As the recent Ivanti security breaches indicate, the existence of a strong and effective incident response isn’t an option but a necessity. An incident response plan (IRP) is essential to prepare an organization to respond to any security incident effectively and on time. This plan spells out processes that an organization should undergo in case of a cybersecurity incident while reducing damage and time for recovery.

The IRP is at the heart of effective cybersecurity and effective compliance management. This article will cover the basics of these plans and IR best practices. 

Read More

New data security regulations include, or foreground, the role of data privacy in compliance. Many of these, like GDPR and CCPA, make data privacy a primary concern and expect businesses to meet stringent requirements about protecting the integrity of consumers’ Personally Identifiable Data (PII). One practice stemming from GDPR requirements is the Data Privacy Impact Assessment  (DPIA).

In this article, we’ll discuss DPIAs and some challenges organizations might face in preparing for them.

Read More

The European Cybersecurity Certification Scheme for Cloud Services (EUCS) is an initiative to establish a unified certification process for cloud services across the EU. Cloud services and associated managed services are critical to most government and business functions, and the EU follows the example of other jurisdictions in focusing explicitly on this area of cybersecurity with the EUCS framework.

This article aims to discuss the framework of EUCS and explore the practical implications of this scheme for cloud service providers and their users. 

Read More