With application GRC more critical than ever in today's dynamic, dispersed environment, what are the critical capabilities needed in a solution? Keri Bowman of Saviynt offers six recommendations, including risk reporting and out-of-the-box rule sets and compliance management.
The attack earlier this year that compromised systems and data at LastPass is more extensive than the password management software provider previously revealed. LastPass says the attacker downloaded from the cloud backups of multiple users' encrypted password vaults, as well as unencrypted URLs.
A salute to the career of Johnson & Johnson CISO Marene Allison leads this week's Information Security Media Group Editors' Panel, which also reviews essentials for implementing a zero trust strategy and the use of banking standards to regulate blockchain-based digital assets.
The planned merging of two health data exchange standards organizations - DirectTrust and the Electronic Healthcare Network Accreditation Commission - will help support healthcare sector efforts to advance secure health data exchange, says Scott Stuewe, CEO of DirectTrust.
A surging Elastic has joined perennial stalwarts Splunk and Microsoft atop the Forrester Wave: Security Analytics 2022 report, toppling SIEM players Exabeam, Securonix and IBM. Elastic went from not even being mentioned in the December 2020 security analytics Forrester Wave to leading the industry.
A federal judge has denied granting a preliminary injunction against Meta to stop the firm's Pixel tracking code in healthcare websites from collecting and disseminating patient information for advertising. But the judge says he could change his mind as more details about patient privacy emerge.
The French data protection authority fined Microsoft Ireland 60 million euros for privacy and security practices relating to a Bing search engine advertising cookie. The company has three months to get the consent of the French users before further deployment of the cookie.
Cloud email security: It involves new strategies and tools to defend against a new wave of attacks. Arun Singh of Abnormal Security discusses the latest flavor of email attacks and the new Knowledge Bases created to help enterprises increase their education and defensive capabilities.
Unifying decision-making about privacy, security, ethics and governance poses a huge challenge from a regulatory and operational perspective, says OneTrust CEO Kabir Barday. OneTrust has created a network of 900 lawyers across 300 jurisdictions that feed intelligence into the company's platform.
Identity and access management company Okta revealed that its private GitHub repositories were accessed earlier in the month, resulting in the theft of its source code in its Workforce Identity Cloud code repositories. "No customer data was impacted," Okta says.
In a surprise move, Britain's Information Commissioner's Office recently named names - lots of names - on the data breach front. The ICO has published detailed information about breaches of personal data, complaints and the civil investigations. Attorney Edward Machin explains the implications.
As the U.S. government's probe of bankrupted cryptocurrency exchange FTX continues, two executives have pleaded guilty to multiple charges, while founder Sam Bankman-Fried waived his extradition rights in the Bahamas and was transferred by the FBI to New York, where he appeared before a judge.
Stop the presses: Britain's Guardian Media Group has been hit by a "serious IT incident," believed to be ransomware, that appears to have encrypted numerous systems. Experts say ransomware groups love to strike over the holidays, adding pressure on victims to pay a ransom quickly and quietly.
The latest edition of the ISMG Security Report discusses why it is always a bad idea for organizations to pay hackers for data deletion, practical steps organizations can and should take to avoid being at the heart of a data subject complaint, and the latest efforts to tackle the ransomware threat.
A resurrected proposal to enhance medical device security is nestled within the 4,155-page, $1.7 trillion omnibus spending bill that the Senate passed Thursday and sent to the House for approval. Medical device makers would be required to meet cybersecurity standards and disclose vulnerabilities.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.