In the rapidly evolving cybersecurity landscape, the sheer volume of Common Vulnerability and Exposure (CVE) notices has become a daunting challenge for SecOps teams. In 2023 alone, the National Institute of Standards and Technology (NIST) issued 28,901 CVE notices, reflecting the growing complexity and intensity of potential threats.

The Cybersecurity Maturity Model Certification (CMMC) framework is undergoing a significant transformation with the introduction of CMMC 2.0. This revamped approach aims to streamline compliance, reduce costs, and enhance the overall security posture of the defense industrial base (DIB). CMMC is a framework developed by the U.S. Department of Defense (DoD) to assess and certify the cybersecurity posture of its contractors and subcontractors.

For companies looking to get SOC 1 or 2 compliant, it can be hard to find out where to start, so we’re providing a straightforward guide to the ins and outs of SOC audits.

For companies looking to get their data practices in order, the ISO 2700 standards provide a valuable starting point to use when crafting policy.

California’s data protection law applies not just to consumers, but to employees. And it’s finally taking effect.

We’ve written a lot about various security frameworks, from CMMC to ISO 27001, and throughout all of them, one of the core elements is the need to protect CUI. Information that is controlled at a very high – SECRET, Classified, or other – level is tightly bound by specific rules and can only be handled by select individuals. Completely base, public information is freely available and completely uncontrolled. But there’s a lot of information somewhere in the middle.

No matter the business size, the threat of data breaches or hacks is a dark cloud that hangs over every company. If data is mishandled, leaked, or stolen, the repercussions for businesses can be devastating. Cyberattacks on businesses can cause severe financial losses due to fines, legal fees, and remediation costs. As businesses are legally obliged to inform customers of a data breach, once customers find out, they can also cause irreparable damage to reputation, customer distrust, and loss of business.

In this article, we outline the main elements of DORA, as well as key recommendations for preparing effectively for this important new regulation.

Our teams are always hard at work improving the TrustCloud platform. Here are this month’s biggest updates. Introducing our ServiceNow integration! This is a bidirectional integration with ServiceNow to pull ticket details into TrustCloud. Teams can create new ServiceNow tasks in TrustCloud and attach ServiceNow links as evidence to your tests. The integration also supports automatic task creation from TrustCloud. Just go to Admin -> Connected Apps, where you can automate task creation.

As financial services companies, such as banks, hedge funds, and stock exchanges, move to the cloud, sensitive data often unintentionally moves with them. To help avoid costly breaches and address governance, risk, and compliance (GRC) requirements such as PCI-DSS, GDPR, and SOC 2, these organizations may need to identify where in the cloud sensitive data can leak and be able to redact it at scale.