Information Security Spending: Don’t Be Fooled by Overconfidence

The New Stack

Spending on information security continues to increase, but those gains may decelerate as companies become more confident in their security posture. Sentiment about security may be due to increased spending in previous years.

Security vs Compliance | Hacking In To Cybersecurity

Linux Academy

Welcome back to another iteration of Hacking In To Cybersecurity! Our previous posts in this series have focused on informing you, the reader, on how to land a job in the cybersecurity career field , but we’re going to switch gears in this episode and talk about something that every security professional needs to understand: Does Compliance equal Security? Compliance Defined. Let’s start off by defining compliance.

How to End the War Between Information Security and IT Operations

The New Stack

Currently leading Puppet’s interest in helping DevOps teams with secure digital transformations by automating away mundane parts of work, freeing humans and computers to both do what they are good at. All of these barriers can understandably cause friction between security and IT operations.

Cybersecurity Q&A with Dave Elfering, VP information security at Werner Enterprises

Sailpoint

Dave Elfering, currently Vice President of information security has also witnessed a considerable amount of growth and change over his career when it comes to information security. In 1997, Elfering began working at Werner as a project manager to help the company build its online presence and secure its data. Tell us how you got interested and eventually started in information security? I started writing a lot of security policies.

How automation can boost your security compliance

TechBeacon

With every day seeming to bring news of fresh security breaches, protecting the enterprise seems like an impossible task. Security, Information Security, Information Security (Info Sec

Software Compliance Teams Can Learn a Lot from DevSecOps

DevOps.com

Many argue that application security should be the responsibility of a security team. However, while security professionals can contribute, developers are usually the only ones with the technical ability to fix software security vulnerabilities.

Here's a better way to do compliance and risk management

TechBeacon

As government regulations spread around the globe, geopolitical, regulatory, legal, and compliance risks continue to present challenges in the enterprise. Security, Information Security, Compliance & Regulation, IT Risk Management

Q&A with John Masserini, Chief Information Security Officer at Millicom

Sailpoint

In this Q&A we spoke with John Masserini, chief information security officer at international telecommunications provider Millicom. Masserini talks with us about his interesting career path in information security, cloud security, and identity management.

Cybersecurity On Call: Balancing Connectivity and Cybersecurity with Paul Roberts

Cloudera

LockState learned a hard lesson around cyber and IoT security –as well as customer trust. To learn more about how the industry is balancing connectivity with cybersecurity, we have invited Paul Roberts to join us. Paul is the founder and Editor in Chief of The Security Ledger, an independent security news website that explores the intersection of cyber security with the Internet of Things.

Cloud Compliance Security, Part 1: Understanding Expectations & Building Requirements

Lacework

Most organizations associate their cloud compliance programs together with governance and risk. Governance, risk and compliance (GRC) programs represent a collection of controls designed to ensure that your organization manages their information security risks appropriately and that your security controls operate effectively. GRC programs work to identify gaps in your cloud security controls and also [.].

Auditing Microsoft Security Compliance Toolkit Baselines

Tenable

Security baselines are helpful but to be sure of their effectiveness you need to perform regular audits. and Nessus Professional to audit the security baselines included within the Microsoft Security Compliance Toolkit. What is Microsoft Security Compliance Toolkit?

Cybersecurity on Call: Nation-State Cyber Operations with Patrick Tucker

Cloudera

If you enjoyed this podcast, click here to hear other cybersecurity industry influencers on their take on the latest trends. Like us on SoundCloud and follow us so you’re always up on current events in the world of cybersecurity. The post Cybersecurity on Call: Nation-State Cyber Operations with Patrick Tucker appeared first on Cloudera Blog.

Cybersecurity On Call: Goodbye 2017, Hello 2018! Top Five Tips from 2017

Cloudera

This was an amazing year for our inaugural “Cybersecurity On Call” season. It was truly an honor hosting amazing guests as we explored the world of cybersecurity. From industry thought leaders, to New York Times best sellers, to hackers, I learned a ton about the future of cybersecurity and I hope you did as well. Cybersecurity in Government with Dr. Ron Ross. Information Warfare with Bill Gertz. Securing the Fourth Platform with Peter Tran.

Regulatory Compliance Requirements for Business Situations

TechTalk

Compliance is everybody’s business SMBs must be just as concerned with compliance as enterprises Regulatory compliance is a big focus for big businesses today. Security GDPR hipaa compliance

Cybersecurity On Call: Information War with Bill Gertz

Cloudera

With countless articles discussing the recent Equifax hack where thousands of social security numbers were compromised to organizations like Facebook, Google, and Twitter coming forward with Russian accounts that were buying ads to influence US elections. Bill has joined us to discuss his most recent book on how nation-states are using the digital front to begin information wars. He is an award-winning national security journalist and the senior editor at The Washington Free Beacon.

Developing a Security-First Model for Cloud Compliance

Lacework

Compliance looks for proof that organizations do what they say they do. Security requirements come in many forms beginning with your organization’s own information security policy. The post Developing a Security-First Model for Cloud Compliance appeared first on Lacework.

How Certifications Can Help You Land a Position | Hacking In to Cybersecurity

Linux Academy

Welcome to Hacking In to Cybersecurity, an all-new series dedicated to helping you, the reader, get a leg up on the competition when trying to break into the cybersecurity career field. The blogs will consist of introducing you to some techniques you can use to help to land a security position, as well as covering some concepts that anyone considering joining the career field should know about. How Hiring Managers Find the Best Candidates for a Cybersecurity Position.

Effective Compliance Requires a Security-First Approach

Lacework

In the cloud, compliance and security are highly reliant upon one another, and they share a common goal: responsibility for keeping an organization’s data, users, resources, and intellectual property safe and usable. Blog cloud security compliance compliance

Regulatory Compliance and Red Hat Security

Linux Academy

In today’s interconnected world, data security has never been more important. Failure to meet regulatory compliance spells serious trouble for your business. By training your IT staff to keep your systems secure, you can prevent harmful or costly data breaches. PCI DSS deals with credit card data, and HIPAA regulates the use of healthcare information. Security policies. Compliance scanning. Compliance Scanning.

Cloud Compliance Security, Part 2: The Importance of Security Controls

Lacework

In our previous blog on compliance security, we looked at the importance of an organizations’ security approach and how to effectively build requirements that meet cloud compliance security demands. Security teams [.].

Locking Down Kubernetes Security, Compliance with Harbor

The New Stack

Also, some enterprises may discover that making the shift does not come without a set of new security challenges, with the latest Docker vulnerability serving as one example. So that’s where these needs for security and compliance comes into and why Harbor is important there.”.

Data Privacy and Compliance at Nonprofit Organizations

TechSoup

IT Security Data ManagementI was lucky enough to be in the room at the European Parliament in October 2018 when Apple CEO Tim Cook made an impassioned plea for a federal privacy law in the USA. It was something I thought I would not hear from a Silicon Valley CEO in my lifetime.

Red Owl Analytics: Enabling information security and compliance teams to proactively tackle insider risk

CTOvision

Red Owl Analytics is a highly regarded provider of a software solution that enables security and compliance teams to proactively tackle their most pressing problem-- insider risk. Guy finished his Army career as a special assistant to the Director of the National Security Agency.

Why your development team should care about software compliance

Synopsys

Software compliance isn’t just a concern of security, development, and legal executives. The post Why your development team should care about software compliance appeared first on Software Integrity Blog. Security Standards and Compliance

RedTalk: Compliance in the Cloud

RedLock

? Compliance in the Cloud Auditors often ask abstract questions such as, “Are you ensuring that data at rest is encrypted in your cloud platforms?” ” However, what does that mean … Continue reading "RedTalk: Compliance in the Cloud". Blog Cloud Security RedTalk

PCI Compliance in the Public Cloud

Lacework

Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. They can also be onerous and burdensome which can lead to security and compliance teams falling [.]. Blog compliance pci compliance PCI DSS

Don’t Let SREs Leave Cybersecurity Behind

The New Stack

Alex Delgado , a security engineer at the Gremlin chaos testing service, points to the disconnect many enterprises have. It’s just that security and compliance haven’t even heard of these things. And everyone in a company has a stake in its security.

Fugue: Autonomous Cloud Security and Compliance

CTOvision

Fugue automates enterprise cloud security and compliance enforcement to prevent data breaches, policy violations, and system downtime. Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

How Are You Tackling Cloud Compliance?

Palo Alto Networks

How to Ensure Compliance Speed Bumps Don’t Slow Your Public Cloud Adoption. Daily, I speak to organizations that have moved production workloads over to cloud IaaS providers but haven’t yet addressed how they will manage, measure and report on regulatory compliance controls. Amid all the concerns over whether public clouds are secure, some organizations missed a critical question: Can we demonstrate compliance without overworking our teams in the process?

Q&A with Guillermo Guerra, Prudential Group Chief Information Security Officer

Sailpoint

We recently caught up with Guillermo Guerra, Prudential Group Chief Information Security Officer, to discuss security and identity management. Guillermo began his career at Prudential as chief information security officer at Jackson National Life Insurance Company, or Jackson, a Prudential subsidiary. Here’s our conversation: Could you tell us a little bit about how you got started professionally in cybersecurity? Security was not really a big thing yet.

Extend your Active Directory security policy to Linux and beyond

TechBeacon

Security, Identity & Access Management, Information Security (Info Sec), Identity and Access Management (IAM), User Authentication, Compliance & Regulation

How to Achieve Continuous AWS & NIST Compliance

Cloud Conformity

The need for data privacy and secure data storage are showing no signs of abating in our modern tech-filled world no matter what industry you work in?—?Cloud Cloud Conformity continue to ease compliance difficulties for their customers. nist aws cybersecurity compliance devops

How to protect sensitive data with PCI DSS compliance

Synopsys

PCI DSS compliance can help you protect sensitive data and prevent data breaches. The post How to protect sensitive data with PCI DSS compliance appeared first on Software Integrity Blog. Interactive Application Security Testing (IAST) Security Standards and Compliance

Data privacy: The heart and soul of your compliance strategy

TechTalk

If you ask a group of IT professionals what regulatory compliance is all about, at least some of them are likely to answer “security.” It’s the way we think, because security is a technological mechanism and we are, after all, techies. Compliance

Cloud Security Use Case #3: Ensure Social Media Compliance

Netskope

I recently blogged about the two of the most common cloud security use cases that customers are covering with Netskope. I would like to continue the discussion and talk about use case #3, which is ensuring social media compliance.

PCI Compliance – Log Management

Capgemini

PCI Compliance. We talk a lot about PCI in the digital-commerce space, whether that’s TLS versions, vulnerability scans, iframes, and verifying code security. Are you sure you’re logging enough information? Your conversion rates, server response time graphs, average cart values, and so on, all provide tremendous insight into the business performance of your commerce site but provide limited security value.

Risk and Compliance Management: Modernizing the Cloud to Address the Realities of Security and Compliance

Armughan Ahmad - Dell EMC

However, in addition to these “cool” new technologies which everyone wants to talk about, organizations are quietly ramping up other aspects of their hybrid cloud and multi-cloud implementations – specifically addressing Security and.

Leveraging AWS Trusted Advisor for Security and Compliance

Coalfire

The benefits of undergoing mandatory or voluntary cybersecurity compliance assessments are well known throughout the cybersecurity industry. Despite the benefits, compliance assessments can be labor intensive and painful.

Ensuring SOD Compliance in your Hybrid Ecosystem

Saviynt

Whether through mergers and acquisitions or implementation of best-of-breed technologies, organizations of today are required to manage a diverse set of applications – sometimes each with their own unique security model. Helpful Tips for SOD Compliance in Your Hybrid Ecosystem .

Demonstrating Continuous Compliance Across the Hybrid Enterprise

Firemon

In this two-part blog series, we intend to show you how with FireMon Security Manager and Lumeta you can not only get better visibility into the state of your security policy compliance but audit your security posture to ensure compliance as your environment changes.