SecurityScorecard Blog: Compliance

FIPS 140-3 is here. On Sunday September 22, Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirements for Cryptographic Modules went into effect. FIPS 140-3 is the replacement for 140-2, which had ... Keep Reading

What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard set by the five major payment brands and industry stakeholders to protect user data from exposure. PCI DSS... Keep Reading

Data breaches can be frightening; they result in financial loss, loss of customer trust, and their effects can be felt for years. According to Ponemon’s latest Cost of a Data Breach report, one-third of data breach costs occur mor... Keep Reading

Businesses of all sizes throughout the world have been struggling with how to effectively address information security management for many decades; long before there were any regulations or other legal requirements for implementin... Keep Reading

A year ago, on 25 May 2018, the General Data Protection Regulation (GDPR) law became enforceable. Across many industries, CISOs and senior management worried that the GDPR’s “least data necessary” collection requirements would gre... Keep Reading

Security and compliance often appear to go hand-in-hand these days. Problematically, many companies start with compliance then reverse-engineer security in a nearly futile attempt to protect data. In the payment card industry, the... Keep Reading

As of February 15, 2019, all Covered Entities and licensed persons who are not fully exempt from the Regulation were required to submit a Certification of Compliance. The document provides an attestation covering compliance for th... Keep Reading

A message from SecurityScorecard's VP of Compliance - Fouad Khalil - on the state of compliance in 2019. My 2018 predictions shed light on the 9.2 Billion total number of records lost or stolen since 2013. We predicted that this ... Keep Reading

Fouad Khalil, Head of Compliance at SecurityScorecard, reflects on the preparedness of organizations on the day GDPR officially goes into effect. ... Keep Reading