Similar Posts

Data de-identification: Best practices in the new age of regulation

ByKayne

Confidential computing also is an emerging technology meant to protect data in use, said McGladrey of the IEEE.

“Confidential computing can allow the processing of data from multiple parties without sharing the input data with those other parties,” he said. “For example, if an organization wants to perform processing on a large set of healthcare data collected from multiple third-party organizations, properly configured confidential computing potentially permits those third parties to provide their data for processing in aggregate. In this scenario, not even the cloud provider can see the cleartext data provided by the third parties, or the results.”

Users are the target: How employees can be the strongest line of defense

ByKayne

Recognizing that fact, Kayne McGladrey, director of security and information technology at Pensar Development, an engineering consultancy in Seattle, says continuously phishing end users is the best way to help them identify phishing and other potentially malicious content. “This continuous exposure [to phishing] should take a variety of forms, from email-based phishing to direct messages on social media.”

McGladrey says short, actionable, culturally relevant education initiatives on a regular schedule are recommended because “users don’t want to sleep through the mandatory ‘October is cybersecurity month,’ two-hour, PowerPoint presentations.”

Managing a Hybrid Workforce: What Are the Key Concerns?

ByKayne

Kayne McGladrey (@kaynemcgladrey), security architect at Ascent Solutions LLC, said that providing secure access to corporate data for employees regardless of the location of either the employees or the data is still the biggest concern for companies with a hybrid workforce. “Solving this is the core of a Zero Trust strategy, he added. “Zero Trust is now the foundation of modern defensive architectures that companies should use to reduce the material risks associated with legitimate threats.”

Best practices for cryptocurrency firms and digital currency firms managing money

ByKayne

Based on the Consent Order, firms in this space should be prepared to demonstrate to NYDFS how their compliance programs meet the standards outlined in DFS regulations, particularly the Virtual Currency Regulation, the Money Transmitter Regulation, the Cybersecurity Regulation, and the Transactions Monitoring Regulation. Firms should also ensure that they have documented policies and procedures required by the Cybersecurity Regulation.

Navigating the Rocky Road of Data-Driven Insights

ByKayne

It’s no longer enough to have a Security Information and Even Management (SIEM) system or layer in commercial threat data, deploy a deception system, or prioritize assets–there’s simply no one-size-fits-all security solution. “This is still more art than science,” says Kayne McGladrey (@kaynemcgladrey), a director of security and information technology. “An effective solution needs to incorporate elements of all of those products or solutions to create meaningful and actionable intelligence.”