Meta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit.

The post Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data appeared first on Security Boulevard.

The post The Era of Digital Transformation: Building A Privacy and Security Practice in the Ever-Changing Landscape appeared first on 1touch.io.

The post The Era of Digital Transformation: Building A Privacy and Security Practice in the Ever-Changing Landscape appeared first on Security Boulevard.

The post IAPP Privacy and Regulations: What’s Next After CCPA appeared first on 1touch.io.

The post IAPP Privacy and Regulations: What’s Next After CCPA appeared first on Security Boulevard.

The recent news about a proposed bill to create a central data privacy enforcing body shines another spotlight on the high-risk, high stakes shifting ground that many businesses operate their engines of growth on – consumer data collection, analysis, and retention. The news will no doubt be a hot topic at the forthcoming RSA show where the theme of “Human Element” couldn’t be more relevant to this proposed bill – almost everything businesses collect today is about the human being and our mind-boggling data relationship, and many of the biggest data risks come from humans, human data handling, and human failures.

The post Is the US Ready for Centralized Data Privacy Enforcement? appeared first on Security Boulevard.

Here are some of the new things that are out.

CCPA.  Privacy as an issue just seems to get bigger and bigger.  Even as a security professional I find myself being pulled into it.  I wonder if I need to join IAPP, maybe even study and get one of their certs.  We had the GDPR that came out last year.  I really though more companies would address it, but just didn't see that.  Now California came out with their CCPA law.  CCPA is not quite "California's GDPR".  Its not a broad privacy law, but aimed at consumer data.  I've seen some companies be concerned about it, but not as many as I thought.  But am sure I'll be getting more into it.

NIST Privacy Framework- NIST has been working on this for the last year and released v1 recently.  I have a copy and am reading over it.  I plan on giving a talk at an upcoming local meeting, and may do a conference talk about this as well.  Am hoping I'll be able to attend NIST's upcoming cybersecurity conference, as I'm sure it will be a topic of discussion.  We'll have to see how well this works in helping companies prepare for privacy regulations.

FISMA Updates- NIST is still working on the updates for the documents used for FISMA.  The next one they are working on is SP 800-53 Release 5.  We don't have a release date, but hope it will be soon as they've been working on it for so long.  Once its out, we should see other documents that are relying on it, such as 53A and 53B, an new version of 800-171 and others.  All we have so far on this is THIS page.

DoD CMMC- The DoD released this month the first version of their Cybersecurity Maturity Model Certification (CMMC).  This is an interesting items, its a certification for vendors of the DoD.  From a quick read, it combines the CMM/CMMI 5-level maturity model with the categories of the NIST SP 800-171, which is about protecting controlled unclassified data (CUI).  SP800-171 based on the control set of SP 800-53.  I plan on posting on this and may do a presentation as well.

PCI-DSS v4- yes, there is a new update of PCI-DSS.  I first heard about this a couple of years ago.  This should be a revamp of PCI-DSS.  I just have no idea how it will look like until its released.  Which I expect sometime this year.  I don't have an inside track, I just know from reading here and there that its getting closer to release.  Yes, I hope to posting on this as well.

There are several events coming up in my general area and will be posting in these soon.

The post 2020 Update appeared first on Security Boulevard.

The post The Shared Security Weekly Blaze – Mobile App Data Leaks, The California Privacy Act, Third-party Gmail Access appeared first on Security Boulevard.