While traditional IT teams and inventory tools provide an IT view of inventory, software support, and licensing, security teams are looking for the security context of assets such as assets that are not running security tools, detection of unauthorized software, internet visibility, and more. Security tools like EDR help secure assets, but do not let security teams know which critical assets are not running EDR, or if databases are visible from the internet? All security teams have defined authorized and unauthorized software policies.

The upcoming physical return to the office is also set to bring the influx of IoT devices that may be installed on networks as part of new COVID-19 workplace compliance policies. Some of these devices may collect large quantities of personal data that needs to be protected and is subject to the GDPR. GDPR Privacy by Design.