Cyber Security Informer

PCI DSS (Payment Card Industry Data Security Standard)

Security Boulevard

APRIL 26, 2024

The Payment Card Industry Data Security Standard (PCI DSS) is a critical ally, providing a robust blueprint for protecting sensitive data. Whether you’re a small business owner, a […] The post PCI DSS (Payment Card Industry Data Security Standard) first appeared on StrongBox IT.

Small Business

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

The Last Watchdog

NOVEMBER 12, 2023

Related: Extending digital trust globally Some of these latest, greatest digital wonders will function well together, thanks to the new Matter smart home devices standard, which was introduced one year ago. We drilled down on Matter as well as another new standard, BIMI , which stands for “brand indicators for message?identification.”

Manufacturing

Manufacturing Authentication Marketing Encryption

eIDAS 2.0: The concerns surrounding this new standard

Security Boulevard

APRIL 24, 2024

The concerns surrounding this new standard appeared first on Security Boulevard. Discover how eIDAS 2.0 aims to streamline online transactions while facing concerns over privacy and centralization. The post eIDAS 2.0:

European Telecommunications Standards Institute (ETSI) suffered a data breach

Security Affairs

OCTOBER 2, 2023

The European Telecommunications Standards Institute (ETSI) disclosed a data breach, threat actors had access to a database of its users. Threat actors stole a database containing the list of users of the portal of the European Telecommunications Standards Institute ( ETSI ).

Telecommunications

Telecommunications Data breaches Technology Cybersecurity

Shadow SaaS Dangers in Cybersecurity Compliance Standards

Security Boulevard

MARCH 19, 2024

Discover how shadow SaaS creates gaps in the application of cybersecurity compliance standards, opening the door for a potential cybersecurity incident. The post Shadow SaaS Dangers in Cybersecurity Compliance Standards appeared first on Security Boulevard.

Cybersecurity

Interesting Attack on the EMV Smartcard Payment Standard

Schneier on Security

SEPTEMBER 14, 2020

The paper: “ The EMV Standard: Break, Fix, Verify.” ” Abstract: EMV is the international protocol standard for smartcard payment and is used in over 9 billion cards worldwide. This attack is possible for implementations following the standard, although we did not test it on actual terminals for ethical reasons.

Mobile

Mobile Banking Advertising

New CVSS 4.0 vulnerability severity rating standard released

Bleeping Computer

NOVEMBER 1, 2023

the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the previous major version. [.]

Understanding the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) of DORA

Security Boulevard

DECEMBER 11, 2023

The financial industry eagerly awaits the release of the second batch of draft regulatory technical standards (RTS) for the Digital Operational Resilience Act (DORA). The post Understanding the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) of DORA appeared first on Security Boulevard.

Updates on NIST’s Interagency International Cybersecurity Standardization Working Group

NSTIC

FEBRUARY 28, 2024

Last November, I was pleased to chair the most recent meeting of the Interagency International Cybersecurity Standardization Working Group (IICSWG) – a group NIST created in 2016. Since then, IICSWG has grown as a forum to discuss cybersecurity and privacy standardization topics, examine the overall cybersecurity standardization landscape (

Cybersecurity

Cybersecurity Government

Cybersecurity Standards vs Procedures vs Controls vs Policies

Security Boulevard

JANUARY 26, 2024

There are dozens, if not hundreds, of specialized […] The post Cybersecurity Standards vs Procedures vs Controls vs Policies appeared first on Security Boulevard. Any large and complex industry grows terminology and jargon like leaves on a tree, and cybersecurity is no different.

Cybersecurity

Cybersecurity Technology Network Security

Why SOC 2 is an Industry Standard

Security Boulevard

JULY 7, 2023

It was developed by the American Institute of Certified Public Accountants (AICPA) to address the need for consistent and comprehensive security and […] The post Why SOC 2 is an Industry Standard first appeared on TrustCloud. The post Why SOC 2 is an Industry Standard appeared first on Security Boulevard.

Accountability

Request for Comments: PCI Secure Software Standard v1.2.1?

PCI perspectives

MARCH 11, 2024

From 11 March to 11 April, eligible PCI SSC stakeholders are invited to review and provide feedback on the currently published version of the PCI Secure Software Standard during a 30-day request for comments (RFC) period.   

Software

Strata Identity Promotes Gerry Gebel to Vice President of Product and Standards

Security Boulevard

APRIL 4, 2024

Longtime identity veteran assumes product management leadership role and will continue to drive standards initiatives for unifying identity management and policy orchestration BOULDER, Colo. The post Strata Identity Promotes Gerry Gebel to Vice President of Product and Standards appeared first on Strata.io.

SPDX becomes internationally recognized standard

Tech Republic Security

SEPTEMBER 9, 2021

In use for a decade as the de facto standard for communicating software bills of materials, SPDX formally becomes the internationally recognized ISO/IEC JTC 1 standard.

Software

Capita’s “standard industry practice” 633gb open cloud storage

DoublePulsar

MAY 5, 2023

Capita claim it is “information such as release notes and user guides, which are routinely published alongside software releases in line with standard industry practice.” A few people came across this last week — I saw it floating around social media and Discord amongst security researchers. Let’s test that statement.

Media

Media Software Engineering Cybersecurity

What are SBOM standards and formats?

Security Boulevard

MARCH 8, 2024

The post What are SBOM standards and formats? The growing importance of software bills of materials (SBOMs) marks a significant shift towards better transparency and security in software management. appeared first on Security Boulevard.

Software

New Quantum-safe Cryptography Standards Arrive None Too Soon

eSecurity Planet

JULY 8, 2022

A six-year quantum cryptography competition just ended, producing four new security standards selected by the U.S. Department of Commerce’s National Institute of Standards and Technology. The four new security standards selected by NIST will become part of a quantum-safe cryptography standard released as soon as 2024.

Encryption

Encryption Technology Artificial Intelligence Backups

The New Trust Standard

Cisco Security

SEPTEMBER 29, 2021

It calls for a new standard of trust. Today, I would like to share our perspective on The New Trust Standard , a compilation of what we’ve learned by talking and collaborating with our customers, partners, industry peers, regulators, and academia. Our aspiration is to see the New Trust Standard replace confusion with clarity.

Digital transformation

Digital transformation Risk Security Awareness Technology

Google Chrome Enlists Emerging DBSC Standard to Fight Cookie Theft

Security Boulevard

APRIL 4, 2024

The post Google Chrome Enlists Emerging DBSC Standard to Fight Cookie Theft appeared first on Security Boulevard.

Authentication

Authentication Accountability Technology Account Security

Understanding the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) of DORA

Centraleyes

DECEMBER 11, 2023

The financial industry eagerly awaits the release of the second batch of draft regulatory technical standards (RTS) for the Digital Operational Resilience Act (DORA). Initially expected in November 2023, the release of the second batch of regulatory technical standards is running late. What is a Regulatory Technical Standard?

Penetration Testing

Penetration Testing Risk Cyber threats Accountability

Gov’t Cybersecurity Standards Not Enough to Protect Consumers

Security Boulevard

MARCH 17, 2022

The EU’s proposed Cyber Resilience Act, which would introduce cybersecurity standards and regulations for all products and connected devices, is not enough to actually mitigate the increasing risk of cyberattacks. The post Gov’t Cybersecurity Standards Not Enough to Protect Consumers appeared first on Security Boulevard.

Cybersecurity

Cybersecurity Risk Government

Low Cybersecurity Standards Lead to Disaster

Security Boulevard

APRIL 1, 2021

Have you let cybersecurity standards slide? The post Low Cybersecurity Standards Lead to Disaster appeared first on Security Boulevard. See how to clean up your company's act fast to avoid a data breach disaster!

Cybersecurity

Cybersecurity Data breaches Phishing Ransomware

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

Adam Levin

MARCH 18, 2020

HHS Loosens HIPAA Standards for Telemedicine appeared first on Adam Levin. The HHS specified that “public-facing” services for telemedicine would not be allowed, but that services such as Skype for Business, Zoom for Healthcare, Google G Suite Hangouts Meet were acceptable platforms for remote appointments. The post Telehealth Hazard?

Insurance

Insurance Healthcare Accountability Technology

The Matter Standard: Strengthening Smart Home Security

Security Boulevard

DECEMBER 20, 2022

The post The Matter Standard: Strengthening Smart Home Security appeared first on Nuspire. The post The Matter Standard: Strengthening Smart Home Security appeared first on Security Boulevard. In the smart home, these devices can all speak to each other and optimize your home environment. But with many different available.

IoT

IoT Internet Internet

Threat Model Thursday: NIST’s Code Verification Standard

Adam Shostack

JULY 15, 2021

Earlier this week, NIST released a Recommended Minimum Standard for Vendor or Developer Verification of Code. I want to talk about the technical standard overall, the threat modeling component, and the what the standard means now and in the future. The standard. Threat modeling within the standard.

Software

Software Government Marketing Cybersecurity

The Ultimate Guide to Network Segmentation Compliance: Ensuring Cybersecurity Standards

Security Boulevard

DECEMBER 16, 2023

Network Security Policy Compliance Having a well-defined network security policy is crucial for organizations to maintain compliance with cybersecurity standards. The post The Ultimate Guide to Network Segmentation Compliance: Ensuring Cybersecurity Standards appeared first on Security Boulevard.

Policy Compliance

Policy Compliance Cybersecurity Network Security

New Web Software Module Introduced in PCI Secure Software Standard Version 1.2

PCI perspectives

DECEMBER 7, 2022

Today, the PCI Security Standards Council (PCI SSC) published version 1.2 of the PCI Secure Software Standard and its supporting program documentation. The PCI Secure Software Standard is one of two standards that are part of the PCI Software Security Framework (SSF).

Software

Software Risk

A New Standard for Mobile App Security

Google Security

APRIL 15, 2021

Despite the importance of digital security, there isn’t a consistent industry standard for assessing mobile apps. We’ve seen early interest from Internet of Things (IoT) and virtual private network (VPN) developers, however the standard is appropriate for any cloud connected service such as social, messaging, fitness, or productivity apps.

Mobile

Mobile VPN IoT Internet

AES-256 Encryption: The Gold Standard in Data Security

Security Boulevard

DECEMBER 5, 2023

It has adorningly been referred to as the ‘gold standard’ in securing a data fortress. In simple terms, AES-256 […] The post AES-256 Encryption: The Gold Standard in Data Security appeared first on Security Boulevard. When it comes to data security, AES-256 encryption arguably reigns supreme.

Encryption

JA4+: A suite of network fingerprinting standards

Penetration Testing

DECEMBER 17, 2023

... The post JA4+: A suite of network fingerprinting standards appeared first on Penetration Testing. These methods are both human and machine-readable to facilitate more effective threat-hunting and analysis....

Penetration Testing

Bigger, Faster, Stronger: The New Standard for Public Cybersecurity Companies

Security Boulevard

JANUARY 30, 2024

How could a person who hit 714 home runs and won seven World Series championships — widely regarded as one of the greatest baseball players of all time — not cut it in the The post Bigger, Faster, Stronger: The New Standard for Public Cybersecurity Companies appeared first on Security Boulevard.

Cybersecurity

The European Commission’s Standard Contractual Clauses

TrustArc

APRIL 26, 2022

Understand how the new standard contractual clauses differ from the old SCCs and what that means for your cross-border data transfer options.

Moving Connected Device Security Standards Forward

Google Security

FEBRUARY 23, 2023

Ahead of the event, we wanted to take a moment to recognize and share additional details on the notable progress being made to form harmonized connected device security standards and certification initiatives that provide users with better transparency about how their sensitive data is protected.

IoT

IoT Mobile Manufacturing Telecommunications

The Time Is Now for IoT Security Standards

Dark Reading

AUGUST 11, 2022

Industry standards would provide predictable and understandable IoT security frameworks.

IoT

What Cybersecurity Standards and Frameworks Should You Adopt Next?

Security Boulevard

MAY 7, 2021

The post What Cybersecurity Standards and Frameworks Should You Adopt Next? The post What Cybersecurity Standards and Frameworks Should You Adopt Next? These days, a SOC 2 report is considered a must-have for any organization that manages customer data. appeared first on Hyperproof. appeared first on Security Boulevard.

Cybersecurity

Achieving IT Compliance Standards: An Essential Ingredient For Securing Successful Deals

Security Boulevard

FEBRUARY 16, 2024

The post Achieving IT Compliance Standards: An Essential Ingredient For Securing Successful Deals appeared first on Hyperproof. The post Achieving IT Compliance Standards: An Essential Ingredient For Securing Successful Deals appeared first on Security Boulevard. What can I do to stack the odds.

Marketing

ISO 26262: The ISO Standard for Functional Safety

Security Boulevard

MARCH 3, 2022

ISO 26262 is a standard for functional safety and automotive safety integrity level (ASIL). In this post, you'll receive an overview of ISO 26262, steps you can take to comply with the standard, as well as the benefits of 26262. The post ISO 26262: The ISO Standard for Functional Safety appeared first on Security Boulevard.

NIST names new post-quantum cryptography standards

CSO Magazine

JULY 6, 2022

National Institute of Standards and Technology (NIST) announced the algorithms that were chosen in the third round of its competition to create a new post-quantum cryptography (PQC) standard built upon encryption algorithms that can resist the powers of quantum processors. This week, the U.S.

Encryption

Encryption Technology

Cybersecurity Executive Order requires new software security standards

Security Boulevard

MAY 13, 2021

President Biden’s Cybersecurity Executive Order requires new software security standards and best practices. The post Cybersecurity Executive Order requires new software security standards appeared first on Software Integrity Blog. Learn what you can do to prepare now.

Software

Software Cybersecurity

IoT standards: The US government must create them, and businesses will follow

Tech Republic Security

DECEMBER 11, 2020

Standardization is necessary to ensure safety and easier integration. The Internet of Things is still in its Wild West phase of development.

IoT

IoT Government Internet Internet

ETSI Dismisses Claims of 'Backdoor' Vulnerabilities in TETRA Standard

Dark Reading

JULY 26, 2023

Nonetheless, European standards body revised the wireless standard and insists its integrity remains sound.

Wireless

Post-quantum cryptographic standards to be finalized later this year

SC Magazine

MAY 25, 2021

National Institute for Standards and Technology headquarters in Maryland. NIST will finalize “post-quantum” cryptography standards later this year (NIST). When will the standards be finalized and released? We expect final standards to be ready about 2024 [so] that people can begin using and adopting these algorithms.”

Technology

Technology Government Encryption Backups

Standards: The CPSO’s Best Friend

NSTIC

JULY 15, 2022

Workshop Shines Light on Role of Standards in Cybersecurity for IoT What do Chief Product Security Officers (CPSOs) want to make their job easier? As it turns out, standards.

IoT

IoT Internet Internet Cybersecurity

?Important Update Issued to 3DS Core Security Standard Technical FAQs

PCI perspectives

SEPTEMBER 29, 2023

In response to stakeholder feedback, the PCI Security Standards Council (PCI SSC) has issued an important revision to the PCI 3DS Core Security Standard v1.0 through an update to the standard’s Technical Frequently Asked Questions (Technical FAQs).

PCI DSS (Payment Card Industry Data Security Standard)

MY TAKE: New tech standards, like ‘Matter’ and ‘BIMI,’ point the way to secure interoperability

Trending Sources

eIDAS 2.0: The concerns surrounding this new standard

European Telecommunications Standards Institute (ETSI) suffered a data breach

Shadow SaaS Dangers in Cybersecurity Compliance Standards

Interesting Attack on the EMV Smartcard Payment Standard

New CVSS 4.0 vulnerability severity rating standard released

Understanding the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) of DORA

Updates on NIST’s Interagency International Cybersecurity Standardization Working Group

Cybersecurity Standards vs Procedures vs Controls vs Policies

Why SOC 2 is an Industry Standard

Request for Comments: PCI Secure Software Standard v1.2.1?

Strata Identity Promotes Gerry Gebel to Vice President of Product and Standards

SPDX becomes internationally recognized standard

Capita’s “standard industry practice” 633gb open cloud storage

What are SBOM standards and formats?

New Quantum-safe Cryptography Standards Arrive None Too Soon

The New Trust Standard

Google Chrome Enlists Emerging DBSC Standard to Fight Cookie Theft

Understanding the Regulatory Technical Standards (RTS) and Implementing Technical Standards (ITS) of DORA

Gov’t Cybersecurity Standards Not Enough to Protect Consumers

Low Cybersecurity Standards Lead to Disaster

Telehealth Hazard? HHS Loosens HIPAA Standards for Telemedicine

The Matter Standard: Strengthening Smart Home Security

Threat Model Thursday: NIST’s Code Verification Standard

The Ultimate Guide to Network Segmentation Compliance: Ensuring Cybersecurity Standards

New Web Software Module Introduced in PCI Secure Software Standard Version 1.2

A New Standard for Mobile App Security

AES-256 Encryption: The Gold Standard in Data Security

JA4+: A suite of network fingerprinting standards

Bigger, Faster, Stronger: The New Standard for Public Cybersecurity Companies

The European Commission’s Standard Contractual Clauses

Moving Connected Device Security Standards Forward

The Time Is Now for IoT Security Standards

What Cybersecurity Standards and Frameworks Should You Adopt Next?

Achieving IT Compliance Standards: An Essential Ingredient For Securing Successful Deals

ISO 26262: The ISO Standard for Functional Safety

NIST names new post-quantum cryptography standards

Cybersecurity Executive Order requires new software security standards

IoT standards: The US government must create them, and businesses will follow

ETSI Dismisses Claims of 'Backdoor' Vulnerabilities in TETRA Standard

Post-quantum cryptographic standards to be finalized later this year

Standards: The CPSO’s Best Friend

?Important Update Issued to 3DS Core Security Standard Technical FAQs

Stay Connected