%term

The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

May 23, 2024 By SecurityScorecard In SecurityScorecard

This week, the SEC issued a statement addressing some of the rampant confusion and inconsistencies observed under the agency’s new cyber breach disclosure rule. The statement itself addresses a technical securities law requirement, that public companies should only use Item 1.05 of Form 8-K to disclose “material” cyber breach information (instead of making voluntary or immaterial disclosures).

Read Post

SecurityScorecard

Read more about The Need for Speed: "Material" Confusion under the SEC's Cyber Rules

How to Choose the Right ASVS Level for Your Organization

May 22, 2024 By Chester Avey In SecuritySenses

The Application Security Verification Standard (ASVS) developed by the Open Web Application Security Project (OWASP) provides a robust framework for conducting penetration testing (pentesting) and security audits of web applications and infrastructure. In the evolving landscape of network security, with risks emerging in sophistication and frequency, maintaining a baseline level of compliant security procedures is highly recommended.

Read Post

SecuritySenses

Read more about How to Choose the Right ASVS Level for Your Organization

HITRUST: the Path to Cyber Resilience

May 22, 2024 By John Salmi In Tripwire

Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its fundamental tenets: risk management. It is, perhaps, understandable that we overlook risk management.

Read Post

Tripwire

Read more about HITRUST: the Path to Cyber Resilience

Announcing Vanta's industry-first partnership to automate HITRUST e1

May 22, 2024 By Vanta In Vanta

Today we’re excited to announce that Vanta has partnered with HITRUST Services Corp., the leader in cybersecurity assurances, to be the first automated compliance solution for the HITRUST e1 Assessment and reseller of the HITRUST MyCSF platform. Vanta is the first pre-built solution that includes the controls, documents, and policies necessary to demonstrate your commitment to safeguarding data and protected health information (PHI) — all in a way that can be validated by HITRUST. ‍

Read Post

Vanta

Read more about Announcing Vanta's industry-first partnership to automate HITRUST e1

Vodafone Idea becomes Industry First to achieve SOC2 Type 2 Attestation

May 22, 2024 By VISTA InfoSec In VISTA InfoSec

In a significant achievement for the Indian telecommunications industry, Vodafone Idea (Vi) has become the first Indian company to secure the SOC 2 Type 2 attestation. This significant milestone not only underscores its unwavering commitment to data security but also cements its position as an industry leader in fostering trust and transparency. The attestation was conducted by VISTA InfoSec, a global Information Security Consulting firm with offices based in the US, UK, Singapore, and India specializing in GDPR, PCI DSS, HIPAA, ISO 27001, and other types of security compliance standards.

View Video

VISTA InfoSec

Read more about Vodafone Idea becomes Industry First to achieve SOC2 Type 2 Attestation

DFARS 7012 Class Deviation and NIST 800-171 Rev 3 Guidance for DIBs

May 21, 2024 By Irena Mroz In archTIS

NIST 800-171 revision 3 was released on May 14, 2024, prompting DoD to issue an indefinite class deviation for DFARS 252.204-7012, Safeguarding Covered Defense Information and Cyber Incident Reporting (DFARS 7012). US Defense Industrial Base (DIB) contractors must now comply with NIST SP 800-171 revision 2 rather than the version in effect at the time the solicitation is issued, as was previously required.

Read Post

archTIS

Read more about DFARS 7012 Class Deviation and NIST 800-171 Rev 3 Guidance for DIBs

Understanding the NIS 2 Directive

May 21, 2024 By Ralf Schmitz In IONIX

By expanding its scope and introducing modernized requirements, the new NIS 2 Directive challenges organizations to elevate their cyber preparedness. This article explores how the directive affects a wide range of sectors and the critical infrastructure within them, detailing the requirements for compliance and highlighting the key role that IONIX plays in supporting organizations in meeting these regulations.

Read Post

IONIX

Read more about Understanding the NIS 2 Directive

FedRAMP "In Process": What It Means and How to Get Listed

May 17, 2024 By Max Aulakh In Ignyte

FedRAMP, the Federal Risk and Authorization Management Program, is a way for cloud service providers to undergo auditing, scrutiny, and testing to validate their security. This security encompasses primarily information security but also user authorization and authentication, physical security, and more.

Read Post

Ignyte

Read more about FedRAMP "In Process": What It Means and How to Get Listed

Coralogix Receives FedRAMP Ready Status: A Milestone in Secure, Compliant Data Analysis

May 16, 2024 By Coralogix Blog In Coralogix

We are excited to announce today that Coralogix has achieved FedRAMP Ready status and is now listed in the Federal Risk and Authorization Management Program Marketplace. This significant milestone underscores Coralogix’s commitment to providing secure, compliant, and efficient observability services to customers, especially within the government sector. This achievement paves the way for Coralogix to provide US government entities with full-stack, cost-effective observability capabilities.

Read Post

Coralogix

Read more about Coralogix Receives FedRAMP Ready Status: A Milestone in Secure, Compliant Data Analysis

IONIX: Your Partner for DORA Compliance and Cyber Resilience

May 16, 2024 By Ralf Schmitz In IONIX

In the modern era of digitized operations, even non-tech companies must prioritize cybersecurity and operational resilience. This especially applies to industries where security is of paramount importance, such as the financial industry.

Read Post