Governance, Risk and Compliance

June 26, 2020 FBI Looking to Implement a Governance Risk Compliance Tool

The Department of Justice is looking to acquire a GRC tool for the Office of the CIO within the FBI’s Enterprise Information Security Section.

June 17, 2020 IAPP’s 2020 Privacy Tech Vendor Report Highlights Data Subject Request (DSR) Feature

The International Association of Privacy Professionals (IAPP) has released its 2020 Privacy Tech Vendor report, reviewing key software solution vendors within the space. This year’s report highlighted the recent addition of Data Subject Request (DSR) to the feature categories.

June 08, 2020 Titus’ Timely Release of Illuminate 2020 Pushes Privacy Angle

In early March, Titus released Titus Illuminate 2020, which was the company’s answer to the question of analyzing data at rest. This latest version of Illuminate leverages machine learning and AI in an effort to manage data that contains potentially sensitive or high-risk personal information.

May 29, 2020 PHEMI: A Data Privacy Tool for Healthcare Providers

PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.

May 27, 2020 Kenna Security Offers Vulnerability Management Options: Kenna.VM & Kenna.VI

Kenna Security deployed their new data driven vulnerability management program, Kenna.VM and accessory program, Kenna.VI. Released on April 28th, Kenna.VM was created with the purpose to set service-level agreements (SLAs) with risk tolerance in mind.

May 13, 2020 Workiva and CFGI to Collaborate in the SOX and GRC Space

“Connected reporting capabilities, control testing, real-time collaboration, cloud-based access, stringent security measure and permissions controls” are considered the leading factors behind CFGI offering Workiva to its clients.

May 11, 2020 Rapid7 Penetration Tests Show That Businesses Are Getting Better at Network Security

We often hear that businesses are continually cyber insecure or under attack. However, recent penetration testing from Rapid7 shows that businesses are getting better at securing their networks against cyberattacks. While organizations continue to have exploitable weaknesses, attackers are having greater difficulty penetrating deeper into businesses’ networks.

April 30, 2020 IBM Zero-Day Vulnerabilities Leave Enterprises Open to Remote Execution Attacks

Four zero-day vulnerabilities were discovered in IBM’s Data Risk Manager. While the vulnerabilities are concerning, more so is IBM’s response when addressed. The company simply stated, “It’s out of scope.” – meaning it had no intention to rectify or address the issue.

April 30, 2020 Will New IoT Security Frameworks Push Compliance Obligations to the Forefront of Security Discussions?

The Internet of Things is increasingly embedded with our daily lives. While these devices make life more accessible, for every new device, a new attack vector for cyberattackers is created.

April 23, 2020 Qualys VMDR Is Now Live: Increasing Security Threats Requires Strong Vulnerability Management Software

Qualys VMDR has hit the live market. Originally unveiled in February 2020 at Qualys Security Conference, VMDR is now publicly available as of April 16, 2020. Partnering with both large and small MSSPs, VMDR is designed to be scalable to any business enterprise and to automate the entire management cycle on all endpoints.

April 22, 2020 Hong Kong’s First Virtual Bank Selects OneSumX for Regulatory Reporting

In March 2020, ZA Bank, Hong Kong’s first virtual bank, selected the OneSumX solution from Wolters Kluwer for regulatory reporting.

April 20, 2020 RSA Updates RSA Archer and NetWitness Platforms

In a move to better respond to digital risk resulting from digital transformation and innovation priorities, RSA has updated the RSA Archer and NetWitness Platforms.

April 15, 2020 ServiceNow’s Orlando Release Focuses on AI With Now Intelligence

ServiceNow’s Orlando release introduced Now Intelligence, a set of features that strengthen ServiceNow’s lead in the AI-powered IT service management (ITSM) and digital transformation space.

April 01, 2020 Galvanize’s GRC Products Continue to Deliver

Since its acquisition of Rsam in 2019, Galvanize (formerly ACL) has maintained its high-quality delivery of cloud-based security, risk management, compliance, and audit software. Recognized as one of Canada’s Best Managed Companies, Galvanize’s comprehensive product offerings have not gone unnoticed.

March 29, 2020 RSA Archer Among Other RSA Products Sold to Symphony Technology Group

RSA Archer, a leader in the governance, risk, and compliance space has been acquired by Symphony Technology Group, based in Palo Alto, California. Symphony, a private equity firm, has investments in a cross section of companies in the analytics space, HR and recruitment, and supply chain among many others.

March 17, 2020 Windows 7 End-of-Life Troubles Continue: ESUs Don’t Apply to Enterprises That Purchased Licences

Microsoft’s end-of-life support for Windows 7 has run into its first set of issues with its extended security updates (ESUs). Administrators who paid for the ESU found out their downloads are not applying.

March 17, 2020 Qualys Unveils Its New Vulnerability Management, Detection, and Response Matrix

Qualys’ newest product, VMDR (Vulnerability Management, Detection, and Response), will be available in March and will provide an all-in-one cloud-based solution for vulnerability management. VMDR will automate the entire management cycle on all endpoints.

March 16, 2020 SECURITI.ai Wins Innovation Sandbox Contest at RSA Conference

Startup security vendor SECURITI.ai wins RSAC “Most Innovative Startup” at the RSA Conference 2020 Innovation Sandbox Contest.

March 16, 2020 RSA Security Sold to Private Equity Group

Dell has sold RSA Security to a private equity group for US$2.1 billion.

March 16, 2020 Microsoft Unveils Tamper Support for Windows 10 Defender Advanced Threat Protection

Microsoft has added its Windows 10 Tamper Protection controls to the public version of Microsoft Defender. Previously available only to enterprise users, Tamper Protection is intended to better detect threats that make it past other defences and to provide remediation suggestions.

March 11, 2020 Qualys Discovers Critical Flaw With OpenBSD Mail Server, Multiple Programs Vulnerable

Qualys Research Labs, a vulnerability management provider, discovered a vulnerability in the OpenSMTPD Mail server used in conjunction with the OpenBSD operating system. This flaw allows for an attacker to execute arbitrary code with command privileges.