Can U.S. law enforcement use a warrant to seize emails stored outside the U.S. by a cloud services provider? That's the question the Supreme Court has agreed to consider next year. Microsoft continues to fight an order to turn over emails stored in an Irish data center.
The clock is ticking on the General Data Protection Regulation (GDPR) coming into effect and while there isn't wide scale panic yet, lots of organizations are either in denial or just coming to grips with its implications. The difficulty with GDPR is that the regulation states the "WHAT" but pretty much is silent on...
A discussion with ISMG Security and Technology Editor Jeremy Kirk about his chat with the cyber gang "The Dark Overlord," which threatened some U.S. school districts with extortion, leads the latest edition of the ISMG Security Report. Also, an update on surging IT security employment.
New York state's Department of Financial Services is enforcing minimum cybersecurity standards by which all banks and other financial services firms that it regulates must abide. Think of the new regulation "as a playbook or a guidepost," says cybersecurity attorney Paul Ferrillo.
The upcoming enforcement of GDPR puts the spotlight on data governance, but what about the potential impact on vendor risk management? Jacob Olcott of BitSight discusses how to prepare for this new generation of cybersecurity regulations.
The latest edition of the ISMG Security Report is devoted to a special report on how enterprises around the world should prepare for the European Union's General Data Protection Regulation, which starts being enforced in May.
Artificial intelligence and machine learning are among the top industry buzzwords of the year. But how can AI truly make a significant impact on organizations' cybersecurity operations? Brian NeSmith of Arctic Wolf Networks offers insight.
Organizations are drowning in data, and they cannot even inventory it all - much less secure it. How, then, do they shift to focusing on their most sensitive data? Rob Douthitt of SolarWinds MSP offers new strategies.
Organizations need to develop "a friendly business relationship" with law enforcement so they can share information about a data breach to help with the investigation, says Luis Cerritos of the Royal Canadian Mounted Police.
Organizations that must comply with Europe's GDPR need to identify gaps in their ability to meet various requirements, including making prompt breach notifications and gaining consumers' consent to store their data, says Sunil Chand of Grant Thornton.
Network by network, device by device, today's security threats spread through an organization like wildfire. But Druce MacFarlane of Bricata says security leaders are making fundamental mistakes with their focus on perimeter and endpoint security.
In North America, many organizations mistakenly believe the European Union's General Data Protection Regulation won't impact them, says Robert Mills of the Information Security Forum. "If they are multinational and holding EU data, it does apply to them," he points out.
An ongoing series of Healthcare Security Readiness workshops reveals some key gaps in how healthcare organizations defend against cybercrime hacking. How should entities assess and mitigate these gaps? David Houlding of Intel shares insights.
If the Equifax breach turns out like every other massive data breach we've seen for more than a decade, after a big brouhaha - from Congress, state attorneys general, consumer rights groups and class-action lawsuits - nothing will change, because that would require Congress to give Americans more privacy rights.