Similar Posts
How digital wallets work, and best practices to use them safely
ByKayne
In this Help Net Security video, Kayne McGladrey, IEEE Senior Member, discusses best practices for using digital wallets safely. With the adoption of digital wallets and the increasing embedding of consumer digital payments into daily life, ensuring security measures is essential. According to a McKinsey report, digital payments are now mainstream and continually evolving, bringing advancements and new data protection and fraud prevention challenges.
The FTC updated the Safeguards Rule. Here’s how to avoid notification events.
ByKayne
The primary emphasis of the new revision is that a ‘notification event’ now triggers the reporting process, described as any unauthorized acquisition of unencrypted customer information. This is a change from the earlier draft of the Rule, which used the term ‘security event’ to describe unauthorized system access or information misuse. This change may result in some confusion, unfortunately, described below.
How Instacart Created Strong Relationships with Engineering to Build a More Compliant Product
ByKayne
In a world where compliance and engineering teams must work together to build compliant products, competing goals and philosophies can make collaboration frustrating for both sides. Join representatives from Instacart as they share their story on how they worked with engineering to build a compliant product, best practices for collaborating across teams to build scalable, compliant solutions and how to foster a culture of security and compliance across your organization.
After completing this session, participants will be able to:
• Build more credibility with engineering teams.
• Incorporate features that enable compliance into products.
• Work with your engineering team—not against them—to build high-quality, compliant products.
• Make long-term continuous compliance a reality with automation tools.
System and Communications Protection | Drafting Compliance Ep. 23
ByKayne
Kayne and Tom talk about the System and Communications Protection family of FedRAMP Rev5 controls. Learn about the “catch all” approach to this control family and some challenges faced to implementation. Tom and Kayne try a stout for the first time on the show, and Kayne seems to group it with all the other beers. As always, the faces he makes are impressive.
ICS security challenges and how to overcome them
ByKayne
One of the biggest security challenges, however, might be IT/OT convergence — the merging of information technology with operational technology. IT teams are no strangers to infosec, but their OT counterparts working among industrial control systems (ICSes) have generally never worked in internet-connected networks. Yet, as the benefits of IoT and industrial IoT (IIoT) become apparent, more ICSes and OT environments are becoming connected — bringing multiple benefits but also creating multiple security threats. Compounding the risk is that IT teams don’t know how to handle threats in such environments, leaving many IT and OT teams unsure exactly where the security responsibility lies.
Here, Institute of Electrical and Electronics Engineers Inc. (IEEE) member Kayne McGladrey outlines the challenges of ICS security and explains how OT environments can counter such threats while still reaping the benefits of IoT.
Vigilance and Planning: Experts Share Their IT and Data Security Strategies
ByKayne
Kayne McGladrey (@kaynemcgladrey), security architect/strategy and GRC practice lead at Ascent Solutions, recommends following the Cybersecurity Maturity Model Certification 2.0, which was developed by the U.S. Department of Defense. It offers a framework that incorporates “Zero Trust tenets that will help companies maintain regulatory compliance and ensure that data are adequately protected against evolving threats from nation states and advanced persistent threats,” he says.