SecurityScorecard Blog: Compliance

As a Chief Information Security Officer (CISO), your job includes knowing everything about cybersecurity, particularly your own company’s. A security compliance framework makes it so that all of your data, your clients’ data, and ... Keep Reading

SecurityScorecard’s compliance tab within our security ratings platform is an important tool for customers who may be working in regulated industries. By mapping any cyber issues we find across our 10 factors to applicable requi... Keep Reading

As legislative bodies continue to enact regulatory requirements reinforcing data privacy and security, the New York State legislature followed in the footsteps of several recent laws, including the General Data Protection Regulati... Keep Reading

Compliance isn’t easy: it’s expensive, time consuming, and regulations are constantly changing. It may be hard to get buy-in from employees or leadership who see compliance as a barrier to productivity, and it may also be difficul... Keep Reading

Many organizations recognize that SecurityScorecard is a highly effective weapon in the cybersecurity toolkit for a Chief Information Security Officer (CISO), but the link to the legal and compliance departments is often less well... Keep Reading

FIPS 140-3 is here. On Sunday September 22, Federal Information Processing Standards Publication (FIPS) 140-3, Security Requirements for Cryptographic Modules went into effect. FIPS 140-3 is the replacement for 140-2, which had ... Keep Reading

What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a proprietary information security standard set by the five major payment brands and industry stakeholders to protect user data from exposure. PCI DSS... Keep Reading

Data breaches can be frightening; they result in financial loss, loss of customer trust, and their effects can be felt for years. According to Ponemon’s latest Cost of a Data Breach report, one-third of data breach costs occur mor... Keep Reading

Businesses of all sizes throughout the world have been struggling with how to effectively address information security management for many decades; long before there were any regulations or other legal requirements for implementin... Keep Reading