Published By: CheckMarx
Published Date: Sep 12, 2019
Financial services organizations operate under a host of regulatory standards. This makes sense, as the assets and information managed by these firms are valuable, sensitive, and targeted by sophisticated cyber attackers daily.
Compounding these challenges is the large volume of personally identifiable information (PII) that financial organizations handle regularly. PII is subject to many compliance regulations, notably the General Data Protection Regulation (GDPR), which regulates not only the processing of personal data, including PII, relating to individuals in the EU, for also any organization that processes personal data of EU residents.
For US banking consumers, Section 5 (Unfair or Deceptive Acts or Practices) of the Federal Trade Commission Act and numerous state regulations enforce basic consumer protections, which financial organizations must also uphold.
In today's digitalized economy, web applications and the browsers that connect
to them predominantly rely on the Secure Socket Layer (SSL) and Transport Layer Security
(TLS) protocols to encrypt sensitive business information and personally identifiable
information (PII) – such as customers’ credit card details, user account passwords,
corporate sales and payroll data, etc. – before sending them securely over the internet.
SSL/TLS encryption ensures information transmitted over the internet through e-mails,
e-commerce and online banking transactions and a myriad of cloud and online services
are kept secure.
The General Data Protection Regulation1 is a European Union regulation with the full title of ‘Regulation on the protection of natural persons with regard to the
processing of personal data and on the free movement
of such data, which repeals Directive 95/46/EC (General Data Protection Regulation)’.
It’s the first comprehensive overhaul and replacement of European data protection legislation in over twenty years and could be the most significant regulatory framework
to hit organizations since Sarbanes-Oxley in 2002. Its purpose is to replace the varying implementations across Europe of the earlier EU Data Protection Directive with a single harmonized EU regulation. The intended outcome is a standardized set of expectations about how an organization must manage and protect personally identifiable information on employees, clients and other applicable data subjects.
Any organization that holds data on EU citizens, regardless of where it is domiciled, within the EU or otherwise, is in sco
Published By: Lookout
Published Date: Sep 25, 2017
“We don’t have a BYOD programme.”
This statement, referencing mobile device usage in the workplace, is a refrain often heard in European organisations that are
tasked with securing the privacy of highly confidential data and personally identifiable information, and managing employee
authorisation and access to that data. However, businesses often believe that they aren’t actually subject to cyber-threats
from mobile devices because, simply, they don’t currently allow personal mobile devices to access their networks. Ultimately,
this posture puts data at risk because every company has a BYOD policy whether they like it or not.
If the notion of GDPR approach as an agile methodology was the thesis for this paper, the conclusion surely has to be that there is much work still to be done by the enterprise. From an obvious mismatch between the belief of board preparedness to actual preparedness, drilling down into the specific areas of storage, security and development, there’s a feeling that while organisations are now aware of the risks and the necessary philosophical practice that has – or will – become action, there is still an absence of that ‘organic’ inclusion that should make GDPR part of the furniture.
In the race to please customers and beat out the competition, there’s been a lot of talk about customer data platforms (CDPs). For marketers, a CDP is just what they’ve been looking for — a more comprehensive approach to unified customer data that lets you include raw personally identifiable information or sensitive data in your data pool.
But while IT teams see the ultimate value, they may question the idea introducing a new point solution that complicates their tech stack even more. The days of brute forcing customer experience with new technology are over. Today, IT teams need to make decisions about customer experience management that span the business and go beyond marketing. That requires a different approach to the customer data problem. To learn more about our solution to the customer data platform, read our article Real-time CPD. Real-time customer experience.
As every business decision-maker should now know, the E.U. General Data Protection Regulation (GDPR) enforcement date is coming. The GDPR will be enforced starting May 2018 and will apply to those collecting, storing or using the personal data of the residents of the European Union’s 28 member states. The Regulation changes requirements around protecting the personally identifiable information of over 500 million people, and occupies the minds of anyone around the world concerned with data protection.
To better understand data decision-making, McAfee® commissioned Vanson Bourne to survey the views of 800 senior business professionals across eight countries around the world from a range of industry sectors.
Marketers can personalize interactions using information that spans complete anonymity to full authentication, with a middle range in which identified data may be used intermittently.
The distinction between anonymous and authenticated hinges on personally identifiable information (PII)—information that can be used alone, in combination, or in context to contact an individual.
This information includes unique and partial identifiers such as name, address, phone number, and email address, as well as financial, employment, or other data associated with an individual.
Protecting individual and financial data, retaining data, and meeting e-discovery requirements are common compliance requirements across geographies and industries. Finding accurate, usable, and cost-effective solutions for meeting these requirements can make the difference between achieving compliance goals or leaving the organization vulnerable through unsecured use of sensitive data. Trend Micro Data Protection solutions for endpoint data leak protection, email encryption, and email archiving help organizations meet their compliance requirements – easily and cost-effectively.
With the success of single sign-on (SSO) inside the enterprise, users are calling for interoperability outside of the enterprise’s security domain to outsourced services, including business process outsourcing (BPO) and software as a service (SaaS) providers, and trading partners, as well as within the enterprise to affiliates and subsidiaries. Learn more today!
The reference guide lays out for data center managers a step-by step approach to data center consolidation. By breaking down the process into clear and identifiable actions – all of which are covered in the sections below – a data center consolidation becomes much more manageable, and the odds of its success much higher.
Matthew Coy, Safelite’s Vice President of Information Technology, is responsible for overseeing all aspects of the company’s IT infrastructure, including selecting, administering, and supporting technology products. The company handles personally identifiable information, including credit card information and insurance data collected from several sources, and must comply with insurance industry regulations and the Payment Card Industry Data Security Standard. Safelite is the target of constant external attacks. The organization experienced ongoing security issues stemming from infected software, drivebys and other malicious downloads. According to Matthew, “A lot of malware and email viruses were making it through the environment, all bypassing our email security and AV.” Not only were the security controls ineffective, the previous AV platform required nearly 150 hours per week to manage. Matthew knew Safelite needed to make a change, and fast. Having worked with Cylance® at two previous companies, he was confident CylancePROTECT® could significantly improve Safelite’s endpoint security. Read the full case study to learn about the results Cylance was able to deliver.
Engagement with customers online has evolved from novelty to necessity, with an estimated $202 billion spent in 2011 and projected 10% growth to $327 billion in 2016, according to Forrester Research. Businesses are maneuvering to connect with the growing pool of online customers, but the move to eCommerce brings new security risks with the exchange of sensitive consumer information, including cardholder data and personally identifiable information that can enable identity theft. At stake is reputation of brand, ongoing access to merchant credit lines, and substantial penalties and remediation in the event of a breach.
This white paper elucidates the aspects of PCI DSS (Payment Card Industry Data Security Standards) compliance that must be considered when choosing a secure environment for servers involved in eCommerce. Whether deciding to outsource or keep data hosting in-house, any company collecting, storing or transmitting customer cardholder data needs to be compliant, and this document helps pinpoint the specific concerns and standards a company should be aware of when choosing how to keep their data secure. Understanding requirements and best practices for security policies and procedures, physical safeguards, and security technologies is essential to establishing cardholder data security and meeting QSA and SAQ audit requirements.