Should data security and privacy laws specify data encryption?
Image via Wikipedia The proliferation of data security and privacy laws from state and federal agencies has created challenges and complexities for all entities that store and use data. One of the...
View ArticleAdd Twitter security to the top information security threats
Last week’s 140 Characters Conference presented dozens of examples of how people are using Twitter creatively, effectively and disruptively. What didn’t get as much attention are the security risks and...
View ArticleNo easy answers for complying with data protection regulations
As the effective date of Jan. 1, 2010, approaches for Massachusetts’ data protection regulation, business owners and information security managers are getting a little bit edgy about compliance with MA...
View ArticleCompliance resources: Tips and news from around TechTarget
Did you know that TechTarget now has more than 60 different websites, each of which focuses on a different form of technology? You can find compliance resources on nearly every one of them. As a former...
View ArticleCompliance officers discuss business, IT alignment at ISACA conference
This guest post is from Joe Hewitt, an IT compliance specialist for American Honda Finance Corporation. His views do not represent those of Honda, any of its divisions, or employees. The 2009 ISACA...
View Article201 CMR 17 FAQ: Updates to Massachusetts data protection law
Earlier today, the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) issued an update to 201.CMR.17, the Massachusetts data protection law. The deadline for implementation has...
View ArticleAmended Massachusetts data protection act focuses on risk management
As Alexander Howard reported earlier today, the Massachusetts data protection law has been amended. The revised data privacy regulations — 201 CMR 17.00, “Standards for the Protection of Personal...
View ArticleCapability and Maturity Model Creation in Information Security
This is a guest post from Secure Payments and Chaordic Design Evangelist Michael Dahn. He blogs frequently about PCI and information security at ChaordicMind.com. Contact him there or follow @sfoak on...
View ArticleThe fundamentals of information security for SMBs — easy to read, free
Information security pros weary of explaining the basics of protecting their companies’ information, systems and networks to employees who really don’t want to be bothered might want to take a look at...
View ArticleInformation security and compliance resources from around TechTarget
The laws and regulations that CIOs and CISOs must understand and reflect in their operations are by nature applicable to many different areas of information technology. As a recent study on the privacy...
View ArticleGRC, big data require law firms to reexamine information governance
Big data presents numerous data governance challenges: Regulatory compliance, information security and risk management and are all complicated by the amount of data generated by the average business...
View ArticleTransparency, business-wide buy-in key components of GRC strategy
The recent news that a former Microsoft employee was being charged by federal prosecutors for providing confidential company software code to a tech blogger raised interesting questions. While the...
View ArticleRisk landscape disrupts Wall Street banks and CISO roles
Organizations of all stripes are feeling the impact of mounting risk. In the past few weeks alone: Wall Street’s big banks reacted to a changing regulatory landscape; a new survey found that many...
View ArticleNorth Korea applauds Sony breach but denies responsibility
Sony is the latest big-name company to have its computer network hacked. Corporate information and entire films were leaked online in what some suspect is retaliation by the North Korean government. In...
View ArticleObama plans response against North Korea for Sony Pictures hack
President Barack Obama declared that the U.S. government will respond to North Korea’s actions after the FBI announced that the nation-state was behind last month’s calamitous cyberattack against Sony...
View ArticleWill weak incentives for security investment force regulatory intervention?
Data breaches have been intensifying in recent years, but security expert Benjamin Dean argues that many private companies still lack motivation to invest in more robust information security. Also in...
View ArticleApple CEO Tim Cook’s email may have violated SEC disclosure rules
Lawyers say Apple CEO Tim Cook may have flouted the Securities and Exchange Commission’s fair-disclosure regulation when he sent a CNBC correspondent an email containing company performance...
View ArticleFTC report: Big data analytics could prove harmful to consumers
Big data analytics have proven extremely beneficial to both companies and consumers across a wide range of industries, producing valuable insight in fields like healthcare, education and...
View ArticleCybersecurity questions get the boardroom’s attention
“Security has transcended from an IT issue to a boardroom issue.” This was how Microsoft corporate vice president and CISO Bret Arsenault opened his panel discussion at last month’s RSA Conference in...
View ArticleRisk landscape disrupts Wall Street banks and CISO roles
Organizations of all stripes are feeling the impact of mounting risk. In the past few weeks alone: Wall Street’s big banks reacted to a changing regulatory landscape; a new survey found that many...
View Article