A risk assessment is the foundation of a comprehensive information systems security program. It is the process of identifying, analyzing, and reporting the risks associated with an IT system’s potential vulnerabilities and threats.

(more…)

This report presents four important security practices that are practical and effective for improving the cybersecurity posture of cloud-deployed information technology (IT) systems. These practices help to address the risks, threats, and vulnerabilities that organizations face in deploying or moving applications and systems to a cloud service provider (CSP).

(more…)

The Information Technology Laboratory (ITL) at the National Institute of Standards and 26 Technology (NIST) promotes the U.S. economy and public welfare by providing technical 27 leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test 28 methods, reference data, proof of concept implementations, and technical analyses to advance the 29 development and productive use of information technology.

(more…)

This report uncovers a paralysis at the heart of the GDPR. Data protection authorities (DPAs) are unable to act against Big Tech in major GDPR cases. The recent WhatsApp decision notwithstanding, the Irish Data Protection Commission (DPC) has failed to send draft decisions to its European colleagues on a very large number of major EU-wide cases.

(more…)

Cybersecurity certification under the European Union Cybersecurity Act (CSA) is intended to increase trust and security for European consumers and businesses and help to achieve a genuine digital single market. This requires that all relevant levels of the ICT market, from sectoral ICT services and systems via ICT infrastructures to ICT products and ICT processes, will be addressed and that the related cybersecurity certification schemes are well accepted by the market.

(more…)