Security News

How Does Your AD Password Policy Compare to NIST's Password Recommendations?
2021-01-07 23:02

This post will take a closer look at the NIST password guidelines and see how you can effectively audit your password policies to ensure these meet the standards recommended by NIST. NIST Password Guidelines and Best Practices. According to NIST recommended password guidelines, this policy would not align with the NIST standard.

How to create a good privacy policy for your website: Tips from the Better Business Bureau
2020-12-28 13:00

Something else to consider are third-party vendors such as analytics providers, advertisers, and payment processors who collect data on the company's business website. Customers should be advised who collects what data and given access links to the appropriate privacy policies.

Facebook Criticizes Apple Privacy Policy in Newspaper Ads
2020-12-17 09:40

Facebook is again pushing back on new Apple privacy rules for its mobile devices, this time saying in full page newspaper ads that the social media giant is standing up for small businesses. In ads that ran in The New York Times, The Wall Street Journal and other national newspapers Wednesday, Facebook said Apple's new rules "Limit businesses' ability to run personalized ads and reach their customers effectively."

How to Use Password Length to Set Best Password Expiration Policy
2020-12-17 02:36

"This security setting determines the period of time that a password can be used before the system requires the user to change it. You can set passwords to expire after a number of days between 1 and 999, or you can specify that passwords never expire by setting the number of days to 0. If the maximum password age is between 1 and 999 days, the minimum password age must be less than the maximum password age. If the maximum password age is set to 0, the minimum password age can be any value between 0 and 998 days." "Specops Password Policy provides many additional features when compared to the default Active Directory Password Policy settings, including password expiration. One of the options contained in the Specops Password Policy is called"Length based password aging.

A Cybersecurity Policy Agenda
2020-12-11 12:57

The Aspen Institute's Aspen Cybersecurity Group - I'm a member - has released its cybersecurity policy agenda for the next four years. The next administration and Congress cannot simultaneously address the wide array of cybersecurity risks confronting modern society.

Mastercard appoints Richard Verma as Executive VP of Global Public Policy and Regulatory Affairs
2020-12-02 23:30

Mastercard announced the appointment of Richard Verma as Executive Vice President, Global Public Policy and Regulatory Affairs where he will oversee the company's public policy, regulatory affairs and litigation teams around the world, reporting to Tim Murphy, General Counsel, Mastercard. Verma brings over 25 years of international experience across senior levels of business, law, diplomacy, and the military.

How to Update Your Remote Access Policy – And Why You Should Now
2020-11-25 15:25

For close to two decades, organizations have allowed privileged employees to work remotely by offering remote access solutions as a part of the daily work environment. One common mistake that security teams make when designing and updating their security and remote-access policy is not fully understanding the current contours of their network - or accounting for employees' changing locations and access habits.

build.security Emerges From Stealth With Authorization Policy Management Platform
2020-11-18 14:02

Security, an Israel-based company that has been developing an authorization policy management platform, emerged from stealth mode on Wednesday with $6 million in seed funding. Security's platform, which the company expects to become generally available in the second or third quarter of 2021, is described as an authorization policy management platform powered by the open source authorization engine Open Policy Agent, and it aims to help developers address the challenges associated with implementing role-based access controls and attribute-based access controls in enterprise applications.

Coil payments platform leaks user emails in 'Privacy Policy' update
2020-11-17 09:11

Coil has accidentally exposed some of its users' email addresses in a mass email announcement sent out today. At least 1,000 emails disclosed in mass announcement.

Micropayments company Coil distributes new privacy policy with email that puts users' addresses in the ‘To:’ field
2020-11-17 04:58

The Register has read it and can report that while it reveals that Coil seeks permission to share users' details with service providers, partners, and "Related entities". We cannot find a clause that resembles: "We reserve the right to expose your email address to countless other Coil users in the 'To:' field of an email."