Security Boulevard

via the comic humor & dry wit of Randall Munroe, creator of XKCD

Permalink

The post Randall Munroe’s XKCD ‘Radon’ appeared first on Security Boulevard.

Get details on this new cybersecurity Executive Order and its implications. 

The post White House Executive Order: Strengthening and Promoting Innovation in the Nation’s Cybersecurity appeared first on Security Boulevard.

Discover why relying on on premise software hinders innovation and explore how shifting employee behavior is driving modern SaaS adoption and usage trends.

The post Debunking the “On Premise Software” Myth | Grip Security appeared first on Security Boulevard.

We are thrilled to announce that Veriti has been mentioned in the 2025 Gartner Emerging Tech: Tech Innovators in Preemptive Cybersecurity as a Tech Innovator in the Preemptive Cybersecurity category. We hold the view that this mention underscores our role as a leader in enabling organizations to proactively address security exposures and reduce risk in […]

The post Veriti mentioned as a Tech Innovator in the 2025 Gartner® Emerging Tech: Tech Innovators in Preemptive Cybersecurity Report in the Preemptive Cybersecuirty Category.  appeared first on VERITI.

The post Veriti mentioned as a Tech Innovator in the 2025 Gartner® Emerging Tech: Tech Innovators in Preemptive Cybersecurity Report in the Preemptive Cybersecuirty Category.  appeared first on Security Boulevard.

Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape
andrew.gertz@t…
Thu, 01/16/2025 - 16:30

Compliance

Thales | Cloud Protection & Licensing Solutions
More About This Author >

If you work in compliance for a financial services organization, chances are you have been focused on the March 31st deadline for the implementation of the Payment Card Industry Data Security Standard version (PCI DSS 4.0). However, as important as PCI may be, United States financial services organizations operate in one of the world’s most stringent and complex compliance landscapes. Financial institutions must navigate a maze of requirements on the road to compliance and it is important to understand how to simplify and streamline compliance efforts across multiple regulations to achieve a faster time to compliance.

Understanding the US FinServ Compliance Landscape

The US financial services industry is subject to a vast number of laws and regulations. Some of the most important are Gramm-Leach-Bliley Act (GLBA), the National Association of Insurance Commissioners (NAIC) Data Security Model Law, the New York Department of Financial Services (NYDFS) Cybersecurity Regulation, and the National Credit Union Administration (NCUA) cybersecurity guidance. Here is a quick summary of the most relevant regulations:

Gramm-Leach-Bliley Act (GLBA)

The GLBA mandates that a broad range of financial institutions based or operating in the United States, from banks and brokerage firms to payday and tax preparers, protect consumers’ personal financial information. It emphasizes the need for encryption, data governance, and secure information-sharing practices to prevent and mitigate cyber threats.

The most important components of the GBLA include the Federal Trade Commission (FTC) Safeguards Rule, which requires the development of a written information security plan, and the Financial Privacy Rule, which governs how financial data is collected and shared.

Compliance with the GBLA requires prioritizing data encryption and robust access controls to protect sensitive consumer information throughout its lifecycle.

NAIC Data Security Model Law

Designed to secure non-public information (NPI) within the insurance industry, the NAIC Data Security Model Law’s requirements closely resemble the GLBA requirements. It includes expectations for implementing comprehensive security programs, including risk assessments, incident response plans, periodic reporting, and controls like governance frameworks and application security protocols.

The NAIC, which applies to all insurance providers in the United States, is a perfect example of the value a unified approach to compliance can provide because its requirements overlap significantly with broader, well-established cybersecurity best practices, such as those found in the NIST Cybersecurity Framework.

NYDFS Cybersecurity Regulation

The NYDFS Cybersecurity Regulation (23 NYCRR 500) is arduous. While it is a state regulation, because it applies to any financial organization that operates in the state of New York, it ends up applying to most organizations in the United States. The regulation is incredibly stringent and sets an unusually—albeit necessarily—high bar for cybersecurity practices. More than any other FinServ regulation, it includes unique components, such as the requirement for a Chief Information Security Officer (CISO) and an annual compliance certification.

That said, many of the requirements – establishing a risk-based cybersecurity program, maintaining secure access controls, and conducting regular penetration testing, for example – are either strongly recommended or mandated by the other regulations. Moreover, other compliance requirements included in the NYFDS, such as encryption, cloud security, and governance, are ubiquitous across US FinServ frameworks.

National Credit Union Administration (NCUA) Guidance

The NCUA guidance applies to credit unions and focuses heavily on data protection, vendor risk management, and incident response planning. Like other regulations, the NCUA calls for encryption to safeguard member data, governance policies to ensure accountability, and application security measures to protect against cyber threats. Access to resources can be a genuine concern for credit unions. As such, implementing a simplified, consolidated compliance strategy that addresses multiple frameworks at once is especially important.

Bringing it All Together

Now that you have a broad understanding of the US financial services regulatory landscape, you might notice that many of these regulations have significant overlaps. Every single one of the US financial services regulations mandates that organizations implement:

• Risk Assessment: Identifying data and systems at risk.
• Encryption: Protecting data at rest and in transit.
• Governance: Establishing accountability and enforcing policies.
• Cloud Security: Securing cloud environments against vulnerabilities.
• Access Control: Limiting access based on roles and responsibilities.
• Multi-Factor Authentication: Asserting the identity of people or systems.
• Application Security: Ensuring software is resilient to cyber threats.

Therefore, most requirements can be addressed with the same core technologies, without the need to duplicate efforts and dramatically reducing the time, effort, and resources necessary to achieve compliance. Differences between regulations can be addressed on a case-by-case basis.

Thales: Forging a Simplified Path to Compliance

As a leader in data security and cloud protection, Thales offers a comprehensive suite of solutions tailored to address financial institutions’ unique challenges. Partnering with Thales will help address the vast majority of requirements included in PCI DSS 4.0, GLBA, NAIC, NYDFS, and NCUA regulations – including risk assessment, encryption, governance, cloud security, access controls, and application security – and simplify the path to compliance so you can focus on the essentials: innovation, growth, and offering the best possible service to your customers.

I hope you will take the opportunity to review our new eBook to learn more about how Thales helps Financial Institutions operating in the United States to meet compliance requirements. It contains a detailed mapping of our cyber security capabilities to specific regulation requirements in the United States.

Schema {
"@context": "https://schema.org",
"@type": "BlogPosting",
"headline": "Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape",
"description": "Explore how financial institutions can navigate stringent U.S. FinServ regulations with simplified compliance strategies. Learn how Thales supports compliance with PCI DSS 4.0, GLBA, NAIC, NYDFS, and NCUA.",
"url": "https://cpl.thalesgroup.com/blog/data-security/simplifying-compliance-us-finserv-regulations",
"datePublished": "2025-01-16",
"author": {
"@type": "Person",
"name": "Tom Fusco",
"url": "https://www.linkedin.com/in/thomas-j-fusco-jr-68192b1/"
},
"publisher": {
"@type": "Organization",
"name": "Thales Group",
"description": "The world relies on Thales to protect and secure access to your most sensitive data and software wherever it is created, shared, or stored. Whether building an encryption strategy, licensing software, providing trusted access to the cloud, or meeting compliance mandates, you can rely on Thales to secure your digital transformation.",
"url": "https://cpl.thalesgroup.com",
"logo": "https://cpl.thalesgroup.com/sites/default/files/content/footer/thaleslogo-white.png",
"sameAs": [
"https://www.facebook.com/ThalesCloudSec",
"https://www.twitter.com/ThalesCloudSec",
"https://www.linkedin.com/company/thalescloudsec",
"https://www.youtube.com/ThalesCloudSec"
]
}
} studio THALES BLOG Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape

January 16, 2025

The post Simplifying Compliance in the Complex U.S. FinServ Regulatory Landscape appeared first on Security Boulevard.

Learn how one of Europe's largest healthcare tech leaders transformed their Secrets Security with GitGuardian, cutting incidents by half without compromising developer productivity.

The post How a Large Healthcare Company Slashed Their Secrets Incidents by Half appeared first on Security Boulevard.

Author/Presenter: Kyle Murbach

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Small Satellite Modeling and Defender Software appeared first on Security Boulevard.

This strategic partnership combines Smart Spatial's innovative digital twin platform with Hyperview's expertise in data center optimization, enabling businesses to achieve sustainability, operational efficiency, and proactive management Vancouver, British Columbia – January 16, 2025: Smart Spatial is excited to announce its partnership with Hyperview, the leading cloud-based DCIM platform. This collaboration represents a major ...

The post Smart Spatial and Hyperview Unite to Take Data Centers to the Next Level appeared first on Hyperview.

The post Smart Spatial and Hyperview Unite to Take Data Centers to the Next Level appeared first on Security Boulevard.

How does the mind react when people interact with technology? A question often asked but seldom answered. It was a Monday afternoon, the last day of our sales quarter, and amidst the tense air, a message popped up on the screen. It was a Purchase Order (P.O.) from a known organization with which we had […]

The post Cyberpsychology: The Mind Behind the Screen appeared first on ColorTokens.

The post Cyberpsychology: The Mind Behind the Screen appeared first on Security Boulevard.

With an NDR in place, your IT administrators can quickly detect anomalies on the network, from cyberattacks to malfunctioning application servers or network equipment.

The post Network Detection and Response (NDR) Done Right from the Ground Up appeared first on Security Boulevard.

While the power and potential of GenAI is evident for IT and security, the use cases in the security field are surprisingly immature largely due to censorship and guardrails that hamper many models’ utility for cybersecurity use cases.   

The post What is an Uncensored Model and Why Do I Need It appeared first on Security Boulevard.

Digital tools are reshaping the traditional K-12 learning experience, unleashing a wave of benefits in the process. This guide explores the significance of digital tools for the classroom and how they can support your school district in creating a dynamic, tech-enabled learning environment.  The power of digital classroom technology Education technology tools are software applications, ...

The post Top Digital Tools for the Classroom appeared first on ManagedMethods Cybersecurity, Safety & Compliance for K-12.

The post Top Digital Tools for the Classroom appeared first on Security Boulevard.

Discover top AutoSPF alternatives for dynamic SPF flattening and better email deliverability with advanced features and pricing.

The post Best AutoSPF Alternatives: Detailed Feature Comparison appeared first on Security Boulevard.

Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Yet, many organizations grapple with a fragmented approach—policies scattered across departments, processes misaligned, and technology underutilized. The result? A disjointed strategy that hampers visibility, agility, and, ultimately, effectiveness. Why Policy Management […]

The post 10 Essential GRC Policy Management Best Practices appeared first on Centraleyes.

The post 10 Essential GRC Policy Management Best Practices appeared first on Security Boulevard.

LLMs are becoming very powerful and reliable, and multi-agent systems — multiple LLMs having a major impact tackling complex tasks — are upon us, for better and worse. 

The post Infectious Prompt Injection Attacks on Multi-Agent AI Systems  appeared first on Security Boulevard.

Overview On January 14, NSFOCUS CERT detected that Microsoft released a security update patch for January, which fixed 159 security problems in widely used products such as Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, and Microsoft Edge. This includes high-risk vulnerabilities such as privilege escalation and remote code execution. Among the vulnerabilities fixed […]

The post Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Microsoft’s January Security Update of High-Risk Vulnerabilities in Multiple Products appeared first on Security Boulevard.

Overview Recently, NSFOCUS CERT detected that Fortinet has issued a security notification and fixed the identity authentication bypass vulnerability in FortiOS and FortiProxy (CVE-2024-55591). Unauthenticated attackers can bypass system identity authentication by sending special packets to the Node.js websocket module, thus obtaining super administrator permissions of the target system. The CVSS score is 9.8. At […]

The post Fortinet OS & FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) Notification appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..

The post Fortinet OS & FortiProxy Authentication Bypass Vulnerability (CVE-2024-55591) Notification appeared first on Security Boulevard.

The post 7 Essential Security Operations Center Tools for 2025 appeared first on AI Security Automation.

The post 7 Essential Security Operations Center Tools for 2025 appeared first on Security Boulevard.

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit, the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and … (more…)

The post News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security first appeared on The Last Watchdog.

The post News alert: Aembit announces speakers for NHIcon event, highlighting non-human identity security appeared first on Security Boulevard.

Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security, a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine.

This innovation enhances Sweet’s unified … (more…)

The post News alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04% first appeared on The Last Watchdog.

The post News alert: Sweet Security’s LLM-powered detection engine reduces cloud noise to 0.04% appeared first on Security Boulevard.