Compliance category: find out more about news and technical safeguards our company needs to take to ensure regulatory compliance.
GDPR enforcement (and therefore fines) has been on the rise recently. And after the initial “compliance on paper” that many consultants offered, it’s time to address the cybersecurity aspects underlying GDPR. We have previously addressed the logging requirements of GDPR and now we are going… Read More »The Importance Of Security Logs For GDPR Compliance
Threat intelligence has been a very important asset to cybersecurity- knowing in advance some properties of malicious actors is key for preventing security incidents. Most typically these properties are IP addresses, domains, emails and file hashes, and being able to compare them to what’s happening… Read More »The Importance Of Threat Intelligence Sharing Through TAXII And STIX
PSD2 is the new EU Directive that aims to open up the banks and allow non-banking institutions to provide payment services. It is a great thing but it comes with many requirements. They are in the form of implementing and delegated acts of the European Commission as… Read More »PSD2 Requirements and Secure Logs
SIEMs (Security information and event management systems) are often considered sufficient for certain compliance needs – they “tick” boxes on numerous standards and regulations and have built-in compliance reports. However, legacy SIEMs don’t always work for the compliance department. While in theory, they support the… Read More »Legacy SIEMs Don’t Work For The Compliance Department
What Is Directive on Security of Network and Information Systems (NIS) The NIS Directive (Directive on Security of Network and Information Systems) is a European Union directive that (broadly speaking) defines cybersecurity requirements for operators of essential services. The definition of “essential services” is broad… Read More »Four Types of Software for NIS Directive Compliance
SWIFT is a global provider of secure financial messaging services that connects thousands of banks, financial institutions and corporations all over the world. However, it does not monitor or control the messages that users send through its system. So, all issues with privacy and compliance… Read More »SWIFT: Covering Key Consumer Security Controls
It is no secret that the German healthcare sector is heavily regulated in all possible aspects. The new Digital Health Applications Ordinance (DiGAV) of 21st April 2020 allows only approved digital health apps (DiGA) to be reimbursed by the patient’s health insurance. We have previously… Read More »How to Easily Cover the New DiGAV Data Protection Requirements
Privacy and data protection have never been more important. From anxious consumers to activist regulators, everybody seems to have data protection on their minds. The proliferation of regulations and the increasing complexity of data and IT architectures create challenges for organizations of all types. We… Read More »GDPR: Compliance, Best Practices, Security Safeguards
Privacy legislation around the world is different in its technicalities but has a lot in common. The most famous recent laws are GDPR (EU but with extra-territorial effect) and CCPA (California, but practically affects the US and even services outside the US). The Accountability Aspect… Read More »The Role of Accountability in Data Privacy As Seen in GDPR and CCPA
The financial sector is heavily regulated in all aspects imaginable. We have previously covered PSD2 and the corresponding EBA guidelines with regard to having a secure audit trail and related security functionalities. Now there are new EBA guidelines on ICT and security risk management that banks must be compliant… Read More »Audit Trail In New PSD2 Requirements: EBA Guidelines on ICT and Security Risk Management
It’s been almost two years since GDPR came into force. During this period, many huge companies were under the hackers’ radar and they suffered from losing both reputation and financial assets.
Most organizations have clearly separated roles for the Chief Compliance Officer and Chief Technical Officer. And this has worked well up until recently, as most standards and regulations had mostly legal and procedural implications and technical input was rarely required. At the same time, the CTO has been… Read More »The Need For A Chief IT Compliance Officer
HIPAA, the US healthcare regulation, has some rigid requirements about data security and privacy. That aligns perfectly with LogSentinel’s mission so we decided to help our customers in their HIPAA compliance efforts by providing a clear mapping between HIPAA requirements and LogSentinel SIEM’s functionality. #… Read More »How To Cover HIPAA Security Rule Regarding Audit Trail
California Consumer Privacy Act (CCPA) is the new privacy law in California that affects a lot of organizations due to its extraterritorial effect. We have already covered CCPA with a high-level overview, covering what is it about, who is bounded to comply with it, what are the… Read More »Database Security and CCPA Compliance
Digital Identity is a hot topic and is applicable to a wide range of scenarios. Virtually any organization has some form of digital identity in order to authenticate its employees, and some organizations, like banks and governments, have been identity providers to millions of people… Read More »NIST: Digital Identity Requires Secure Audit Trail
This week The Court of Justice of the European Union ruled that websites are liable for Facebook’s tracking activities. This is an important decision that clarifies one of the most important outstanding GDPR issues – whether the consent you’ve given to Facebook exempts website owners from… Read More »Facebook Social Plugins and GDPR: The Court of Justice Ruling
“Compliance” may sound boring and useless – consultants and lawyers are telling you how you should do things and then go around with checklists to see if everything fits a predefined vision of how a certain business should operate. And there are all sorts of… Read More »Technology-Driven Compliance
What is the California Consumer Privacy Act (CCPA) California Consumer Privacy Act (CCPA) is a privacy act that becomes effective at the beginning of 2020. The act aims to help California residents to regain control over their personal data, giving them the rights to: Know… Read More »How Will CCPA Change the Business Landscape?
What is HIPAA HIPAA stands for Health Insurance Portability and Accountability Act. HIPAA provides data privacy and security measures for safeguarding medical information such as biometric data, patient health history, etc. It was signed into law in the year 1996, by President Bill Clinton. The… Read More »HIPAA Technical Safeguards: Main HIPAA Aspects to Consider
Organizations, especially those collecting and using personal data, must take the necessary measures to ensure the confidentiality, integrity, and security of the data, therefore to be GDPR compliant as stated in Article 5. This objective could be achieved only by following the best practices in… Read More »11 Cyber Security Tips to Achieve GDPR Compliance
The hype about GDPR is dying off, as apparently the world didn’t end on May 25th. However, best practices in data protection are still valid, and we’d like to focus on logging as one of them.
Nowadays, data security and data protection are crucially important not only for the business but also for the public sector. To safeguard the customers’ rights, organizations must follow established rules and regulations and the best security standards such as the GDPR and PCI DSS. Overall… Read More »GDPR vs PCI DSS: How they complement each other
The Payment Services Directive (Directive (EU) 2015/2366, PSD2) has been hailed as a game-changer that will transform the payment services landscape in Europe. While this outspoken enthusiasm reflects the deep changes it will bring, it sometimes fails to note that the increased freedom and elimination of market… Read More »The Payment Services Directive (PSD2) and its Logging Requirements
The Mueller Indictment of 12 Russian agents was released last week. It is a very interesting read as a whole, but it outlines some particular aspects of cybersecurity. During the hacking of DCCC and DNC networks, the Conspirators covered their tracks by intentionally deleting logs [..]… Read More »The Mueller Indictment: Proof That You Need Secure Logs
GDPR is a topic that has concerned EU-based companies since 2016. In became effective on the 25th of May 2018. However, not just EU-based companies need to be concerned about the personal data processed by their organization. More and more US-based ones are also looking… Read More »What US Companies Need To Know About GDPR
Audit logs – the recorded evidence of each action or event that has happened in an information system – is an agreed best practice in the industry. But in many cases they are not just best practices – they are a necessity according to multiple… Read More »Compliant Audit Logs (ISO 27100, PCI-DSS, etc.)
Everybody is talking about GDPR. Many organizations are spending time and money to cover all aspects of the General Data Protection Regulation. Many more offer fulfillment services. For this reason, we have gathered the information on the Web we have found most relevant – tools,… Read More »List of Tools And Sources That Will Help Your Business Achieve GDPR Compliance
What’s the Aim of GDPR? GDPR is a regulation everyone is recently talking about. It will impact all the organizations that process personal data of EU residents so it will force most companies to take fundamental organizational and technical measures to ensure compliance. Don’t panic,… Read More »How to fulfill Art. 30 from GDPR (Records of processing activities)?
Our founder Bozhidar Bozhanov has given a useful presentation about the technical aspects and best practices of GDPR on a meetup in Amsterdam last week. You can see the slides here: If you’re interested, you can also join a webinar on the same topic, organized… Read More »A presentation about GDPR for developers
We’d like to share an article from our founder’s blog about the technical aspects of GDPR. LogSentinel can solve some of the GDPR issues, namely guaranteeing data integrity and logging access to data. Enjoy the article.
Bozhidar Bozhanov is a senior software engineer and solution architect with 15 years of experience in the software industry. Bozhidar has been a speaker at numerous conferences and is among the popular bloggers and influencers in the technical field. He’s also a former government advisor on e-government, transparency, and information security.