Security News

Summit 7 Systems, a leading national provider of Cybersecurity Compliance Solutions for the Defense Industrial Base, announced an expansion of their Cybersecurity Practice Area with the addition of new software and services to prepare Defense and Aerospace Contractors for compliance with the new Cybersecurity Maturity Model Certification regulations. The CMMC regulations were created by the U.S. Department of Defense to strengthen Cybersecurity in the supply chain of the Defense Industrial Base, and version 1.0 was released on January 31, 2020.

A joint report by the International Association of Privacy Professionals and Ernst & Young, published last year, revealed inconsistencies in how companies are implementing the DPO role, including whether the CISO also serves as DPO. When Is DPO Required? While some say it's appropriate for CISOs to serve as DPOs because the roles complement each other, others argue the DPO position should be separate.

GoodData, a leader in end-to-end analytics solutions, announced that its data analytics platform now provides immediate compliance with the new California Consumer Privacy Act, considered the most stringent consumer data privacy act in the United States. "We are in a new era of data privacy. Companies need to comply with new and tougher laws and better serve their customers by meeting new standards for data privacy," said GoodData CEO, Roman Stanek.

Hiring third party investigators to bolster your AML and Compliance team? Here's four things to consider before you pick up the phone. Ensure the third party users have their own group identifiers so a reporting analyst can run reports on their productivity reports to demonstrate the value and efficiency of the third party user.

Threat Stack, the leader in cloud security and compliance for infrastructure and applications, announced a partnership with Tevora, a specialized management consultancy focused on cybersecurity, risk, and compliance services. The Threat Stack Cloud Security Platform extends security observability across the cloud management console, host, containers, and application layers to help customers understand the full picture of their cloud environment, quickly respond to incidents, and proactively reduce risk.

The publication also provides clarification about privacy risk management concepts and the relationship between the Privacy Framework and NIST's Cybersecurity Framework. The NIST Privacy Framework is not a law or regulation, but rather a voluntary tool that can help organizations manage privacy risk arising from their products and services, as well as demonstrate compliance with laws that may affect them, such as the California Consumer Privacy Act and the European Union's General Data Protection Regulation.

To ensure the highest levels of endpoint security across more than 8,000 devices and to help achieve HIPAA compliance in the face of rising data breaches across the healthcare industry, Apria Healthcare leverages Absolute, the leader in endpoint resilience, for comprehensive endpoint visibility and control. "Persistence [located] in the BIOS is the number one item that I think really sets Absolute apart from other companies touting that they can do asset tracking better," said Janet Hunt, Senior Director, IT User Support at Apria Healthcare.

Fugue has open sourced Regula, a tool that evaluates Terraform infrastructure-as-code for security misconfigurations and compliance violations prior to deployment. Regula rules are written in Rego, the open source policy language employed by the Open Policy Agent project and can be integrated into CI/CD pipelines to prevent cloud infrastructure deployments that may violate security and compliance best practices.

PLDA, the industry leader in PCI Express IP and data interconnect solutions, announced that their XpressRICH-AXI PCIe Controller IP passed all Gold and Interoperability tests at the PCI-SIG Compliance Workshop. PLDA's XpressRICH-AXI Controller IP for the PCIe 4.0 specification was tested running on an FPGA based add-in card Gen4ENDPOINT. PCI-SIG is the community responsible for developing and maintaining the standardized approach to peripheral component I/O data transfers.