Textual's Pipeline workflow preps your data for AI, Structural's sensitivity scan is now customizable, and Ephemeral can be deployed on Azure or Google Cloud!
The post Tonic.ai product updates: July 2024 appeared first on Security Boulevard.
SQL Server support on Tonic Ephemeral, Db2 LUW on Tonic Structural, LLM synthesis in Tonic Textual, and expanded LLM access in Tonic Validate! Learn more about all the latest releases from Tonic.ai.
The post Tonic.ai product updates: April 2024 appeared first on Security Boulevard.
Tonic is now Tonic Structural and can output directly to Tonic Ephemeral, subsetting arrives for Snowflake, + Tonic Cloud is HIPAA certified!
The post Tonic.ai product updates: March 2024 appeared first on Security Boulevard.
Author/Presenter: Josh Pyorre
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Signature-Based Detection Using Network Timing appeared first on Security Boulevard.
via the comic humor & dry wit of Randall Munroe, creator of XKCD
The post Randall Munroe’s XKCD ‘Radon’ appeared first on Security Boulevard.
Get details on this new cybersecurity Executive Order and its implications.
The post White House Executive Order: Strengthening and Promoting Innovation in the Nation’s Cybersecurity appeared first on Security Boulevard.
Discover why relying on on premise software hinders innovation and explore how shifting employee behavior is driving modern SaaS adoption and usage trends.
The post Debunking the “On Premise Software” Myth | Grip Security appeared first on Security Boulevard.
We are thrilled to announce that Veriti has been mentioned in the 2025 Gartner Emerging Tech: Tech Innovators in Preemptive Cybersecurity as a Tech Innovator in the Preemptive Cybersecurity category. We hold the view that this mention underscores our role as a leader in enabling organizations to proactively address security exposures and reduce risk in […]
The post Veriti mentioned as a Tech Innovator in the 2025 Gartner® Emerging Tech: Tech Innovators in Preemptive Cybersecurity Report in the Preemptive Cybersecuirty Category. appeared first on VERITI.
The post Veriti mentioned as a Tech Innovator in the 2025 Gartner® Emerging Tech: Tech Innovators in Preemptive Cybersecurity Report in the Preemptive Cybersecuirty Category. appeared first on Security Boulevard.
Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape
andrew.gertz@t…
Thu, 01/16/2025 - 16:30
Thales | Cloud Protection & Licensing Solutions
More About This Author >
If you work in compliance for a financial services organization, chances are you have been focused on the March 31st deadline for the implementation of the Payment Card Industry Data Security Standard version (PCI DSS 4.0). However, as important as PCI may be, United States financial services organizations operate in one of the world’s most stringent and complex compliance landscapes. Financial institutions must navigate a maze of requirements on the road to compliance and it is important to understand how to simplify and streamline compliance efforts across multiple regulations to achieve a faster time to compliance.
Understanding the US FinServ Compliance LandscapeThe US financial services industry is subject to a vast number of laws and regulations. Some of the most important are Gramm-Leach-Bliley Act (GLBA), the National Association of Insurance Commissioners (NAIC) Data Security Model Law, the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, and the National Credit Union Administration (NCUA) cybersecurity guidance. Here is a quick summary of the most relevant regulations:
Gramm-Leach-Bliley Act (GLBA)The GLBA mandates that a broad range of financial institutions based or operating in the United States, from banks and brokerage firms to payday and tax preparers, protect consumers’ personal financial information. It emphasizes the need for encryption, data governance, and secure information-sharing practices to prevent and mitigate cyber threats.
The most important components of the GBLA include the Federal Trade Commission (FTC) Safeguards Rule, which requires the development of a written information security plan, and the Financial Privacy Rule, which governs how financial data is collected and shared.
Compliance with the GBLA requires prioritizing data encryption and robust access controls to protect sensitive consumer information throughout its lifecycle.
NAIC Data Security Model LawDesigned to secure non-public information (NPI) within the insurance industry, the NAIC Data Security Model Law’s requirements closely resemble the GLBA requirements. It includes expectations for implementing comprehensive security programs, including risk assessments, incident response plans, periodic reporting, and controls like governance frameworks and application security protocols.
The NAIC, which applies to all insurance providers in the United States, is a perfect example of the value a unified approach to compliance can provide because its requirements overlap significantly with broader, well-established cybersecurity best practices, such as those found in the NIST Cybersecurity Framework.
NYDFS Cybersecurity RegulationThe NYDFS Cybersecurity Regulation (23 NYCRR 500) is arduous. While it is a state regulation, because it applies to any financial organization that operates in the state of New York, it ends up applying to most organizations in the United States. The regulation is incredibly stringent and sets an unusually—albeit necessarily—high bar for cybersecurity practices. More than any other FinServ regulation, it includes unique components, such as the requirement for a Chief Information Security Officer (CISO) and an annual compliance certification.
That said, many of the requirements – establishing a risk-based cybersecurity program, maintaining secure access controls, and conducting regular penetration testing, for example – are either strongly recommended or mandated by the other regulations. Moreover, other compliance requirements included in the NYFDS, such as encryption, cloud security, and governance, are ubiquitous across US FinServ frameworks.
National Credit Union Administration (NCUA) GuidanceThe NCUA guidance applies to credit unions and focuses heavily on data protection, vendor risk management, and incident response planning. Like other regulations, the NCUA calls for encryption to safeguard member data, governance policies to ensure accountability, and application security measures to protect against cyber threats. Access to resources can be a genuine concern for credit unions. As such, implementing a simplified, consolidated compliance strategy that addresses multiple frameworks at once is especially important.
Bringing it All TogetherNow that you have a broad understanding of the US financial services regulatory landscape, you might notice that many of these regulations have significant overlaps. Every single one of the US financial services regulations mandates that organizations implement:
Therefore, most requirements can be addressed with the same core technologies, without the need to duplicate efforts and dramatically reducing the time, effort, and resources necessary to achieve compliance. Differences between regulations can be addressed on a case-by-case basis.
Thales: Forging a Simplified Path to ComplianceAs a leader in data security and cloud protection, Thales offers a comprehensive suite of solutions tailored to address financial institutions’ unique challenges. Partnering with Thales will help address the vast majority of requirements included in PCI DSS 4.0, GLBA, NAIC, NYDFS, and NCUA regulations – including risk assessment, encryption, governance, cloud security, access controls, and application security – and simplify the path to compliance so you can focus on the essentials: innovation, growth, and offering the best possible service to your customers.
I hope you will take the opportunity to review our new eBook to learn more about how Thales helps Financial Institutions operating in the United States to meet compliance requirements. It contains a detailed mapping of our cyber security capabilities to specific regulation requirements in the United States.
Schema {January 16, 2025
The post Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape appeared first on Security Boulevard.
Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.
The post How a Large Healthcare Company Slashed Their Secrets Incidents by Half appeared first on Security Boulevard.
Author/Presenter: Kyle Murbach
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Small Satellite Modeling and Defender Software appeared first on Security Boulevard.
This strategic partnership combines Smart Spatial's innovative digital twin platform with Hyperview's expertise in data center optimization, enabling businesses to achieve sustainability, operational efficiency, and proactive management Vancouver, British Columbia – January 16, 2025: Smart Spatial is excited to announce its partnership with Hyperview, the leading cloud-based DCIM platform. This collaboration represents a major ...
The post Smart Spatial and Hyperview Unite to Take Data Centers to the Next Level appeared first on Hyperview.
The post Smart Spatial and Hyperview Unite to Take Data Centers to the Next Level appeared first on Security Boulevard.
How does the mind react when people interact with technology? A question often asked but seldom answered. It was a Monday afternoon, the last day of our sales quarter, and amidst the tense air, a message popped up on the screen. It was a Purchase Order (P.O.) from a known organization with which we had […]
The post Cyberpsychology: The Mind Behind the Screen appeared first on ColorTokens.
The post Cyberpsychology: The Mind Behind the Screen appeared first on Security Boulevard.
With an NDR in place, your IT administrators can quickly detect anomalies on the network, from cyberattacks to malfunctioning application servers or network equipment.
The post Network Detection and Response (NDR) Done Right from the Ground Up appeared first on Security Boulevard.
While the power and potential of GenAI is evident for IT and security, the use cases in the security field are surprisingly immature largely due to censorship and guardrails that hamper many models’ utility for cybersecurity use cases.
The post What is an Uncensored Model and Why Do I Need It appeared first on Security Boulevard.
Digital tools are reshaping the traditional K-12 learning experience, unleashing a wave of benefits in the process. This guide explores the significance of digital tools for the classroom and how they can support your school district in creating a dynamic, tech-enabled learning environment. The power of digital classroom technology Education technology tools are software applications, ...
The post Top Digital Tools for the Classroom appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.
The post Top Digital Tools for the Classroom appeared first on Security Boulevard.
Discover top AutoSPF alternatives for dynamic SPF flattening and better email deliverability with advanced features and pricing.
The post Best AutoSPF Alternatives: Detailed Feature Comparison appeared first on Security Boulevard.
Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Yet, many organizations grapple with a fragmented approach—policies scattered across departments, processes misaligned, and technology underutilized. The result? A disjointed strategy that hampers visibility, agility, and, ultimately, effectiveness. Why Policy Management […]
The post 10 Essential GRC Policy Management Best Practices appeared first on Centraleyes.
The post 10 Essential GRC Policy Management Best Practices appeared first on Security Boulevard.
LLMs are becoming very powerful and reliable, and multi-agent systems — multiple LLMs having a major impact tackling complex tasks — are upon us, for better and worse.
The post Infectious Prompt Injection Attacks on Multi-Agent AI Systems appeared first on Security Boulevard.
Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, and Microsoft Edge. This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]
The post Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products appeared first on Security Boulevard.
