Tag Archives: Regulation

My latest Gartner research: Market Opportunity Map: Security and Risk Management Software, Worldwide

20 April 2017  |  The security software market is transforming through four vectors: analytics, adoption of SaaS and managed services, expanded ecosystems, and regulations. Technology business unit leaders must realign their product and go-to-market strategies to address these key forces….

Gartner clients can access this research by clicking here.




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Coast Guard Needs Better PHI Security, Says OIG Report

http://healthitsecurity.com/news/coast-guard-needs-better-phi-security-says-oig-report By Elizabeth Snell Health IT Secutity May 21, 2015 The US Coast Guard (USCG) must do a better job in its PHI security measures, according to a recent report from the Office of the Inspector General (OIG). Specifically, USCG lacks a strong organizational approach to resolving privacy issues, the report stated, which leads to the agency having challenges when it comes to effectively protecting PHI. “We evaluated the safeguards for sensitive personally identifiable information and protected health information (privacy data) maintained by USCG,” OIG explained in its report. “Our objectives were to determine whether the USCG’s plans and activities instill a culture of privacy and whether the USCG ensures compliance with the Privacy Act of 1974, as amended, [HIPAA], and other privacy and security laws and regulations.” OIG outlined five areas that USCG needs to resolve in order to improve its PHI security: […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

My latest Gartner research: Invest Insight: Focus on Imperva

This research looks at various segments relevant to Imperva — Web application firewalls (WAFs), data-centric audit and protection (DCAP), cloud security, and cloud access security brokers (CASBs) — to provide the reader with the ability to assess the company’s prospects. Based in Redwood Shores, California, Imperva provides hardware and software cybersecurity solutions designed to protect data and applications in the cloud and on-premises. Customers use these solutions to discover assets and risks, protect information, and comply with regulations. …

Gartner clients can access this research by clicking here.


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] [CFP] BSides Las Vegas August 2015

Forwarded from: BSidesLV CFP: https://bsideslv.org/cfp/ First Round CFP closes April 15th. Round two opens May 25th and closes June 8th. BSidesLV 2015 will consist of seven main speaking tracks and one workshop track.It will also include Passwords, however they have a separate CFP. Look for that at https://passwordscon.org/ Proving Ground – First-time speaker* mentor-ship and scholarship program. Get matched with a great mentor who will assist you in crafting your talk and slides and we’ll cover up to $500 in costs for your trip to Las Vegas. *Regional BSides and local group meetings (OWASP/ISSA/ISACA etc.) do not fall into this category More info: http://www.bsideslv.org/speakers/cfp/proving-ground-call-for-papers/ Breaking Ground – Ground Breaking Information Security research and conversations on the “Next Big Thing”. Interactively discussing your research with our participants and getting feedback, input and opinion. No preaching from the podium at a passive audience. Common Ground – Other topics of interest to the security community. e.g., Lock-picking, hardware hacking, mental health/burnout, Law, Privacy, Regulations, Risk, Activism, etc. Again, interactive discussions with your peers and fellow researchers. Not passive lectures “at” an audience. Underground – OTR talks on subjects best discussed AFK. No press, no recording, no streaming, no names. Just you and your peers, behind closed doors. Think about it. Ground Truth – This  track is focused on innovative computer science and mathematics applied to security. Topics of interest include machine learning, natural language processing, Big Data technologies, cryptography, compression, data structures, zero knowledge proofs or just about anything academically publishable that usually baffles review committees for other conferences. Above The Ground Plane – The team that brings you the Wireless Village at DEFCON and the Wireless Capture the Flag contests at multiple conferences throughout the year is organizing a new speaking track for BSidesLV. The Above The Ground Plane track will consist of any and all forms of exciting hacks and unusual uses of wireless technology. Think you have something new and exciting, spread your spectrum and come share it. Trust us, you ohm it to yourself. Training Ground – Workshops and classes to give our participants hands-on experience and in-depth knowledge. We accept proposals for 1/2 day, full-day and 2-day workshops. We don’t charge for workshops, nor do we pay for them, although we may cover circuit boards. Conference information: https://bsideslv.org More CFP information: https://www.bsideslv.org/speakers/cfp/ CFP: https://bsideslv.org/cfp/ Security BSides Las Vegas, Inc. A 501(c)(3) Non-Profit Educational Corporation http://bsideslv.org info@bsideslv.org https://twitter.com/bsideslv


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] The Ambassador who worked from Nairobi bathroom to avoid State Dept. IT

http://arstechnica.com/information-technology/2015/03/the-ambassador-who-worked-from-nairobi-bathroom-to-avoid-state-dept-it/ By Sean Gallagher Ars Technica March 8, 2015 The current scandal roiling over the use of a private e-mail server by former Secretary of State Hillary Clinton is just the latest in a series of scandals surrounding government e-mails. And it’s not the first public airing of problems with the State Department’s IT operations—and executives’ efforts to bypass or work around them. At least she didn’t set up an office in a restroom just to bypass State Department network restrictions and do everything over Gmail. However, another Obama administration appointee—the former ambassador to Kenya—did do that, essentially refusing to use any of the Nairobi embassy’s internal IT. He worked out of a bathroom because it was the only place in the embassy where he could use an unsecured network and his personal computer, using Gmail to conduct official business. And he did all this during a time when Chinese hackers were penetrating the personal Gmail inboxes of a number of US diplomats. Why would such high-profile members of the administration’s foreign policy team so flagrantly bypass federal and agency regulations to use their own personal e-mail to conduct business? Was it that they had something they wanted to keep out of State’s servers and away from Congressional oversight? Was it that State’s IT was so bad that they needed to take matters into their own hands? Or was it because the department’s IT staff wasn’t responsive enough to what they saw as their personal needs, and they decided to show just how take-charge they were by ignoring all those stuffy policies? The answer is probably a little bit of all of the above. But in the case of former ambassador Scott Gration, the evidence points heavily toward someone who wanted to work outside the system because he just couldn’t stand it. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Tough security tests for banks’ foreign suppliers

http://www.scmp.com/news/china/article/1697491/tough-security-tests-banks-foreign-suppliers Reuters in Beijing and San Francisco 01 February, 2015 Draft Chinese government regulations would force overseas technology vendors to meet stringent security tests before they can sell to China’s banks, an acceleration of efforts to curb the country’s reliance on foreign technology that has drawn a sharp response from US business groups. But a translation of the proposed rules shows its immediate impact on foreign firms may not be as tough as feared. The draft shows the regulation would initially focus on types of hardware and software where domestic suppliers already have a strong market position compared with their foreign rivals. Western companies say the rules have not yet been formally adopted and some said they believed Beijing would retreat on some of the most onerous ideas, including demanding that firms’ proprietary source code be reviewable. Chinese leaders are to review the plan next week, US tech industry sources said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] China’s New Rules for Selling Tech to Banks Have US Companies Spooked

http://www.wired.com/2015/01/chinas-new-rules-selling-tech-banks-us-companies-spooked/ By Davey Alba Wired.com 01.29.15 Technology companies that want to sell equipment to Chinese banks will have to submit to extensive audits, turn over source code, and build “back doors” into their hardware and software, according to a copy of the rules obtained by foreign companies already doing billions of dollar worth of business in the country. The new rules were laid out in a 22-page document from Beijing, and are presumably being put in place so that the Chinese government can peek into computer banking systems. Details about the new regulations, which were reported in The New York Times today, are a cause for concern, particularly to Western technology companies. In 2015, the China tech market is expected to account for 43 percent of tech-sector growth worldwide. With these new regulations, foreign companies and business groups worry that authorities may be trying to push them out of the fast-growing market. According to the Times, the groups—which include the US Chamber of Commerce—sent a letter Wednesday to a top-level Communist Party committee, criticizing the new policies that they say essentially amount to protectionism. The new bank rules and the reaction from Western corporations represent the latest development in an ongoing squabble between China and the US over cybersecurity and technology. The US government has held China responsible for a number of cyberattacks on American companies, and continues to be wary that Chinese-made hardware, software and internet services may have some built-in features that allow the Chinese government to snoop on American consumers. Meanwhile, China has used the recent disclosures by former NSA contractor Edward Snowden as proof that the US is already doing this kind of spying—and that this is reason enough to get rid of American technology in the country. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail