Key regulatory standards – including PCI-DSS, HIPAA, Sarbanes-Oxley and others – share common requirements when it comes to securing privileged identities
There are a number of significant changes in PCI-DSS 3.2. We’ll just take a look at the new aspects that directly affect security controls. Here are the highlights of those new requirements.
It's great that organizations are thinking about compliance. However, we need more emphasis on security. A security product will fail if it's not implemented and maintained correctly. So every penny and minute that goes into choosing and maintaining the right product is worth it.
There are serious issues with treating IT security as a set of policies. They can all be captured in one thought – security is a battle, not a concept.
The notion of the CEO being involved in cyber security is essential. Often the implications and remedies to IT security issues cut across every aspect of an organization’s operations.
According to the survey, 87% of IT professionals believe large financial hacks are happening more often than reported - and right under the watchful eyes of security auditors.
69 percent of respondents said they’re not using their IT security products to their full potential. Among this group, 71 percent believe this is putting their company, and possibly customers and partners, at risk.
As we look back on the cyber attacks of the past year, one of the recurring themes was that there was no way the hacked companies could have expected or prevented the attacks that hit them. In legal parlance, the concept of reasonably unexpected and unstoppable events that disrupt a business and its contracts is called force majeure. With that position, many of the hacked companies, prior to being attacked, purchased cyber security insurance and then proceeded to cut investment in IT security.