Security Awareness Training Blog

Keeping You Informed. Keeping You Aware.

Cybersecurity Top Risk Consideration In Board Room

The Wall Street Journal polled its readers and asked them to rate the top compliance issues of 2014. The answers were very interesting! 

PCI Publishes Guidance On Security Awareness Training

The Payment Card Industry Council thinks Security Awareness Training is so important that they just published a 25-page guidance paper that fully explains the why, how and what of awareness training programs. And they start out with: "In order for an organization to comply with PCI DSS Requirement 12.6, a formal security awareness program must be in place."

Federal Compliance Rules Skyrocket

Underscoring the difficulty of compliance management in the context of just US federal rulemaking – not to mention rules published by state, local and other governments and organizations – is the growth of the US Federal Register. This document, a daily publication that contains proposed and final regulations of US federal agencies, published an average of 3,827 final rules and 2,445 proposed rules each year between 2002 and 2012. That represents an average of 14.7 final rules and 9.4 proposed rules each workday. Managing this level of change using manual processes can be very difficult, if not impossible. Here are the numbers:

NISTs New Approach to Cybersecurity Standards

Applying Engineering Values to IT Security. The National Institute of Standards and Technology is developing new cybersecurity standards based on the same principles engineers use to build bridges and jetliners.

4.8 Million Heftiest HIPAA Fine From Federal Regulators Yet

Federal regulators have issued a $4.8 million sanction, the largest HIPAA settlement to date, against two partnering New York healthcare organizations following a breach affecting just 6,800 individuals.

New Whitepaper: Improving the Compliance Management Process

We are excited to announce a new whitepaper that covers important compliance requirements that you are obligated to satisfy, provides some high level recommendations about what you can do to address these issues, and offers a brief overview of a tool that helps you to better manage these compliance problems.

Do you recognize yourself in The Compliance Curve?

Have a look at the curve here. Do you recognize yourself? It's the process that many IT pros told us they go through on a regular basis, much like Groundhog Day.  

89% Fail To Maintain PCI Compliance Between Assessments

OUCH. Verizon said in a report this month that 89% of organizations that achieve annual compliance with the PCI Data Security Standard -fail- to maintain that status after passing the audit. That results in being open to potential data breach risks and other security threats. We all know that PCI is an acceptable security baseline and then you build your full security posture on top of that. But not even having PCI compliance in place year-round is asking for trouble.

NIST Releases Voluntary Cybersecurity Compliance Framework

The Relationship Between Compliance And Security

This venn-diagram illustrates the relationship between Compliance and Security in a funny way.

Subscribe To Our Blog

Phish Your Users

Get the latest about social engineering

Subscribe to CyberheistNews