joshmarpet

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw80

Our client was using a hosted service to perform remote monitoring and management and resisted its inclusion in the audit scope. The vendor's external scans revealed critical vulnerabilities. Prior to a highly-publicized breach, the vendor said no auditor had ever included their service in the scope of their audits. We will explore attitudes that keep critical security controls out of scope.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw80

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw79

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw79

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw79

We'll start with a brief discussion of what HIPAA and is not (e.g., it's doesn't prevent your employer from ask you about your health). Then discuss recent developments like ongoing how ransomware attacks are targeting healthcare and, when successful, are reportable breaches; and the recent final rule on interoperability and information blocking that went into effect on April 5th.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw79

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw77

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw77

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw77

Join Dr. Casey Marks' discussion of the merits of cybersecurity certification and learn whether and how it provides training or proves experience or both, the pros and cons, how to start or approach getting certified, and more.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw77

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and community groups like local DEF CON chapters.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw76

Join this segment with Danny Akacki to learn about educating both practitioners and executives on security topics of the day and helping to build community initiatives like trust groups and community groups like local DEF CON chapters.

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw76

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw73

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw73

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw73

A flurry of legislative and legal activity is re-shaping the way privacy and cybersecurity professionals conduct business. As a result, in addition to actually carrying out their protection responsibilities, professionals charged with protecting private and confidential data must be also be constantly aware of these evolving regulatory and legal obligations.

Segment Resources: https://www.otterbourg.com/assets/htmldocuments/Protecting%20Privilege%20in%20Cyberspace%20New%20York%20State%20Bar%20Association%20Erik%20Weinick%20March%202021.pdf

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw73

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now.

Chris Pin, VP of Security and Privacy at PKWARE, will be discussing:

• How Virginia’s law differs from CCPA and GDPR and the key points companies need to know

• Where and how companies may need to enhance their data privacy policies and processes, and specifically how it’s imperative to know the five W’s of data: Who, What, Why, When, Where and one H, How

• How companies should begin incorporating data discovery, data classification, data minimization, records of data processing activities, and data protection assessments as part of their everyday processes and controls, if they haven’t already

• Real life situations that businesses could find themselves in

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw72

Just last month, Virginia became the second state in the U.S. to pass a privacy law – the Consumer Data Protection Act (CDPA). While this doesn’t take effect until 2023, it’s important for businesses to understand what it means for them and start preparing for data security compliance now.

Chris Pin, VP of Security and Privacy at PKWARE, will be discussing:

• How Virginia’s law differs from CCPA and GDPR and the key points companies need to know

• Where and how companies may need to enhance their data privacy policies and processes, and specifically how it’s imperative to know the five W’s of data: Who, What, Why, When, Where and one H, How

• How companies should begin incorporating data discovery, data classification, data minimization, records of data processing activities, and data protection assessments as part of their everyday processes and controls, if they haven’t already

• Real life situations that businesses could find themselves in

Visit https://www.securityweekly.com/scw for all the latest episodes!

Show Notes: https://securityweekly.com/scw72