nis2  |  compliance

NIS2 Directive: a strong request for better incident handling

Did you know the European Union created a rule called the NIS Directive? This rule was established in 2016 to ensure that all member countries are equally protected against cyber attacks. It’s a step towards making it easier for governments to work together to stop cyber threats. However, the Directive was expected to provide more specific instructions for protecting against attacks and ensuring all countries follow the rule. The rule also requires companies and governments to be better prepared to handle cyber attacks and have a plan in case something goes wrong.

encryption  |  TPM  |  compliance  |  encryption

Harnessing TPM encryption with NXLog

In an increasingly digitalized world, protecting your business’s digital assets is becoming more urgent by the day. Realizing the need to protect data from malicious actors, researchers created encryption. And I am not talking about the Enigma here, but software-based encryption algorithms, with their public and private signing keys, and so on. Like every other technology, encryption methods have evolved throughout the years. However, the goal remained the same: encryption is there to secure our digital communications.

compliance  |  legislation

GLBA Compliance in 2024 - Reporting directly to the FTC

The U.S. Federal Trade Commission (FTC) approved amendments to its Safeguards Rule that require FTC-regulated non-banking financial institutions to report data breaches and other security events directly to the FTC. It was originally proposed to add a breach notification requirement back in late 2021. The rule requires financial institutions to report “notification events” to the FTC within 30 days of discovery of the notification event where the private information of 500+ consumers is involved.

compliance  |  local legislation

The story of the $1,900,000 penalty for insufficient log management

It was late March 2021 when a phishing email was sent to a network administrator of TTEC Healthcare Solutions, Inc. (TTEC HS) - an integrated healthcare CX solutions provider - and a threat actor gained highly privileged access to the network. On September 12, 2021, a common ransomware scenario was triggered, with approximately 1,800 devices compromised via the access channel obtained almost 5 months earlier. Prior to executing the ransomware attack, the threat actor successfully exfiltrated data from the TTEC HS network, containing non-public information (NPI) of current and former employees of TTEC HS, and for individuals who were insured by one of TTEC HS’s clients, including, importantly, some New York residents.

maritime regulations  |  compliance

Log management for maritime cybersecurity compliance regulations

Historically, seaports have played a crucial role in a state’s development, and interruption in their services has a significant impact on economics. So, it’s no surprise commercial ports are regarded as a critical transport infrastructure. One of the most significant challenges ports face today is ongoing digital transformation. The majority of tasks carried out across a port utilize autonomous and partially automated systems, including those for managing port access, vessel berthing (bridges, locks, gates, etc.

PCI DSS  |  compliance

Log Management and PCI DSS 4.0 compliance

What is PCI DSS? PCI DSS, or Payment Card Industry Data Security Standard, is a collection of security requirements developed by major credit card companies to safeguard merchants who accept credit card payments by ensuring they provide a secure environment. The standard includes provisions for data protection, network security, and security management, among other things. Organizations that process credit card transactions are required to comply with these standards. Who needs to be PCI DSS compliant?

log collection  |  compliance  |  security  |  security risk  |  it security

Assertive compliance - using frameworks to extend your coverage

So, it happened again. You got an internal audit finding or a regulatory notice. Or you just had a nagging feeling and found customer data somewhere it shouldn’t have been. Morale sinks. Are you forced to choose between serving your customers and addressing compliance weaknesses? Nobody said IT Compliance was easy. But don’t sign up to do any more work than is necessary. Use Frameworks to identify the activities, like logging, that demonstrate compliance for multiple domains and get the absolute best coverage without extra work.

GDPR  |  compliance  |  log data

GDPR compliance and log data

The European Union’s General Data Protection Regulation (EU GDPR) came into force on 25 May 2018. Many of us remember the influx of marketing emails around this time, with companies updating their privacy policies and asking for the consent of around 450 million Europeans to continue using their personal data. An often misunderstood participant of this compliance quest is log data—​a source potentially rich in protected personal data. So, how does the GDPR apply to an organization’s log data?

compliance

How NXLog can help meet compliance mandates

Compliance mandates are frameworks that organizations must implement to meet industry regulations. Some of these mandates provide guidelines and best practices, while others may be tied to legislation. With the constant and rapid changes in technology, ensuring that your organization adheres to the relevant regulations is an ongoing process. So why should you comply? Simply put, not complying might cost you more than implementing processes to meet regulatory requirements. By not complying, you might be violating the law, and in case of a data breach, you may face litigation from affected parties.