π 3 ways to kick-start your organization's cybersecurity training π
π Read
via "Security on TechRepublic".
Only 45% of organizations offer mandatory cybersecurity training, according to a Mimecast report. Here's how to boost your employees' security education.π Read
via "Security on TechRepublic".
TechRepublic
3 ways to kick-start your organization's cybersecurity training
Only 45% of organizations offer mandatory cybersecurity training, according to a Mimecast report. Here's how to boost your employees' security education.
π 70% of businesses using bots to boost efficiency, only 5% govern their access to data π
π Read
via "Security on TechRepublic".
As software bots spread throughout the enterprise, business leaders must control their access to sensitive information, according to a SailPoint report.π Read
via "Security on TechRepublic".
TechRepublic
70% of businesses using bots to boost efficiency, only 5% govern their access to data
As software bots spread throughout the enterprise, business leaders must control their access to sensitive information, according to a SailPoint report.
β Adobe Patches Zero-Day Vulnerability in Flash Player β
π Read
via "Threatpost | The first stop for security news".
The vulnerability could lead to arbitrary code execution.π Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Patches Zero-Day Vulnerability in Flash Player
The vulnerability could lead to arbitrary code execution.
π 5 ways to avoid cyberattacks during holiday travel π
π Read
via "Security on TechRepublic".
Whether traveling for business or the holidays this month, follow these tips from Matrix Integration to keep your devices safe.π Read
via "Security on TechRepublic".
TechRepublic
5 ways to avoid cyberattacks during holiday travel
Whether traveling for business or the holidays this month, follow these tips from Matrix Integration to keep your devices safe.
π΄ The Case for a Human Security Officer π΄
π Read
via "Dark Reading: ".
Wanted: a security exec responsible for identifying and mitigating the attack vectors and vulnerabilities specifically targeting and involving people.π Read
via "Dark Reading: ".
Dark Reading
Endpoint Security recent news | Dark Reading
Explore the latest news and expert commentary on Endpoint Security, brought to you by the editors of Dark Reading
β Kubernetes Flaw is a βHuge Deal,β Lays Open Cloud Deployments β
π Read
via "Threatpost | The first stop for security news".
Hackers can steal data, sabotage cloud deployments and more.π Read
via "Threatpost | The first stop for security news".
Threat Post
Kubernetes Flaw is a βHuge Deal,β Lays Open Cloud Deployments
Hackers can steal data, sabotage cloud deployments and more.
β Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign β
π Read
via "Threatpost | The first stop for security news".
Adobe issued a patch for the zero-day on Wednesday.π Read
via "Threatpost | The first stop for security news".
Threat Post
Adobe Flash Zero-Day Leveraged Via Office Docs in Campaign
Adobe issued a patch for the zero-day on Wednesday.
π΄ Windows 10 Security Questions Prove Easy for Attackers to Exploit π΄
π Read
via "Dark Reading: ".
π Read
via "Dark Reading: ".
Darkreading
Windows 10 Security Questions Prove Easy for Attackers to Exploit
New research shows how attackers can abuse security questions in Windows 10 to maintain domain privileges.
π΄ Republican Committee Email Hacked During Midterms π΄
π Read
via "Dark Reading: ".
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.π Read
via "Dark Reading: ".
Darkreading
Republican Committee Email Hacked During Midterms
The National Republican Congressional Committee detected the compromise of four staffers' email accounts in April.
π Symantec develops neural network to thwart cyberattack-induced blackouts π
π Read
via "Security on TechRepublic".
The company is rolling out a device that scans for malware on USB devices to block attacks on IoT and operational technology environments.π Read
via "Security on TechRepublic".
TechRepublic
Symantec develops neural network to thwart cyberattack-induced blackouts
The company is rolling out a device that scans for malware on USB devices to block attacks on IoT and operational technology environments.
π΄ Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy π΄
π Read
via "Dark Reading: ".
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.π Read
via "Dark Reading: ".
Dark Reading
Former Estonian Foreign Minister Urges Cooperation in Cyberattack Attribution, Policy
Nations must band together to face nation-state cyberattack threats, said Marina Kaljurand.
π΄ Google Cloud Security Command Center Now in Beta π΄
π Read
via "Dark Reading: ".
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.π Read
via "Dark Reading: ".
Dark Reading
Google Cloud Security Command Center Now in Beta
The beta release of Google Cloud SCC will include broader coverage across the cloud platform and more granular access controls, among other features.
ATENTIONβΌ New - CVE-2017-1622
π Read
via "National Vulnerability Database".
IBM QRadar SIEM 7.2.8 and 7.3 does not validate, or incorrectly validates, a certificate. This weakness might allow an attacker to spoof a trusted entity by using a man-in-the-middle (MITM) attack. IBM X-force ID: 133120.π Read
via "National Vulnerability Database".
β White House Facial Recognition Pilot Raises Privacy Alarms β
π Read
via "Threatpost | The first stop for security news".
The facial recognition pilot will identify βsubjects of interest" around the White House.π Read
via "Threatpost | The first stop for security news".
Threat Post
White House Facial Recognition Pilot Raises Privacy Alarms
The facial recognition pilot will identify βsubjects of interest" around the White House.
π΄ A Shift from Cybersecurity to Cyber Resilience: 6 Steps π΄
π Read
via "Dark Reading: ".
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.π Read
via "Dark Reading: ".
Darkreading
A Shift from Cybersecurity to Cyber Resilience: 6 Steps
Getting to cyber resilience means federal agencies must think differently about how they build and implement their systems. Here's where to begin.
π΄ Starwood Breach Reaction Focuses on 4-Year Dwell π΄
π Read
via "Dark Reading: ".
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.π Read
via "Dark Reading: ".
Darkreading
Starwood Breach Reaction Focuses on 4-Year Dwell
The unusually long dwell time in the Starwood breach has implications for both parent company Marriott International and the companies watching to learn from.
<b>🕳 TrustArc Engages with Singapore PDPC and Leading Privacy Think-Tank CIPL 🕳</b>
<code>Media</code><code>TrustArc proudly participated at events co-sponsored by the Singapore Personal Data Protection Commission (PDPC) and the global privacy and security think-tank, Centre for Information Policy Leadership (CIPL), on November 15-16 in Singapore. </code><code>On topics ranging from certifications and the Asia-Pacific Economic Cooperation (APEC), to regulatory sandboxes, to artificial intelligence, TrustArc was honored to be invited to engage in terrific conversations and workshops with global thought-leaders in the public and private sectors.</code><code>Darren Abernethy, TrustArc Senior Counsel, spoke on a panel entitled βThe Role of Certifications as Accountability and Compliance Tools.β This session focused on how certifications can serve accountability and compliance functions for organizations by facilitating achievement of a comprehensive privacy and data protection program; providing third party verification; offering oversight and dispute resolution; and, in some cases, supplying government backstop enforcement. There was also consensus that industry-recognized certifications are highly useful in the B2B vendor selection process for risk mitigation; act as a symbol of trust to the C-suite, consumers and partners; and are increasingly relevant in the mergers and acquisitions context.</code><code>Before the 200-plus audience members, special attention was given to the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems, as these certifications meet the above criteria and have taken on new significance for multi-national corporations and small and medium-sized enterprises (SME) alike, with the certification systemsβ recent and ongoing adoption in additional APEC member economies (including four of the top six U.S. trading partners), the extension to data processors through the PRP System, and the certification of SMEs. TRUSTe serves as the Accountability Agent for CBPR and PRP certifications in the U.S.</code><code>Media</code><code>Darren moderated a second panel entitled βThe Role of Certifications in Data Transfers and Global Interoperability.β This session focused on interoperabilityβwhich in addition to the possibility of mutual recognition, can also encompass scalably leveraging work done towards one certification or compliance framework in service of anotherβand began with an overview of different global data transfer mechanisms. The latter included discussion of EU binding corporate rules (BCRs), adequacy decisions, the up-to-the-minute status of GDPR certifications, codes of conduct, and the APEC CBPR/PRP Systems.</code><code>Discussion points on the panel included the heightened prevalence and significance of the APEC Privacy Framework in free trade agreements; the use of the BCR-CBPR βReferentialβ to interoperably achieve each transfer mechanism; how governments and regulators can incentivize certification participation; and examples of how regional transfer frameworks are expanding. A common view was that the APEC Systems have a foundational advantage over many others in that they offer an already-established infrastructure for enforceable, accountability-based mechanisms for intra- and inter-company cross-border transfers. </code><code>TrustArc also participated in a working session held in the Singapore offices of a leading technology company, wherein the diverse group of industry participants discussed the key features of the concept of a βregulatory sandbox.β This notion may be understood as a supervised safe space for piloting and testing innovative products, services, business models or delivery mechanisms in the real market, using the personal data of real individuals. The participants evaluated some of the hypothetical pros, cons and challenges of such an approach.</code><code>Lastly, TrustArc took part in an all-day interactive working sessionβ¦
<code>Media</code><code>TrustArc proudly participated at events co-sponsored by the Singapore Personal Data Protection Commission (PDPC) and the global privacy and security think-tank, Centre for Information Policy Leadership (CIPL), on November 15-16 in Singapore. </code><code>On topics ranging from certifications and the Asia-Pacific Economic Cooperation (APEC), to regulatory sandboxes, to artificial intelligence, TrustArc was honored to be invited to engage in terrific conversations and workshops with global thought-leaders in the public and private sectors.</code><code>Darren Abernethy, TrustArc Senior Counsel, spoke on a panel entitled βThe Role of Certifications as Accountability and Compliance Tools.β This session focused on how certifications can serve accountability and compliance functions for organizations by facilitating achievement of a comprehensive privacy and data protection program; providing third party verification; offering oversight and dispute resolution; and, in some cases, supplying government backstop enforcement. There was also consensus that industry-recognized certifications are highly useful in the B2B vendor selection process for risk mitigation; act as a symbol of trust to the C-suite, consumers and partners; and are increasingly relevant in the mergers and acquisitions context.</code><code>Before the 200-plus audience members, special attention was given to the APEC Cross Border Privacy Rules (CBPR) and Privacy Recognition for Processors (PRP) Systems, as these certifications meet the above criteria and have taken on new significance for multi-national corporations and small and medium-sized enterprises (SME) alike, with the certification systemsβ recent and ongoing adoption in additional APEC member economies (including four of the top six U.S. trading partners), the extension to data processors through the PRP System, and the certification of SMEs. TRUSTe serves as the Accountability Agent for CBPR and PRP certifications in the U.S.</code><code>Media</code><code>Darren moderated a second panel entitled βThe Role of Certifications in Data Transfers and Global Interoperability.β This session focused on interoperabilityβwhich in addition to the possibility of mutual recognition, can also encompass scalably leveraging work done towards one certification or compliance framework in service of anotherβand began with an overview of different global data transfer mechanisms. The latter included discussion of EU binding corporate rules (BCRs), adequacy decisions, the up-to-the-minute status of GDPR certifications, codes of conduct, and the APEC CBPR/PRP Systems.</code><code>Discussion points on the panel included the heightened prevalence and significance of the APEC Privacy Framework in free trade agreements; the use of the BCR-CBPR βReferentialβ to interoperably achieve each transfer mechanism; how governments and regulators can incentivize certification participation; and examples of how regional transfer frameworks are expanding. A common view was that the APEC Systems have a foundational advantage over many others in that they offer an already-established infrastructure for enforceable, accountability-based mechanisms for intra- and inter-company cross-border transfers. </code><code>TrustArc also participated in a working session held in the Singapore offices of a leading technology company, wherein the diverse group of industry participants discussed the key features of the concept of a βregulatory sandbox.β This notion may be understood as a supervised safe space for piloting and testing innovative products, services, business models or delivery mechanisms in the real market, using the personal data of real individuals. The participants evaluated some of the hypothetical pros, cons and challenges of such an approach.</code><code>Lastly, TrustArc took part in an all-day interactive working sessionβ¦
🕳 Benchmarking GDPR Privacy Operations β New IAPP / TrustArc research report reveals how companies are managing compliance 🕳
<code>Media</code><code>In partnership with the IAPP, TrustArc recently completed a Survey on Privacy Program Metrics, which looked to establish some baseline metrics by which privacy programs around the world can benchmark themselves. The survey contained 27 questions, including demographic questions, and a total of 496 people took the survey.</code><code>Media</code><code>Some sample questions we set out to answer with the survey were: How many business processes are organizations mapping? How many reports are they creating in order to comply with Article 30 of the EUβs General Data Protection Regulation? How many privacy or data protection impact assessments are necessary? How many incidents rise to the level of breach reporting? Are people being overwhelmed by subject access requests?</code><code>The largest group of respondents works in the U.S. (39 percent), followed by the European Union, excluding the U.K. (32 percent), the U.K. (12 percent), and Canada (8 percent). Respondents were evenly distributed throughout the range of company sizes, with organizations that employ 25,001 people or more representing 25 percent of survey respondents, followed next by organizations that employ 1-250 people (23 percent).</code><code>In this 4 part blog post series we will share highlights on the following key takeaways from the report:</code><code>Data inventory is becoming a standard privacy management practice</code><code>DPIAs are the most common type of privacy assessments</code><code>Individual rights / data subject access rights (DSAR) requests impacting most organizations</code><code>Data breach notification requirements impacting larger companies</code><code>Media</code><code>Key Takeaway #1: Data inventories are becoming a standard privacy management practice crucial to privacy compliance</code><code>One of the most important steps to design and build a data privacy program is to create an inventory of all of the business processes within a company. If a company does not know the type of data they collect and how itβs shared, processed and stored; or the data inflows and outflows, it is difficult t o know if they meet the requirements of the privacy frameworks that impact their business. It is also difficult to know where data resides in order to be able to efficiently respond to data subject access requests.</code><code>As privacy regulations become broader in scope, requiring companies to demonstrate how they reduce and manage risk, the importance of building and maintaining a data inventory is increasing. The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two examples of regulations which rely heavily on a comprehensive data inventory to support risk management, compliance reporting and responding to individual rights and data subject access rights requests.</code><code>Media</code><code>Our survey results showed that 83% of respondents have created a data inventory of their business processing activities, which is a significant increase from the 43% of respondents who reported engaging in routine inventory and mapping exercises two years ago. We also found that 20% of respondents are using specialized data inventory and mapping software, which is up from 10% two years ago.</code><code>TrustArc Data Flow Manager</code><code>Media</code><code>Data Flow Manager, part of the TrustArc Privacy Platform, is a dedicated privacy data mapping system which can help build and manage a data inventory, data flow maps, and compliance reporting such as GDPR Article 30.
</code><code>Data Flow Manager is based on the business process approach which TrustArc recommends based on extensive experience developing and building GDPR and CCPA compliance programs for companies of all sizes around the world.
</code><code>Data Flow Manager provides a three-stepβ¦
<code>Media</code><code>In partnership with the IAPP, TrustArc recently completed a Survey on Privacy Program Metrics, which looked to establish some baseline metrics by which privacy programs around the world can benchmark themselves. The survey contained 27 questions, including demographic questions, and a total of 496 people took the survey.</code><code>Media</code><code>Some sample questions we set out to answer with the survey were: How many business processes are organizations mapping? How many reports are they creating in order to comply with Article 30 of the EUβs General Data Protection Regulation? How many privacy or data protection impact assessments are necessary? How many incidents rise to the level of breach reporting? Are people being overwhelmed by subject access requests?</code><code>The largest group of respondents works in the U.S. (39 percent), followed by the European Union, excluding the U.K. (32 percent), the U.K. (12 percent), and Canada (8 percent). Respondents were evenly distributed throughout the range of company sizes, with organizations that employ 25,001 people or more representing 25 percent of survey respondents, followed next by organizations that employ 1-250 people (23 percent).</code><code>In this 4 part blog post series we will share highlights on the following key takeaways from the report:</code><code>Data inventory is becoming a standard privacy management practice</code><code>DPIAs are the most common type of privacy assessments</code><code>Individual rights / data subject access rights (DSAR) requests impacting most organizations</code><code>Data breach notification requirements impacting larger companies</code><code>Media</code><code>Key Takeaway #1: Data inventories are becoming a standard privacy management practice crucial to privacy compliance</code><code>One of the most important steps to design and build a data privacy program is to create an inventory of all of the business processes within a company. If a company does not know the type of data they collect and how itβs shared, processed and stored; or the data inflows and outflows, it is difficult t o know if they meet the requirements of the privacy frameworks that impact their business. It is also difficult to know where data resides in order to be able to efficiently respond to data subject access requests.</code><code>As privacy regulations become broader in scope, requiring companies to demonstrate how they reduce and manage risk, the importance of building and maintaining a data inventory is increasing. The EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) are two examples of regulations which rely heavily on a comprehensive data inventory to support risk management, compliance reporting and responding to individual rights and data subject access rights requests.</code><code>Media</code><code>Our survey results showed that 83% of respondents have created a data inventory of their business processing activities, which is a significant increase from the 43% of respondents who reported engaging in routine inventory and mapping exercises two years ago. We also found that 20% of respondents are using specialized data inventory and mapping software, which is up from 10% two years ago.</code><code>TrustArc Data Flow Manager</code><code>Media</code><code>Data Flow Manager, part of the TrustArc Privacy Platform, is a dedicated privacy data mapping system which can help build and manage a data inventory, data flow maps, and compliance reporting such as GDPR Article 30.
</code><code>Data Flow Manager is based on the business process approach which TrustArc recommends based on extensive experience developing and building GDPR and CCPA compliance programs for companies of all sizes around the world.
</code><code>Data Flow Manager provides a three-stepβ¦
π΄ Symantec Intros USB Scanning Tool for ICS Operators π΄
π Read
via "Dark Reading: ".
ICSP Neural is designed to address USB-borne malware threats security.π Read
via "Dark Reading: ".
Darkreading
Symantec Intros USB Scanning Tool for ICS Operators
ICSP Neural is designed to address USB-borne malware threats.
π Only 29% of EU organizations are GDPR compliant π
π Read
via "Security on TechRepublic".
Despite the May 2018 deadline, most companies have not implemented all necessary GDPR changes, according to an IT Governance report.π Read
via "Security on TechRepublic".
TechRepublic
Only 29% of EU organizations are GDPR compliant
Despite the May 2018 deadline, most companies have not implemented all necessary GDPR changes, according to an IT Governance report.