Risk & Compliance News.

Apr 13th, 2021 - Salesforce is a feature-rich SaaS platform designed for custom development and user modification. Its business power is driven by the ease of customization from both AppExchange downloads and its massive developer ecosystem. However, when Salesforce is modified to streamline data access and boost business productivity, the application’s attack surface naturally grows, which increases the risk of data breach and violates the application’s default compliance status. While this is true for ... [Read More]

Apr 13th, 2021 - Risk and compliance startup LogicGate has confirmed a data breach. But unless you’re a customer, you probably didn’t hear about it. An email sent by LogicGate to customers earlier this month said on February 23 an unauthorized third party obtained credentials to its Amazon Web Services-hosted cloud storage servers storing customer backup files for its flagship platform Risk Cloud, which helps companies to identify and manage their risk and compliance with data protection and security ... [Read More]

Apr 13th, 2021 - The adoption of security orchestration, automation and response (SOAR) platforms has grown significantly in recent years. Countless end-user and service provider security operations teams are leveraging SOAR to address the most common security operations challenges – too many disparate technologies, alert overload, limited staff and manual processes. Free Download: The Gartner Market Guide for SOAR Solutions Naturally, SOAR platforms have matured and evolved over time. With over a dozen SOAR ... [Read More]

Apr 13th, 2021 - Your first notification of your next breach or significant threat might come from outside your organization. Have these preparations in place to effectively and quickly respond to inbound security intelligence. Organizations—especially large companies—often don't learn about an intrusion or breach of their systems until an external party like a security researcher, law enforcement agency or business partner alerts them to it. The expanding range of attack methods, the growing use of ... [Read More]

Apr 13th, 2021 - The public cloud has introduced a profound paradigm shift in how enterprise organizations operate their technology environments. Periodic audits no longer work and continuous audits are the way of the present and future. The adoption of Cloud Service Providers (CSP) such as AWS, Azure, and Google Cloud (GCP) is accelerating and introducing a whole new set of risks. Now there are tens of thousands of compute pieces and an explosion of non-person identities with which to contend. Identities are ... [Read More]

Apr 12th, 2021 - In recognition of National Supply Chain Integrity Month, the Cybersecurity and Infrastructure Security Agency (CISA) is partnering with the Office of the Director of National Intelligence (ODNI), the Department of Defense, and other government and industry partners to promote a call to action for a unified effort by organizations across the country to strengthen global supply chains. Information and communications technology (ICT) systems underpin a broad range of critical infrastructure ... [Read More]

Apr 11th, 2021 - nsuring data security becomes harder every day. Firstly, sensitive data is often spread across on-premises and cloud-based storage locations, which makes it more difficult to maintain security controls. Secondly, the volume of data, including sensitive information, continues to grow, which means that more data requires protection. Finally, cybercriminals get more innovative all the time. As a result, securing data in compliance with increasingly complex regulations is a challenge. By Ilia ... [Read More]

Apr 9th, 2021 - The latest GAO audit of HHS’ information security program against FISMA standards found multiple flaws, including failure to implement continuous monitoring in select operating divisions. April 09, 2021 - An evaluation of the Department of Health and Human Services against Federal Information Security Modernization Act of 2014 (FISMA) principles found the agency’s information security program "not effective," due to several maturity deficiencies, according to the Government Accountability ... [Read More]

Apr 9th, 2021 - The World Economic Forum ranked cybercrime among the top seven risks of highest concern to organizations in its Global Risks Report 2020. While there is still a broad spectrum for cyber attacks—ranging from the simple and mundane, to more sophisticated advanced persistent threats, to complex nation state attacks, attackers continue to raise the bar in terms of techniques and exploits. The COVID-19 pandemic and quarantine efforts around the globe provided even greater opportunity for attackers ... [Read More]

Apr 8th, 2021 - EC-Council and CISO MAG recently organized a webinar titled, “Improving Risk Posture with Automation and AI Monitoring,” with Christoper Smith, GRC Consultant for OneTrust GRC IT security, cybersecurity, privacy, and data management are ranked as top challenges for the board of directors, corporates, oversight authorities, and IT audit functions. The digital transformation has greatly impacted the way businesses track, measure, and analyze risk across domains. To delve deeper into the ... [Read More]