Security News

What’s next on the agenda for Chief Compliance Officers?
2021-07-15 05:00

As demands on the compliance function grow more intense, Chief Compliance Officers must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. We sit down with Chris Audet, Senior Director at Gartner, to see what's next on the agenda for global compliance leaders.

Ensuring HIPAA compliance when using the cloud
2021-07-14 05:30

Here is a quick guide into how healthcare providers can ensure HIPAA compliance when using the cloud. As cloud platforms that are working with healthcare providers are concerned with protected health information, each platform is considered a HIPAA business associate.

1 in 5 companies fail PCI compliance assessments of their infrastructure
2021-07-13 03:00

According to a recent poll by SentryBay, the infrastructure of over 21% of surveyed companies has failed key PCI compliance assessments, designed to assist them to maintain high security standards when processing customer card payments. A further 29.3% said that they had no confidence in their own company's compliance when it came to PCI DSS. Lack of confidence in the PCI standards.

Asurity appoints David Roell as VP, Compliance Products and Analytics at RiskExec
2021-07-02 22:45

Asurity announces David Roell has joined the company as Vice President, Compliance Products and Analytics at its subsidiary RiskExec. Prior to joining the Asurity organization, David served as Lead Data Scientist, HMDA Operations at the Consumer Financial Protection Bureau.

Chief Compliance Officers must embrace new leadership responsibilities
2021-06-30 04:30

As demands on the compliance function grow more intense, Chief Compliance Officers must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. These working models require CCOs to embrace new roles, and in some cases, assertively expand how their function is thought of by stakeholders and business leaders, including acting as a strategic business advisor and championing the use of analytics to better manage new layers of risk.

Third-party identity risk management, compliance, or both?
2021-06-25 05:30

Despite the 49% of organizations in the report who said they are completing an initial risk assessment before granting access to third parties, these assessments are typically focused on the security controls the organization has in place or the organizational risk score. A third-party organization may pass a risk assessment and be in compliance one day, but an unexpected threat to business operations may push it out of compliance the next.

LexisNexis Financial Crime Digital Intelligence reduces digital financial crime and compliance risk
2021-06-21 08:12

LexisNexis Financial Crime Digital Intelligence is a new solution that leverages digital identity data to transform financial crime compliance workflows. LexisNexis Financial Crime Digital Intelligence provides a dedicated and customized workspace including purpose-built financial crime compliance capabilities such as access to additional sanctions risk features, storage capacity and user role configuration.

73% of enterprises suffer security and compliance issues due to internal misalignment
2021-06-18 05:00

According to Enterprise Management Associates and BlueCat's recently published research report, nearly 3 in 4 enterprises have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams. The research, based on a survey of 212 networking and cloud professionals, found that the consequences of dysfunction between these teams extend far past the security realm.

Strengthen Your Password Policy With GDPR Compliance
2021-06-17 01:06

When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.

Helping security teams respond to gaps in security and compliance programs with Qualys CSAM
2021-06-01 05:00

While traditional IT teams and inventory tools provide an IT view of inventory, software support, and licensing, security teams are looking for the security context of assets such as assets that are not running security tools, detection of unauthorized software, internet visibility, and more. Security tools like EDR help secure assets, but do not let security teams know which critical assets are not running EDR, or if databases are visible from the internet? All security teams have defined authorized and unauthorized software policies.