Security News

As demands on the compliance function grow more intense, Chief Compliance Officers must proactively embrace new leadership responsibilities for their role and reposition how their function is thought of among stakeholders, according to Gartner. These working models require CCOs to embrace new roles, and in some cases, assertively expand how their function is thought of by stakeholders and business leaders, including acting as a strategic business advisor and championing the use of analytics to better manage new layers of risk.

Despite the 49% of organizations in the report who said they are completing an initial risk assessment before granting access to third parties, these assessments are typically focused on the security controls the organization has in place or the organizational risk score. A third-party organization may pass a risk assessment and be in compliance one day, but an unexpected threat to business operations may push it out of compliance the next.

LexisNexis Financial Crime Digital Intelligence is a new solution that leverages digital identity data to transform financial crime compliance workflows. LexisNexis Financial Crime Digital Intelligence provides a dedicated and customized workspace including purpose-built financial crime compliance capabilities such as access to additional sanctions risk features, storage capacity and user role configuration.

According to Enterprise Management Associates and BlueCat's recently published research report, nearly 3 in 4 enterprises have suffered security or compliance issues in the past year as a direct result of collaboration challenges between the cloud and networking teams. The research, based on a survey of 212 networking and cloud professionals, found that the consequences of dysfunction between these teams extend far past the security realm.

When you're implementing a password policy for your AD with GDPR compliance in mind it's a good idea to use a 3-rd party tool to help your password policy reach your entire end-user directory. During a password change in Active Directory, this service will block and notify users if the password they have chosen is found in a list of leaked passwords and provides dynamic feedback for password compliance.

While traditional IT teams and inventory tools provide an IT view of inventory, software support, and licensing, security teams are looking for the security context of assets such as assets that are not running security tools, detection of unauthorized software, internet visibility, and more. Security tools like EDR help secure assets, but do not let security teams know which critical assets are not running EDR, or if databases are visible from the internet? All security teams have defined authorized and unauthorized software policies.

The upcoming physical return to the office is also set to bring the influx of IoT devices that may be installed on networks as part of new COVID-19 workplace compliance policies. Some of these devices may collect large quantities of personal data that needs to be protected and is subject to the GDPR. GDPR Privacy by Design.

CoreStack announced the availability of its CoreStack AI-powered, multi-cloud compliance and governance solution in the Microsoft Azure Marketplace, an online store providing applications and services for use on Azure. CoreStack customers can now take advantage of the productive and trusted Azure cloud platform, with streamlined deployment and management.

While the CMMC doesn't completely replace the National Institute of Standards and Technology SP 800-171, it does include and build on these standards for a clear purpose. Enter the CMMC. With this new regulation, the DoD establishes five levels of cybersecurity preparedness, ranging from level one to level five.

Cloud security is more topical than ever when considering all the fun things that have happened in 2021 with security startups! Before talking about innovation and startups though, let's talk about a brief history of cloud security especially public cloud.