With Alabama and South Dakota recently becoming the last two states to adopt breach notification laws, notification processes become more complicated, says privacy attorney Adam Greene, who offers an in-depth analysis.
FireEye has noticed an emerging trend: Breach investigations are increasingly prompting audits intended to ensure publicly traded companies are compliant with Sarbanes-Oxley. IT has changed dramatically since SOX became effective 16 years ago. Here's what to keep in mind.
Facebook CEO Mark Zuckerberg says the social networking company is already complying with parts of Europe's GDPR privacy legislation, but it won't comply with all of its requirements worldwide. Zuckerberg's comments are likely to rile critics following the uproar around voter-profiling firm Cambridge Analytica.
CISOs increasingly are summoned to present to their Boards of Directors. But too often these presentations fail to frame the right topics with the right metrics, says Jacob Olcott of BitSight. He offers advice for maximizing the opportunity in front of the Board.
Leading the latest edition of the ISMG Security Report: Ransomware hits the city of Atlanta, Baltimore's 911 system as well as aviation giant Boeing. Plus, WikiLeaks and its Julian Assange get taken for a ride by Russian intelligence.
The intensive discussion between the Supreme Court and the CEO of UIDAI on recent Aadhaar-related data leaks could result in the court recommending that the Ministry of Law and Justice make amendments to the Aadhaar Act and direct the UIDAI to build a far more robust security framework.
Security experts analyze the potential impact of recently announced changes to the PCI Security Standards Council's Qualified Integrators and Resellers Program that are designed to help smaller merchants prevent breaches.
Facebook CEO Mark Zuckerberg broke five days of silence as pressure intensifies on Facebook to account for a data leak to a voter-profiling firm that worked for the Trump campaign. In a lengthy blog post, Zuckerberg has pledged to make changes to better protect personal data. But is it too late?
A new standard from the PCI Data Security Standards Council could help ease the way for smaller merchants worldwide, especially in developing nations, to move to cashless payments using a variety of devices, says Troy Leach, CTO for the council, who spoke last week at a conference in South Africa.
The unfolding story of Cambridge Analytica, which shows how personal information on millions of consumers was obtained via Facebook, demonstrates the degree to which our personal data can be weaponized against us.
Equifax has a new problem in Australia, a country that was left unscathed by the credit bureau's devastating data breach. The Australian Competition and Consumer Commission alleges the credit bureau deceived vulnerable consumers by misrepresenting its products and charging for services that should have been free.
The PCI Security Standards Council is offering 40 percent lower fees for participating organizations in nations with lower-income economies. "We want to encourage countries in Africa and South Asia to get engaged with us," Jeremy King, international director at PCI SSC, tells ISMG in an exclusive interview.
If you browsed the latest security headlines, you'd probably think the majority of data breaches were related to hackers, political activists, malware or phishing. While the latter two hint at it, the truth is that nearly half of all data breaches can be traced back to insiders in some capacity.
Those concerned about the security of India's Aadhaar biometric ID are pleased that the Supreme Court has ruled that linking Aadhaar numbers to bank accounts, payment cards and mobile phones cannot be mandatory until security issues are adequately addressed.