Legislation

splunk

7 High-Risk Events to Monitor Under GDPR: Lessons Learned from the ICO's BA Penalty Notice

Hello Security Ninjas, Today's IT world is complex and can be challenging for security operations teams. Nowadays, more apps are being integrated and interconnected than ever before. Cloud services and SaaS solutions purchased all throughout the organization outside of the IT department add even more complexity. Communicating to application and service owners the kind of activities that need to be logged and sent to the SOC can be a daunting task.

netwrix

HIPAA Compliance Checklist

The Health Insurance Portability and Accountability Act (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, is designed to keep individuals’ medical information and health records safe. Healthcare organizations must ensure HIPAA compliance, even — perhaps especially — during the current global pandemic. The Office for Civil Rights (OCR) at the U.S.

tripwire

Australia Proposes Security Law to Protect Critical Infrastructure Against Cyber Attacks

The Australian Government is committed to protecting the essential services all Australians rely on by uplifting the security and resilience of critical infrastructure. Increasingly interconnected and interdependent critical infrastructure is delivering efficiencies and economic benefits to operations.

nightfall

Nightfall Data Loss Prevention makes HIPAA Compliance Possible

Covered entities bound by law to follow HIPAA regulations – like healthcare providers, health plans, and others handling protected health information (PHI) – need to demonstrate efforts to secure PHI. The specific measures required to do so are detailed in the HIPAA security rule which states that covered entities must put controls into place to identify and protect against anticipated threats to the security and integrity of PHI.

tripwire

Achieving Compliance with Qatar's National Information Assurance Policy

Qatar is one of the wealthiest countries in the world. Finances Online, Global Finance Magazine and others consider it to be the wealthiest nation. This is because the country has a small population of under 3 million but relies on oil for the majority of its exports and Gross Domestic Product (GDP). These two factors helped to push the country’s GDP measured at purchasing power parity (PPP) to over 132,886, per Global Finance Magazine’s findings in August 2020.

PSD2 & API Security

The second Payment Services Directive (PSD2) is a data-driven legislation introduced by the European Union (EU) in 2015, with which all payment service providers (PSPs) throughout the EU and beyond must comply. PSD2 expands the scope of 2007's PSD, a directive implemented to make payments across borders as easy, secure and inexpensive as domestic payments. However, a short eight years later, innovations in technology and the prevalence of fintech have created new challenges for the payments industry to address.
bulletproof

Everything you need to know about DPO for schools

As legislation goes, the GDPR could be unique in its insistence that a new professional role, the Data Protection Officer (DPO), be created to ensure its mandates are properly met. But getting a DPO in place is no simple recruitment exercise, and that’s especially true for schools. For starters, people with the requisite mix of abilities and experience to do the job in educational environments are hard to find.

tripwire

What Is the EU Cybersecurity Act and What Does It Mean for US-Based Businesses?

During the previous weeks, we provided a thorough overview of the EU NIS Directive, focusing on the Operators of Essential Systems (OES), the Digital Service Providers (DSP) and the compliance frameworks. Our review of the EU cybersecurity policy and strategy would be incomplete without mentioning the EU Cybersecurity Act.

manageengine

South Africa's GDPR: The POPI Act and it's impact on Desktop Central users

The Protection of Personal Information (POPI) Act puts South Africa’s data regulation standards on par with existing data protection laws around the world. It aims to protect personally identifiable information (PII), enforce individuals’ rights to privacy, and provide guidelines for lawfully processing sensitive information and notifying regulators and data holders in the event of a breach.