Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Legislation

Snyk

Supply chain security and Executive Order M-21-30

On September 14, the White House released Executive Order M-21-30, emphasizing and reminding us that there are NIST guidelines for securing any software being sold to the US Government. According to the Executive Order (EO), self-attestation is a requirement for software vendors or agencies and acts as a “conformance statement” outlined by the NIST Guidance.

netskope

The EU Cyber Resilience Act - Thinking Out Implementation

From TVs to watches, fridges, lightbulbs, or coffee machines, it seems everything needs to be connected now to be marketable. The Internet of Things (IoT) environment is growing in homes and workplaces, but it has established itself way ahead of regulation. IoT devices do not currently have to comply with any specific cybersecurity standards and malicious actors are already making use of these endpoints.

Arctic Wolf

Insight Into The Strengthening America Cybersecurity Act

Signed into law in March of 2022, the Strengthening American Cybersecurity Act (SACA) gives federal authorities an overview of all cyber attacks against critical infrastructure in the United States for the very first time. SACA has three parts: SACA comes at a time when governments are facing a significant paradigm shift.

sumologic

How Sumo Logic helps you comply with the CERT-In Directions 2022

On April 28, 2022, the Indian Computer Emergency Response Team (CERT-In) published the CERT-In_Directions_70B_28.04.2022 — a new document that imposes strict requirements on service providers, organisations, and cybersecurity teams. The new directions caused many controversies, leading to CERT-In publishing two supplemental documents: frequently asked questions on cybersecurity directions and No. 20(3)/2022 CERT-In.

vista infosec

GDPR Privacy Notice

GDPR Regulation is an international Data Privacy law that upholds the rights of citizens of the EU. It gives citizens more control over how their data is used in the organization. If your company handles the personal information of people in the EU, then they are expected to comply with GDPR. Like any other regulation, GDPR too requires an organization to abide by the rules and requirements outlined in the law.

upguard

List of Cybersecurity Regulations in the European Union

The rapid increase of cybersecurity challenges in recent years, such as growing ransomware attacks, has forced the US to devise new mandatory regulations. These requirements are aimed to help combat cybercrime by increasing organizations’ level of cybersecurity capabilities. Complying with these regulations is necessary to keep organizations accountable for their mandatory security posture.

cyphere

How to write a GDPR Data Protection Policy? Free Template

Data privacy rules have never been crucial for organisations to follow until the General Data Protection Regulation (GDPR) enforcement. This blog is divided into two sections. The first section will discuss a general overview, definitions and common queries related to a data protection policy. The second section will explain how a business can write and operationalise a data protection policy.

GDPR & HIPAA Compliance- Mapping the Similarities and Differences

Is your organization looking to achieve both HIPAA and GDPR Compliance? Well, believing that achieving compliance with one will automatically ensure compliance with the other regulation isn’t really true. So, based on this notion, if you are looking to achieve compliance with both HIPAA and GDPR, then here is an interesting webinar video that you should watch to get clarity on this aspect.
splunk

Harmonizing the Federal Effort on Automating Software Bill of Materials

When the Biden administration released Executive Order 14028, “Improving the Nation's Cybersecurity”, it included guidance to enhance the security of the nation’s software supply chain. As a result, key building blocks are being developed to both strengthen software security and bolster software Supply Chain Risk Management (SCRM) programs across the Federal government.

tripwire

Privacy in Q2 2022: US, Canada, and the UK

The second quarter of 2022 offered plenty of positing on privacy, both in the U.S. and internationally. In the U.S., we saw the addition of another state privacy law, and a spark of hope in privacy professionals’ eyes with the introduction of tangible federal legislation. Plus, the Federal Trade Commission (FTC) is positioned to act on rulemaking like never before.