Security News

ISO 27001 is also supported by the other standards ISO/IEC 27000:2018 and ISO/IEC 27005:2022, among others. What advice do you have for organizations, particularly SMEs, in effectively allocating resources and budget for ISO 27001 implementation?

Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act compliance in the European Economic Area to allow European users to uninstall all apps in Windows by March 6. The KB5034203 is a monthly non-security optional cumulative update that enables Windows administrators to try out fixes and improvements that will come with the February 2024 Patch Tuesday release.

Rapid GenAI adoption is the top-ranked issue for the next two years for legal, compliance and privacy leaders, according to Gartner. "Legal leaders should adapt preexisting, well-established and widely distributed risk monitoring and management practices until new processes can be implemented. For example, they might modify data inventories and records of processing activities of privacy impact assessments to track GenAI usage."

The EU General Data Protection Regulation is a comprehensive set of rules designed to keep the personal data of all EU citizens collected by any organization, enterprise or business safe from unauthorized access or use. Failure to do so, would be a costly oversight on their part, as the penalties associated with the GDPR are severe and are applied across international borders at the discretion of the EU data protection authorities.

Global financial crime compliance costs for financial institutions exceed $206 billion. Financial crime professionals embrace AI. While certain industries are still determining the ways in which AI and ML will bring about an influence, 71% of professionals in financial crime compliance indicate that their organizations are already enhancing data utilization through advanced analytics.

SOC 2, ISO, HIPAA, Cyber Essentials – all the security frameworks and certifications today are an acronym soup that can make even a compliance expert’s head spin. If you’re embarking on your...

For financial institutions, the way to do so is not necessarily by investing in new security tools; it's by getting more value from existing technology through automated monitoring and optimization. Beyond the direct hit to impacted businesses, there's a more acute risk that makes governments and regulators nervous: A serious attack on the banking system could have a debilitating impact on national and economic security.

Bank-fintech partnerships continue to rise as financial institutions look to streamline operations, improve customer experiences, drive profitability, and manage risk and compliance efforts. The guidance promotes standardization for assessing third-party risk and describes sound risk management principles when developing and implementing third-party risk management practices.

Last October, Pennsylvania State University was sued by a former chief information officer for allegedly falsifying government security compliance reports. Following a meeting in June 2022, he recounts "Penn State had never reached actual DFARS compliance and thus had been falsely attesting to compliance since January 1, 2018.".

Legal and compliance department investment in GRC tools will increase 50% by 2026, according to Gartner. "While most organizations already have existing compliance programs, legal and compliance leaders need to ensure they are empowered to capture and elevate the right information to management and the board, take the appropriate action, and maintain documentation related to these processes," Kornutick said.