Welcome to ISMG's GDPR Resource Center!

The EU revamped its vaunted data protection and privacy laws with the 2016 passage of the General Data Protection Regulation. GDPR enforcement went into full effect on May 25, 2018, and any organization that stores Europeans’ personal data must comply.

Detecting Network Security Incidents

Anna Delaney • July 3, 2020

Rossella Mattioli, a network and information security expert at ENISA, the European Union Agency for Cybersecurity, discusses a new report offering insights on detecting network security incidents.

Identity & Access Management

Apple, Google Release Contact-Tracing APIs for COVID-19

Latest

Business Continuity Management / Disaster Recovery

Backing Up Data: How to Prepare for Disaster

Jeremy Kirk • May 15, 2020

If an organization fails to stop a ransomware attack, how does it recover the data? Backups, of course, are essential. But Peter Marelas of Dell Technologies says organizations should have a well-developed strategy for backups because attackers are increasingly targeting those systems as well.

Account Takeover

Analysis: The Contact-Tracing Conundrum

Nick Holland • May 8, 2020

The latest edition of the ISMG Security Report analyzes the many challenges involved in developing and implementing contact-tracing apps to help in the battle against COVID-19. Also featured: A discussion of emerging privacy issues and a report on why account takeover fraud losses are growing.

COVID-19

Analysis: COVID-19 Contact-Tracing Privacy Issues

Nick Holland • April 24, 2020

The latest edition of the ISMG Security Report analyzes the privacy issues raised by COVID-19 contact-tracing apps. Also featured: An update on efforts to fight fraud tied to economic stimulus payments; John Kindervag on the origins of "zero trust."

3rd Party Risk Management

Third-Party Risk Management: How to Grow a Mature Program

Information Security Media Group • April 7, 2020

Enterprises globally recognize the challenge of third-party cyber risk, but they still struggle with the risk management. Dave Stapleton of CyberGRX discusses the elements of a mature program, including the role of risk ratings.

Breach Notification

Morrisons Not Liable for Breach Caused by Rogue Employee

Mathew J. Schwartz • April 2, 2020

Supermarket giant Morrisons is not liable for a data breach caused by a rogue employee, Britain's Supreme Court has ruled, bringing to a close the long-running case - the first in the country to have been filed by data breach victims.

Business Continuity Management / Disaster Recovery

Analysis: Russia's COVID-19 Disinformation Campaign

Nick Holland • March 27, 2020

The latest edition of the ISMG Security Report analyzes how and why Russia is spreading disinformation about the COVID-19 pandemic. Plus: the latest CCPA regulation updates; a CISO's tips on securely managing a remote workforce.

Governance & Risk Management

Remote Workforce Security - the Long Game

Information Security Media Group • May 21, 2020

"Risk acceptance" was the operative term as organizations quickly deployed remote workforces in response to the global crisis. But now, as this deployment becomes a long-term option, enterprises need to take a future-focused view toward identity, cloud, and the attack surface. Forcepoint's Homayun Yaqub offers tips.

Breach Notification

EasyJet Data Breach Exposes 9 Million Customers' Details

Mathew J. Schwartz • May 19, 2020

European budget airline EasyJet says it suffered a data breach that exposed 9 million customers' personal details. While no passport details were exposed, the company's ongoing investigation has also found that attackers "accessed" a small number - just 2,208 - of customers' payment card details.

Application Security

AST as the Key to DevSecOps Maturity

Information Security Media Group • May 15, 2020

DevSecOps is in its "awkward teenage years," says Matthew Rose of Checkmarx. But with new tooling and automation - particularly application security testing tools - he sees the practice maturing quickly and delivering improved outcomes.

Application Security

Zero Trust: 3 Critical Considerations

Tom Field • May 4, 2020

Done right, a zero trust architecture can reduce the complexity of one's environment while also improving cybersecurity protection and efficiency. Bob Reny of ForeScout focuses on three critical considerations: visibility, compliance and control.

COVID-19

Webcast: Keeping Remote Workers Safe and Your Work Secure

Information Security Media Group • May 4, 2020

Learn how to protect employees from malicious web content.

Business Continuity Management / Disaster Recovery

Webinar | 4 Actions to Secure Work from Home Employees

Information Security Media Group • April 27, 2020

This informational webinar will outline 4 actions you can take today to keep employees secure and productive during these challenging times, with tips straight from your identity and access management peers.