compliance

VISO TRUST Secures $24M to Accelerate Innovation in AI-Powered Third-Party Risk Management

by

November 21, 2024 at 05:14PM VISO TRUST announced $7M in funding, totaling $24M, to enhance its AI-powered third-party risk management platform. This investment, from existing and new investors, will accelerate innovation, enabling faster vendor assessments and improved security intelligence, helping organizations manage cyber risks efficiently in a complex digital landscape. ### Meeting Takeaways from VISO … Read more

Navigating third-party risks

by

November 19, 2024 at 09:42AM SailPoint is hosting a webinar on December 3rd at 11 AM ET, focusing on managing third-party risks to enhance security and compliance. Key topics include identifying vulnerabilities, effective access controls, and fostering a culture of compliance. Attendees will receive actionable insights to improve defenses against external threats. ### Meeting Takeaways … Read more

Beyond Compliance: The Advantage of Year-Round Network Pen Testing

by

November 18, 2024 at 06:03AM IT leaders are urged to conduct more frequent network penetration testing to stay ahead of hackers, as compliance-focused approaches are insufficient. Automated testing solutions like vPenTest can reduce costs by over 60%, allowing companies to perform assessments quickly, maintain security year-round, and meet regulatory and insurance requirements efficiently. ### Meeting … Read more

NatWest blocks bevy of apps in clampdown on unmonitorable comms

by

November 14, 2024 at 06:02AM NatWest Group has officially banned several messaging apps, including WhatsApp, Telegram, and Signal, on company devices to enhance oversight and protect against regulatory issues. The policy, effective November 6, aims to prevent unrecorded communications. Approved methods include Microsoft Teams and Outlook, aligning with industry practices following regulatory scrutiny. **Meeting Takeaways: … Read more

Managing third-party risks in complex IT environments

by

November 12, 2024 at 10:14AM Join the webinar on December 3rd at 11 AM ET with Steve Toole from SailPoint, discussing risks of third-party access to systems and data. Learn about identifying risks, mitigation strategies, and fostering a security-first culture. Ideal for IT managers and security professionals. Register to enhance third-party risk management practices. **Meeting … Read more

The Power of the Purse: How to Ensure Security by Design

by

November 12, 2024 at 10:03AM The CISA’s Secure by Design pledge, aimed at improving cybersecurity in software companies, is voluntary and lacks regulatory enforcement, raising concerns about its effectiveness. With rising data breaches, a more aggressive governmental approach, including mandatory compliance measures similar to the EU’s standardization efforts, is necessary to ensure robust cybersecurity. ### … Read more

The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses

by

November 8, 2024 at 06:45AM The rising demand for cybersecurity has led to increased interest in virtual Chief Information Security Officer (vCISO) services among small and medium-sized businesses (SMBs). The vCISO Academy was created to provide training and resources for Managed Service Providers (MSPs) and Managed Security Service Providers (MSSPs) to offer effective vCISO services. … Read more

Embarking on a Compliance Journey? Here’s How Intruder Can Help

by

October 30, 2024 at 07:54AM Intruder simplifies compliance with frameworks like ISO 27001, SOC 2, and GDPR through continuous vulnerability scanning, automated reporting, and active system monitoring. By providing comprehensive protection and audit-ready reports, Intruder aids organizations in meeting security requirements efficiently, making the compliance journey less daunting and more manageable. ### Meeting Takeaways – … Read more

LinkedIn Hit With $335M Fine for Data Privacy Violations

by

October 25, 2024 at 05:31PM On October 24, LinkedIn was fined €310 million by EU regulators for violating GDPR data privacy rules. The Data Protection Commission found LinkedIn unlawfully processed user data for targeted advertising. Despite asserting compliance, LinkedIn will work to align its practices with regulations following this reprimand and order for compliance. ### … Read more

SEC Fines Companies Millions for Downplaying SolarWinds Breach

by

October 25, 2024 at 05:09PM The SEC has charged four companies for inadequate disclosures related to the 2020 SolarWinds breach. Unisys faced the largest penalty of $4 million. The SEC aims to deter vague breach disclosures and stresses the importance of precise communication to avoid future legal ramifications, urging closer collaboration between CISOs and legal … Read more