Cyber expert: Reach for data security to achieve compliance
By 
Adrianne Appel2023-08-23T20:17:00
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance, according to an expert.
Terry Ray, senior vice president of data security and field chief technology officer at software provider Imperva, spoke Monday during a presentation at a conference in Las Vegas jointly sponsored by ISACA, formerly the Information Systems Audit and Control Association, and the Institute of Internal Auditors.
Ray’s session covered how regulators usually care about specific data, like birth records, so if an organization includes that regulated data in its overall cybersecurity program, it will move a few steps closer to data compliance.
THIS IS MEMBERS-ONLY CONTENT
You are not logged in and do not have access to members-only content.
If you are already a registered user or a member, SIGN IN now.
Related articles
-
News BriefCMMC implementation plan takes shape in proposed rule
The Department of Defense released for comment a proposed rule setting guidelines for implementation of the Cybersecurity Maturity Model Certification program.
-
PremiumModern-day enterprises: How to prepare for and prove network compliance
The need to prove network compliance is intensifying as lawmakers introduce new privacy legislation and organizations update their contractual security requirements for third-party vendors.
-
PremiumExpert: Clorox ‘trying to do the right thing’ with rapid cyberattack disclosures
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
More from Cybersecurity
-
News BriefU.K. says company boards need to worry more about cybersecurity risks
The U.K. government wants directors and boards of directors to become more actively involved in cybersecurity risks facing public and private companies, as the world faces “alarming” threats from criminal gangs and malicious nation-states. Though many organizations take cybersecurity seriously, the U.K. government says they do not place management of ...
-
PremiumNavigating compliance: A guide for small teams to tackle CMMC
Many small organizations within the Defense Industrial Base are struggling to meet the rigorous requirements validated through the Cybersecurity Maturity Model Certification, writes Thomas Graham, CISO at Redspin. If you haven’t been tracking it closely, CMMC was finalized in October, with an effective date of December 16, 2024.
-
PremiumFinancial crime in the shadows of the dark web
The dark web has been depicted as a long-standing hub for crimes, where illegal activities such as drug dealing, financial fraud, weapon sales, murder for hire, stolen credit cards, and ransomware gags are easily accessible to the public.