Tag: regulation
-
What is zero trust? The security model for a distributed and risky era
Tags: access, ai, authentication, best-practice, breach, business, ceo, cloud, compliance, computer, computing, control, corporate, credentials, cyberattack, data, detection, framework, government, guide, identity, infrastructure, intelligence, jobs, login, monitoring, network, nist, office, password, ransomware, regulation, risk, saas, service, technology, threat, tool, vpn, zero-trustHow zero trust works: To visualize how zero trust works, consider a simple case: a user accessing a shared web application. Under traditional security rules, if a user was on a corporate network, either because they were in the office or connected via a VPN, they could simply click the application and access it; because…
-
The Future of Auditing: What to Look for in 2025
The 2025 audit landscape is shaped by new regulations and changes in enforcement of existing regulations. In the United States, both changes to longstanding administrative law and the Public Company Accounting Oversight Board (PCAOB) will shape regulations. Despite Federal changes, new regulations like California’s new climate reporting laws will require companies to undergo audits for……
-
UK Delays Plans for AI Regulation
Some Lawmakers Fear Regulation Could Stymie Innovation. The British Labour Government has reportedly delayed plans to put forward a draft bill on artificial intelligence over concerns that binding AI regulation could stifle the country’s AI growth potential. A spokesperson said the government remains committed to bringing forward a legislation. First seen on govinfosecurity.com Jump to…
-
New EU Sanctions Blacklist Russian and North Korean Cyber Operatives
The Council of the European Union took decisive action to impose a new set of sanctions on Russia, with the aim of addressing threat to Ukraine’s sovereignty. The sanctions were codified in Council Implementing Regulation (EU) 2025/389, which represents a new update to the Regulation (EU) No 269/2014. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/council-of-the-european-union-sanction-russia/
-
Cybersecurity Weekly Update 24 February 2025
Tags: access, ai, apple, attack, cyber, cyberattack, cybersecurity, data, email, encryption, finance, government, office, privacy, regulation, risk, service, theft, updateWelcome to this week’s edition of our cybersecurity news roundup, bringing you the latest developments and insights from the UK and beyond. Home Office Contractor’s Data Collection Sparks Privacy Concerns The Home Office faces scrutiny after revelations that its contractor, Equifax, collected data on British citizens while conducting financial checks on migrants applying for fee…
-
Watchdog approves Sellafield physical security, but warns about cyber
The Office for Nuclear Regulation has taken Sellafield out of special measures for physical security, but harbours cyber security concerns First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366619402/Watchdog-approves-Sellafield-physical-security-but-warns-about-cyber
-
What is SIEM? Improving security posture through event log data
Tags: access, ai, api, automation, ciso, cloud, compliance, data, defense, detection, edr, endpoint, firewall, fortinet, gartner, google, guide, ibm, infrastructure, intelligence, kubernetes, LLM, microsoft, mitigation, mobile, monitoring, network, openai, regulation, risk, router, security-incident, service, siem, soar, soc, software, threat, toolAt its core, a SIEM is designed to parse and analyze various log files, including firewalls, servers, routers and so forth. This means that SIEMs can become the central “nerve center” of a security operations center, driving other monitoring functions to resolve the various daily alerts.Added to this data are various threat intelligence feeds that…
-
Why Some States Are Beefing Up Their Health Cyber Regs
States will increasingly be stepping up to fill gaps in the healthcare sector with new cyber legislation and requirements as the Trump administration promises to roll back regulations, predicts attorney Amy Magnano of the law firm Morgan Lewis’ healthcare practice. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/some-states-are-beefing-up-their-health-cyber-regs-i-5446
-
CISO success story: How LA County trains (and retrains) workers to fight phishing
Tags: ai, awareness, breach, business, chatgpt, cio, ciso, cloud, compliance, computing, control, corporate, cybersecurity, data, dos, election, email, endpoint, government, hacker, healthcare, incident response, jobs, law, lessons-learned, malicious, marketplace, network, phishing, privacy, regulation, risk, risk-management, service, software, strategy, supply-chain, tactics, technology, threat, tool, training, vulnerability(The following interview has been edited for clarity and length.)At first glance, LA County’s reporting structure who reports to whom seems, well, fairly complex.We have a federated model: I report to the county CIO. Each department acts as an independent business and has its own department CIO and information security officer. Their job is to…
-
AI Action Summit and Regulatory Concerns That Won’t Go Away
Forrester’s Thomas Husson on Reactions to DeepSeek, Fears of Overregulation. The AI Action Summit this week came on the heels of the DeepSeek-R1 launch by Chinese AI company, as well as recent enforcement actions of the EU AI Act. A number of leaders from both inside and outside of Europe criticized the EU law, fearing…
-
Aggressive deregulation creates risky business environment
Through DOGE, President Donald Trump is cutting work and funding to federal agencies to overhaul business rules and regulations in the U.S. First seen on techtarget.com Jump to article: www.techtarget.com/searchcio/news/366619263/Aggressive-deregulation-creates-risky-business-environment
-
Energy Regulations Are Rising: Stay Ahead with Modern DCIM
As data centers continue to serve as the backbone of the digital economy, they face an escalating challenge: the tightening grip of global energy consumption regulations. Governments and regulatory bodies worldwide are implementing stricter policies to curb carbon footprints, optimize energy use, and enforce sustainability commitments. In this evolving landscape, modern Data Center Infrastructure Management…
-
Beyond the paycheck: What cybersecurity professionals really want
Tags: business, ceo, corporate, cyber, cybersecurity, data, india, jobs, regulation, risk, risk-management, service, skills, strategy, trainingInvest in skills and allow room for growth: Upskilling also remains a powerful retention tool. As Huber points out, Tenable invests in training entire teams on emerging technologies and capabilities, ensuring that employees feel equipped and valued.Similarly, KPMG has implemented targeted programs to support diversity and career progression within cybersecurity. The firm’s Cyber Women Leads…
-
US VP Vance Calls for Less Regulation at AI Action Summit
Europe Must View AI With ‘Optimism Rather Than Trepidation,’ He Tells Paris Crowd. Europe must view developments in artificial intelligence with optimism, rather than trepidation, U.S. Vice President JD Vance told EU leaders during the AI Action Summit. He said the EU’s tendency to overregulate technology is costing American businesses billions of dollars. First seen…
-
Privacy Roundup: Week 6 of Year 2025
Tags: access, ai, api, apple, backdoor, breach, browser, cctv, chrome, control, credit-card, cybersecurity, data, data-breach, encryption, exploit, firmware, framework, germany, government, group, leak, malware, monitoring, phishing, privacy, regulation, risk, router, scam, service, software, spy, technology, threat, tool, update, vpn, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 2 FEB 2025 – 8 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Fortifying cyber security: What does secure look like in 2025?
Tags: access, ai, attack, authentication, business, compliance, cyber, cybercrime, cybersecurity, deep-fake, exploit, finance, Hardware, intelligence, least-privilege, malware, mfa, nis-2, phishing, regulation, resilience, risk, risk-management, scam, software, threat, training, update, vulnerability, zero-trustThe evolving cybersecurity landscape has increased security pressures for IT leaders. With the World Economic Forum estimating, the global cost of cybercrime is projected to reach $10.5trillion annually in 2025, the situation is only escalating[1]. The rise of new technologies, such as Artificial Intelligence (AI), and the complexities introduced by flexible working have made IT…
-
CIOs and CISOs grapple with DORA: Key challenges, compliance complexities
Tags: access, automation, banking, business, cio, ciso, communications, compliance, control, country, cyber, cybersecurity, data, dora, finance, framework, GDPR, governance, jobs, law, monitoring, network, nis-2, penetration-testing, privacy, regulation, resilience, risk, risk-management, service, skills, supply-chain, technology, threat, tool, training, vulnerabilityIn force since January, the Digital Operational Resilience Act (DORA) has required considerable effort from CIOs and CISOs at 20 types of financial entities to achieve compliance. For many, the journey is not complete.”In the past months, financial entities targeted by DORA have been busy internally defining roles and responsibilities related to ICT security, identifying…
-
Basket of Bank Trojans Defraud Citizens of East India
Cheap banking scams are often easier to pull off in a country with older devices, fewer regulations, and experienced fraudsters. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/bank-trojans-defraud-citizens-east-india
-
21% of CISOs pressured to not report compliance issues
Tags: awareness, breach, business, ceo, ciso, compliance, control, corporate, cybersecurity, data, dora, finance, framework, governance, incident response, infrastructure, insurance, law, nis-2, regulation, resilience, risk, security-incident, trainingCISOs are increasingly getting caught between business pressures and regulatory obligations, leaving them struggling to balance corporate loyalty and legal accountability.To wit: One in five (21%) security leaders have been pressured by other executives or board members not to report compliance issues at their companies, according to a recent study by security vendor Splunk.The same…
-
Cybersecurity, government experts are aghast at security failures in DOGE takeover
Elon Musk’s takeover of key systems across the federal government is ignoring decades of laws, regulations and procedures, experts told CyberScoop. First seen on cyberscoop.com Jump to article: cyberscoop.com/musk-doge-opm-treasury-breach/
-
DEF CON 32 Navigating the Turbulent Skies of Aviation Cyber Regulation
Authors/Presenters: M. Weigand, S. Wagner Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/02/def-con-32-navigating-the-turbulent-skies-of-aviation-cyber-regulation/
-
5 ways boards can improve their cybersecurity governance
Tags: attack, breach, business, ciso, cloud, cyber, cybersecurity, data, election, endpoint, finance, gartner, governance, government, group, identity, incident, india, infrastructure, jobs, middle-east, network, ransomware, regulation, risk, skills, technology, threat, trainingAs chairman of the board for Cinturion Group, Richard Marshall is intimately involved in ensuring the security of the fiber optic network his company is constructing from India through the Middle East and on to Europe.The monumental Trans Europe Asia System (TEAS) will be difficult enough to build given it will be buried beneath thousands…
-
US takes aim at healthcare cybersecurity with proposed HIPAA changes
Tags: access, authentication, best-practice, breach, compliance, control, csf, cyber, cyberattack, cybersecurity, data, defense, detection, dora, encryption, finance, framework, government, group, healthcare, HIPAA, incident response, infrastructure, insurance, intelligence, jobs, law, malware, mfa, network, nist, penetration-testing, phishing, privacy, ransom, ransomware, regulation, resilience, risk, security-incident, service, skills, technology, threat, tool, update, usa, vulnerability, vulnerability-managementThe US Department of Health and Human Services (HHS) has launched a consultation on stricter rules for the safeguarding of electronic health records.The proposed revamp of security rules covered by the Health Insurance Portability and Accountability Act (HIPAA) is designed to address the increased risk from cyberattacks such as ransomware against healthcare environments.The revamped rules…
-
Privacy Roundup: Week 4 of Year 2025
Tags: access, ai, apt, attack, backup, botnet, breach, cctv, cve, cybersecurity, data, data-breach, detection, email, exploit, firmware, flaw, google, group, identity, infrastructure, korea, lazarus, leak, login, malicious, malware, north-korea, phishing, phone, privacy, regulation, remote-code-execution, risk, router, scam, service, software, startup, technology, threat, tool, update, virus, vulnerability, windowsThis is a news item roundup of privacy or privacy-related news items for 19 JAN 2025 – 25 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
-
Cyber Insights 2025: Cybersecurity Regulatory Mayhem
Cybersecurity regulations are facing a tipping point. There are too many and they are too complex to manage and it’s getting worse. The post Cyber Insights 2025: Cybersecurity Regulatory Mayhem appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/cyber-insights-2025-cybersecurity-regulatory-mayhem/
-
Data Privacy Day 2025: A Chance to Take Control of Your Data
Tags: access, ai, awareness, business, cloud, compliance, control, country, data, encryption, governance, law, password, privacy, regulation, service, software, strategy, technology, toolData Privacy Day 2025: A Chance to Take Control of Your Data madhav Mon, 01/27/2025 – 09:19 Trust is the cornerstone of every successful relationship between businesses and their customers. On this Data Privacy Day, we reflect on the pivotal role trust plays in the digital age. It’s earned not just through excellent products or…
-
âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 January]
Welcome to your weekly cybersecurity scoop! Ever thought about how the same AI meant to protect our hospitals could also compromise them? This week, we’re breaking down the sophisticated world of AI-driven threats, key updates in regulations, and some urgent vulnerabilities in healthcare tech that need our attention.As we unpack these complex topics, we’ll equip…
-
Box-Checking or Behavior-Changing? Training That Matters
Exploring New Ways to Deliver and Measure Cybersecurity Awareness Programs Regulations like GDPR, HIPAA and CMMC have made security awareness training a staple of corporate security programs. But compliance is only part of the story. Organizations face an even deeper challenge: influencing employee behavior in ways that create a truly secure workplace. First seen on…