ContentsGDPR overview and principlesWhat are the key standards of the GDPR?How to conduct a proper GDPR compliance auditBenefits of conducting a consensual GDPR compliance audit.Getting help with your GDPR compliance auditPreparing for a GDPR compliance auditGDPR compliance audit documentationGDPR compliance audit checklistGDPR compliance audit checklist as a tableConclusion A GDPR compliance audit may seem similar […]
ContentsPCI DSS compliance testing target areasThe results of compliance testingPCI DSS free compliance testingPCI DSS compliance penetration testingA way to make PCI DSS compliance testing easierConclusion PCI DSS (Payment Card Industry Data Security Standard) was originally introduced as the means of protecting customer card information to a minimal degree. Surprisingly enough, the standard itself has […]
ContentsImportant InformationJanuary 2019 SharePoint security updatesFebruary 2019 SharePoint security updatesMarch 2019 updates in SharePoint securityApril 2019 updates in SharePoint securitySharePoint security updates in May 2019Updates to SharePoint security in June 2019June 2019 SharePoint security overviewAn overview of SharePoint security in August 2019SharePoint security overview for September 2019SharePoint security overview in October 2019November 2019December 2019January 2020 […]
ContentsOverviewWho falls under the CPS 234’s regulation? What about foreign entities?CPS 234 compliance security requirementsCPS 234 compliance recommendationsCPS 234 and Cipherpoint Overview The last decade has seen a lot of the advantages that come with progress, including the Internet itself, information security, and so on. But the amount of vulnerable information that can be accessed […]
ContentsGDPR365OneTrust Privacy (OneTrust)Secure PrivacyOnspringNetwrix AuditorVigilant Software GDPR ManagerManageEngine EventLog AnalyzerAuditBoardSolarWinds Access Rights ManagerLogicGate Risk CloudZenGRCReally Simple SystemsECOMPLY.ioFiles.comCipherpoint It’s safe to say that GDPR (General Data Protection Regulation) brought a lot of changes in the data governance department, particularly around demanding protection for EU citizen’s data, from all companies that interact with their data. The appearance […]
As a result of multiple terror attacks in both France and Austria, the European Union is moving closer towards officially restricting the usage of end-to-end encryption by various web platforms that support it, which include Signal, WhatsApp, and so on. It wouldn’t be a stretch to assume that this may get extended across other cloud […]
ContentsGDPR compliance issues for companiesGDPR compliance: DPOs and problemsGDPR compliance: enforcementConclusion A lot of organizations all over Europe feared the day when General Data Protection Regulation came into effect, and it was not for no reason – despite the fact that the original idea of GDPR is to give EU citizens more information and control […]
ContentsPCI DSS compliance overviewPCI DSS risksWhat Is a PCI DSS compliance audit?How does a PCI DSS compliance audit work?What are the PCI DSS compliance audit requirements?Common PCI mistakes that are revealed by PCI DSS compliance auditsConclusion In the modern world today, most (if not all) financial institutions have specific security policies (data security policies), and […]
ContentsThe basics of GDPR complianceGDPR compliance risksCompliance risksLegal risksCybersecurity risksReputational risksNew product-related risksRisk assessment and GDPRConclusion The main goal of GDPR is to standardize how companies approach data privacy and data security when it comes to processing EU citizens’ data. This is the result of how the modern world works, with information sharing being an […]
ContentsAn overview of GDPRHow does GDPR define the term “personal data”?Who needs the GDPR compliance roadmap?Do I have to comply with the GDPR?How to get your organization ready for GDPR complianceGDPR compliance roadmapConclusion With the glaringly obvious benefits of GDPR, people and organisations choose to comply with its requirements. The same goes for its penalties […]
ContentsWhat is GDPR?Personal dataGDPR compliance and stepsGDPR compliance assessmentConclusion Being compliant with GDPR requirements is not a choice. It is compulsory. For this reason, many organizations have stepped up their security measures. While this is a great start, it does not mean that they are GDPR compliant. There’s only one way to really know how […]
ContentsPCI DSS definitionPCI DSS compliance checklistPCI DSS compliance assessmentHow to prepare for PCI DSS compliance assessment and what are the things to expect?Roles of a qualified security assessor (QSA)PCI DSS compliance in Australia The amount of money lost to various forms of payment card fraud each year is surprising, and continues to grow on a […]
ContentsData classification purposeTypes of data classificationData classification categoriesExamples of data classification categories To understand the topic of data classification categories, we have to first go over the definition of data classification. Data classification represents the ongoing process of categorizing data within a specified location to make it easier to interact with said data afterwards (interactions […]
ContentsWhy should everyone have a data classification policy in place?Different data classification levelsA step-by-step guide about building your own data classification policyOther data-access strategies to use alongside data classificationConclusion Data classification is a process that’s important on a number of different levels – It makes it easier to perform any sort of data protection, gives […]
ContentsWhat is personal information?What are the types of personal information?Private personal informationSensitive personal informationHealth personal informationTax personal informationCredit card personal informationEmployee personal informationProtecting personal informationConclusion Personal information has a good and bad side for companies. All businesses record the personal information of their clients (names, debit/credit cards, ssn, etc.) to identify them and execute certain […]
ContentsData and informationDisclosing personal informationThe security of personal informationConclusion As they often say, information is power. That is to say, the value of some information can’t be quantified by money. In this sense, your personal information is priceless, and for businesses, their clients’ personal information is priceless. Businesses should prevent disclosing personal information of their […]
ContentsPersonal dataSensitive personal dataSensitive personal data exceptions Personal information is a term that is familiar to a lot of people but at the same time there’s a significant misconception that “personal data” and “sensitive personal data” are interchangeable terms. However these terms should not be confused, and the difference between personal data and sensitive personal […]
ContentsData classification policyThe benefits and examples of a data classification policyCreating your own data classification policy: best practicesData classification policy example Data classification represents the process of data identification and categorization that aims to understand the proper sensitivity level of each piece of information and file. To define what kinds of information belong to which […]
ContentsWhat is NIST 800-171?NIST 800-171 implementation benefitsDo You Handle CUI?Identifying and Locating CUICompliance requirements for NIST 800-171What is Access Control?Administrative ControlsPhysical ControlsTechnical ControlsNIST 800-171 and the CloudA Note of CautionExamples of companies that have to comply with NIST 800-171NIST 800-171 Requirements MappingHow to Use the NIST 800-171 Requirements Worksheet?NIST 800-171 vs. NIST 800-53 What is […]
ContentsMeaning of sensitive dataSensitive data exposure explainedThe largest sensitive data exposure breachCauses of sensitive data exposureHow to detect and mitigate sensitive data exposureConclusion The modern world is a brand new tech-savvy world. A lot can be done remotely to benefit the growth of an organization. However, in the same vein, criminals could do harm to […]
ContentsOriginAbout the GLBAWhat is the objective of GLBA?Why is the GLBA important?Who does the GLBA apply to?Penalties for failure to comply with GLBAGLBA compliance checklistConclusion For the safety of consumers’ information, and the continued seamless services of financial institutions, certain conditions must be met. These conditions are the GLBA compliance checklists. Origin The ‘Gramm-Leach-Bliley Act’ […]
Contents1) Know the Sensitive Data You Have2) Broadly Apply Granular Encryption3) Make Data Available on a “Need to Know” Basis4) Train Employees to Maintain Their Own Security5) Practice, Practice, Practice As a member of your Human Resources department, no doubt you already have a clear idea of the importance of the privacy of employees’ information. […]
Why sensitive data classification is important? The exposure of sensitive data in documents can create serious problems. Some types of information, such as Tax File Numbers (or other national identification number) and credit card numbers, are inherently sensitive. They always need to be kept out of public documents, and any internal documents that hold them […]
ContentsWhat is FIPS 140 2?Different levels of FIPS 140-2Who needs to be FIPS 140 2-compliant?Why doesn’t everyone qualify for FIPS 140 2 Level 4?FIPS compliance, validation and certificationCipherpoint and FIPS 140 2 What is FIPS 140 2? In the United States government, the National Institute of Standards and Technology (NIST) has a series of published standards called the Federal […]