Stay updated on the latest Compliance trends in infosec, ensuring your data practices meet legal and regulatory standards with our expert insights.
Search across headline titles and summaries.
Background for this topic.
Compliance in the context of information security is the adherence to a set of standards, regulations, and laws that are designed to protect the integrity, confidentiality, and availability of data. Organizations must comply with various industry-specific guidelines, national and international laws such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS).
Compliance ensures that companies implement the necessary security policies, controls, and procedures to mitigate the risk of data breaches and cyber attacks. This involves regular audits, security assessments, and reporting to demonstrate that the company is following the prescribed rules. The ultimate goal of compliance is to protect consumer data and maintain trust between service providers and their customers while also avoiding legal penalties and fines associated with non-compliance.
Weekly headline count for the current query.
Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor
GSK's Nancy Paul on Why Static Governance, Risk and Compliance Fail in AI EraTraditional governance, risk and compliance principles still hold, but periodic, checklist-driven governance is a dangerous mismatch for AI systems that continuously evolve and make millions of decisions per second, said Nancy Paul of GSK.
June Meetings Could Shape Which Entities Must Report Cyber IncidentsThe Cybersecurity and Infrastructure Security Agency's June town halls will give critical infrastructure operators a final opportunity to influence how the agency defines covered entities, reportable incidents and compliance requirements before issuing long-awaited CIRCIA regulations.
AI governance requires visibility into how AI tools interact with enterprise data. Varonis explains how its Atlas platform uses Claude Compliance API data to help monitor usage, investigate risk, and support compliance. [...]
27 Enterprises Integrate Claude's Compliance APIMore than two dozen enterprise security vendors, including Microsoft, CrowdStrike and Palo Alto Networks, have built integrations with Anthropic's Claude Compliance API, an interface the company launched months ago to give corporate security teams access to Claude activity data.
New White EOs Tighten Know Your Customer Rules While Easing Fintech OversightBoth the White House's recent executive orders deal with the financial services industry and discuss the importance of integrity and innovation in combatting fraud. But read them together and another picture emerges that could confuse seasoned fraud and compliance practitioners.
Security governance needs to be more than an annual compliance exercise. New companies are emerging to address risk-management gaps in current audit tools.
Josephine Wolff on Why Healthcare Must Scrutinize Cyber and AI CoverageHealthcare organizations face growing pressure to reassess cyber insurance policies as cyberattacks disrupt patient care and AI tools introduce new liability risks. Josephine Wolff of Tufts University discusses how exclusions, compliance demands and AI-related uncertainty shape insurance decisions.
Portable KYC Remains Elusive Despite Digital Identity Growth in UAE, Europe, AsiaThe United Arab Emirates recently launched a national digital Know Your Customer platform under the oversight of the UAE Central Bank, aiming to standardize customer onboarding, streamline compliance checks and strengthen anti-money laundering enforcement.
Microsoft researchers warn of a large-scale phishing campaign using fake compliance emails to steal credentials, targeting 35,000 users across 13,000 organizations worldwide
Phase 2 of CMMC begins November 10, 2026. No Level 2 certification means no contract, no option year, no extension. The small shops that actually build America’s weapons do not have six-person compliance teams. They have Dave. Here is what we built for them.
Also: NY State Regs Test Resilience vs Compliance, OT Security Nears Breaking PointIn this week's panel, four ISMG editors explore the industry's response to Anthropic's Mythos AI breakthrough, whether tighter New York state cybersecurity rules are driving real resilience or simply compliance, and why operational technology security is fast becoming a critical frontline concern.
The acting CISO said that AI is reshaping how the service measures and tracks cyber compliance, moving it from a box-checking exercise to something nimbler and more substantive. The post Space Force official touts AI’s impact on cyber compliance appeared first on CyberScoop.
The CMMC Level 2 deadline is real. Consulting firms charge $80K-$200K to hand you a binder. JAXBERT is a purpose-built platform that walks defense contractors through every step of compliance, from assessment to C3PAO package.
The CMMC Level 2 deadline is real. Consulting firms charge $80K-$200K to hand you a binder. JAXBERT is a purpose-built platform that walks defense contractors through every step of compliance, from assessment to C3PAO package.
HHS OCR Director Says Cost of Inaction May Outweigh Compliance BurdensThe Trump administration has yet to decide whether to continue a proposed overhaul of the HIPAA Security Rule floated by its predecessor administration. But the nation's top federal enforcer of health regulation provided some insight into what regulators are thinking.
Analysts Warn Compliance Goals May Outpace Real Security OutcomesThe Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.
Analysts Warn Compliance Goals May Outpace Real Security OutcomesThe Pentagon's zero trust overhaul aims to unify cyber defenses, but with a small percentage of target activities reportedly complete, persistent gaps in identity, data and governance are raising doubts about whether the 2027 deadline will deliver real security gains.
Datos Insights' Serpil Hall on Using Predictive AML Tools to Support ComplianceInstant payments are reshaping financial crime controls as speed and the irreversibility of transactions strain anti-money laundering compliance programs. While many assume real-time AML means faster processing, this approach can increase risk, said Serpil Hall, strategic advisor at Datos Insights.
Attorney Jonathan Armstrong on Governance, Due Diligence and Shadow AI RiskThe OpenClaw incident highlights how experimental agentic AI tools can create hidden security and compliance risks. Attorney Jonathan Armstrong explains why CISOs must address shadow AI, strengthen oversight of developer experimentation and rethink how they assess AI vendor risk.