Following Massive Breach, Capital One Replacing CISO: Report

Apurva Venkat • November 8, 2019

Nearly four months after Capital One revealed a massive data breach, Michael Johnson, the bank's CISO, is being moved into an outside advisory role, and the company is scouting for a new security leader, according to the Wall Street Journal.

3rd Party Risk Management

How to Manage Supply Chain Risks

Latest

Governance

Privacy Analysis: Google Accesses Patient Data on Millions

Marianne Kolbasuk McGee • November 12, 2019

A newly disclosed collaboration between Google and the massive Ascension healthcare system that the partners say is designed to improve patient care is raising serious privacy concerns. That's because the project involves Ascension sharing with Google data on millions of its patients - without their permission.

Governance

Microsoft Will Apply California's Privacy Law Nationwide

Jeremy Kirk • November 12, 2019

Microsoft will apply the core rights of the California Consumer Privacy Act across all its customers in the U.S., which could nudge other technology companies in the same direction as online privacy becomes an increasing concern. The move is significant in that the technology industry has lobbied against parts of the...

PCI Standards

Verizon: Companies Failing to Maintain PCI DSS Compliance

Nick Holland • November 12, 2019

Many companies around the world that accept card payments are failing to continually maintain compliance with the PCI Data Security Standard, according to the new Verizon 2019 Payment Security Report. Verizon's Rodolphe Simonetti, who contributed to the report, explains the findings.

Governance

CCPA Compliance: Identity Verification Challenges

Suparna Goswami • November 12, 2019

One key step for preparing to comply with the California Consumer Privacy Act, which goes into effect in January, is determining how best to verify the identity of users, say two leaders of the Sovrin Foundation, who discuss the key issues.

Breach Notification

Election Interference Notification Protocols Unveiled

Scott Ferguson • November 11, 2019

The White House has developed protocols for notifying the public of nation-state hacking or other interference during the 2020 presidential election cycle. But the full framework has not yet been released.

Governance

Microsoft Warns Users: Beware of Damaging BlueKeep Attacks

Akshaya Asokan • November 11, 2019

Now that security researchers have located the first exploits that take advantage of the BlueKeep vulnerability in Windows, Microsoft is warning users to apply patches the company issued for this flaw before more dangerous exploits merge.

Governance

Democrats Pose Phone Data Privacy Questions to FCC

Apurva Venkat • November 11, 2019

Democratic members of the House Energy and Commerce Committee have sent a letter to the Federal Communications Commission demanding that it do more to enforce the Communications Act following a report about wireless carriers giving phone data to third parties.

General Data Protection Regulation (GDPR)

Take Two: Why Organizations Are Reviewing GDPR Efforts

Mathew J. Schwartz • November 11, 2019

The EU's General Data Protection Regulation rewrote the rules of the data privacy and breach notification game when it went into full effect last year. Now, however, numerous organizations are revisiting and refining their GDPR compliance efforts around preparation and remediation, says PwC's Polly Ralph.

Governance

Insider Threat: Greater Risk Mitigation Required

Mathew J. Schwartz • November 11, 2019

Too many organizations are still failing to prioritize mitigating the risk posed by insiders, whether they're malicious actors or model employees who make mistakes that unintentionally lead to a data breach, says Veriato's Chris Gilkes.

General Data Protection Regulation (GDPR)

Privacy Nirvana: Some Assembly Still Required

Mathew J. Schwartz • November 11, 2019

Data privacy discussions must focus not just on collecting, storing and securing data, but also the impetus for doing so - and whether it is being done in an ethical manner, says consultant Thom Lagford, a former CISO, who addresses GDPR compliance issues.

Governance

Data Breach Defense: Email and File Lockdown

Mathew J. Schwartz • November 11, 2019

Preventing data breaches requires safeguarding information, and for many organizations that means having strong controls in place to protect email as well as files, says Zivver's Olivier Paling.

Governance

'Digital Climate Change': An Inconvenient Truth

Mathew J. Schwartz • November 11, 2019

Too many organizations continue to use digital assets and infrastructure even when they can see that they have information security problems and deficiencies that they're failing to fix, says cybersecurity expert John Walker.