There are fundamental challenges in how enterprises secure SOC data, and they start with: How do you grant access to the right people and deny it to the wrong people? Carolyn Duby of Cloudera opens up on how to address data governance, privacy and security concerns.
Often traditional compliance processes in place in the organisation cannot scale up to growing requirements and complexities. As a result, too much time is wasted on after-the-fact mitigation on audit findings. In a fast-paced environment, organisations would like to break free from reactive and manual solutions and...
Where were you on May 25, 2018? That was the day the EU's General Data Protection Regulation went into full effect. Three years later, some legal and privacy experts say that while the global privacy discussion and expectations have evolved, GDPR still has some growing up to do.
It's not just traditional data governance – it's about business risk. And in the age of GDPR and CCPA, you’d best have a handle on data discovery and classification. Patrick Benoit of CBRE gives the BISO's perspective on data risk governance.
Ireland's privacy regulator has launched an investigation into Facebook after personal information for 533 million of the social network's users appeared for sale online. It will analyze whether Facebook violated the country's data protection law or the EU's General Data Protection Regulation.
Criminals love to amass and sell vast quantities of user data, but not all data leaks necessarily pose a risk to users. Even so, the ease with which would-be attackers can amass user data is a reminder to organizations to lock down inappropriate access as much as possible.
How much does it cost to recover from a ransomware attack? For the Scottish Environment Protection Agency, which was hit by the Conti ransomware-wielding gang on Christmas Eve, reported cleanup costs have reached $1.1 million. SEPA is still restoring systems and has refused to pay any ransom.
This paper will lay out key steps to help organisations sensibly adopt a better data protection posture and with it, build a firm foundation towards onward compliance. The key principles of Classification by Design will be introduced as a logical, yet robust start point. We summarize with the overarching takeaway that...
U.S. Rep. Suzan DelBene, D-Wash, has reintroduced a bill that would create a national-wide data privacy standard that in its latest incarnation makes an attempt to placate Republicans. The bill, if passed, would replace a patchwork of current state laws.
Since the EU's enactment of General Data Privacy Regulation (GDPR) in 2018, the stage has been set for more regulations worldwide, as legislators seek to protect the private data of their constituents. Third-party vendors are cost efficient and help organizations' productivity, but they also present risk. It is...
Privacy watchdogs in Europe have imposed fines totaling more than $330 million since the EU's General Data Protection Regulation went into full effect in May 2018, according to law firm DLA Piper. Over the past year, regulators received 121,000 data breach notifications, up 19% from the year before.
This edition of the ISMG Security Report features an analysis of the very latest information about the SolarWinds hack. Also featured are discussions of "zero trust" for the hybrid cloud environment and data privacy regulatory trends.
More than two years after Europe's tough new General Data Protection Regulation came into full effect, EU privacy watchdogs are finding more consensus, and consumers have been benefiting, experts say. But how regulators apply sanctions, in particular, remains a work in progress.
Security and risk management leaders experience increased demand for ITRM solutions originating from cybersecurity initiatives, board risk oversight and digital compliance obligations. Use this research to evaluate the opportunities and challenges in automating IT risk decision making.
France's privacy regulator has hit retail giant Carrefour with a $3.7 million fine for violating privacy laws, including GDPR. It's accused of failing to make privacy policies easy to understand, placing advertising cookies without consent and retaining customer data for unreasonable periods of time.