NIST Enhances Security Controls for Improved Patching
The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.
Privacy concerns how laws and norms govern personal data, shaping cybersecurity duties for collection, storage, access, and disclosure.
Search across headline titles and summaries.
Background for this topic.
Privacy is the ability of people to control how information about them is collected, used, retained, and disclosed. In technical and legal contexts, it covers identifiable data and data that can support inferences about a person, not only information made public. Privacy rules and organizational policies commonly address purpose, transparency, access, correction, retention, and sharing.
For security practitioners, privacy depends on reducing unnecessary data and restricting legitimate access: data minimization, encryption, least-privilege controls, segregation of identifiers, retention limits, and audit logs all reduce exposure. Compromised credentials, misconfigured storage, excessive telemetry, or third-party access can reveal sensitive information; pseudonymized datasets may also be re-identified when combined with other data. During an incident, teams must establish what personal data was accessed or disclosed, contain further exposure, preserve evidence, and meet applicable notification and handling requirements.
The U.S. National Institute of Standards and Technology released Security and Privacy Control version 5.2.0 to help organizations be more proactive regarding patching.
Regulator points to lack of 'basic access controls' between internet-facing systems, internal network South Korea's privacy watchdog has slapped SK Telecom with a record ₩134.5 billion ($97 million) fine after finding that the mobile giant left its network wide open to hackers through a catalog of bungles.…
Concerns About Enterprise AI Are Opening New Opportunities for Problem-SolversSome organizations are hesitant about implementing artificial intelligence tools in their enterprises because of accuracy, security and privacy concerns. That hesitation creates opportunities for professionals who can bridge the gap between technical potential and practical deployment.
Class Action Litigation Accused Mt. Sinai of Sending Patient Info to FacebookA New York City healthcare system has agreed to pay nearly $5.3 million to settle a proposed class action lawsuit alleging that the hospital's use of online tracking tools in its patient portal and website sent patient information to Facebook without their knowledge or consent for years.
Failure to comply with consumer data access and deletion requests highlights the urgent need for standardized verification processes and stronger enforcement mechanisms to protect consumer privacy.