Compliance is a key part of any organisation and in business terms, it is about ensuring companies of all sizes and their employees comply with existing national and international laws. In the UK the Companies Act 2006 is the main legislation that forms the primary source of company law and businesses of all sizes must ensure […]… Read More
The post Building a Strong Business Case for Security and Compliance appeared first on The State of Security.
It is often stated that security is hard. Whether it is the people, processes, and technology, or any combination of the three, security is a never ending challenge. Conversely, compliance is the opposite. Compliance is relatively straightforward. For too long, and for too many organisations, meeting a compliance standard was seen as a satisfactory way […]… Read More
The post Compliance does not equal security: 7 cybersecurity experts share their insights appeared first on The State of Security.
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks. We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed […]… Read More
The post PCI DSS 4.0 and ISO 27001 – the dynamic duo appeared first on The State of Security.
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must […]… Read More
The post PCI DSS 4.0 is Here: What you Need to Consider appeared first on The State of Security.
Compliance should be an essential part of business operations, regardless of industry. Taking preventative measures to manage compliance and mitigate risk can feel like a hassle upfront, but it can save your organisation huge costs in the long run. Compliance violations can result in fines, penalties, lawsuits, loss of reputation, and more. However, your efforts […]… Read More
The post Top Tips for Moving from Compliance to Cybersecurity Excellence appeared first on The State of Security.
A recent survey conducted by IBM and Censuswide of the UK market explored some of the drivers for modernisation and revealed some interesting challenges that organisations currently face as more and more businesses expand their digital boundaries. The most interesting finding was the that one of the drivers for modernisation (according to 28% of participants […]… Read More
The post Regulatory Compliance – Holding Security Back or Forcing us to Reassess old biases? appeared first on The State of Security.
With the CIA Triad, confidentiality commands much of the attention. Organizations fret over the unauthorized disclosure of their data, so they try to reduce the risks of that type of an incident. In so doing, however, enterprises commonly overlook the other two, integrity in particular. Ron Ross, a fellow at the National Institute of Standards […]… Read More
The post How to Use NIST’s Cybersecurity Framework to Protect against Integrity-Themed Threats appeared first on The State of Security.
To say that data governance and data compliance are rapidly becoming areas of immense strategic importance for businesses would be an understatement. Governments worldwide already have data protection laws in place or are busy drafting these laws. Moreover, users have become increasingly aware and educated about their rights online, especially regarding what data businesses can […]… Read More
The post Ultimate Guide to CPRA for US Businesses appeared first on The State of Security.
Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting of cybersecurity incidents. […]… Read More
The post The Obsession with Faster Cybersecurity Incident Reporting appeared first on The State of Security.