CIO.works – Page 29

Powering Shopify’s High-Performance, PCI DSS V4 Compliant Checkout With Sandboxing (2025)

Shopify’s new checkout system complies with PCI DSS v4, utilizing sandboxing to enhance security and streamline compliance for merchants. Key aspects include isolating untrusted code, maintaining a managed environment for custom scripts, and implementing anti-skimming protections to safeguard sensitive data. The architecture supports performance, security, upgradeability, and compliance without additional merchant effort. PCI DSS v4 introduces stricter requirements, but Shopify handles complexity, allowing merchants to focus on business growth.

https://www.shopify.com/partners/blog/checkout-compliance

Navigating AI Regulation on Both Sides of the Atlantic

By CIO / Blog / regulation, EU, AI

EU and US have differing AI legislation paths: US eases regulations for innovation; EU prioritizes societal risks with the AI Act. Companies face challenges navigating these regulations, which can hinder development. Experts suggest embracing self-regulation for low-risk AI applications and seeking external guidance to manage compliance effectively.

https://www.tietoevry.com/en/blog/2025/02/navigating-ai-regulation-on-both-sides-of-the-atlantic/

EU AI Act Unpacked #22: Key Considerations for Employers as Deployers Vs. Providers Under the EU AI Act

By CIO / Blog / regulation, EU, AI

The EU AI Act defines roles for employers as either deployers or providers of AI systems, impacting their obligations. Deployers use existing AI systems, while providers modify or use systems significantly. Employers must understand compliance requirements, especially for high-risk AI applications, including monitoring, transparency, and data protection. Employers must ensure AI literacy among users, effective February 2025. The classification of deployer versus provider can change based on actions taken with the AI systems, necessitating careful assessment.

https://www.lexology.com/library/detail.aspx?g=11f71f6b-e110-4e8c-bcc4-183c38ec9746

Tech Giants Push Back at a Crucial Time for the EU AI Act

By CIO / Blog / regulation, EU, AI

Tech giants are opposing the EU AI Act, which is notable for its general principles without implementation details. Key compliance requirements are detailed in a forthcoming Code of Practice, facing delays that some attribute to industry pressure. Major companies like Meta and Google challenge the regulations, arguing they hinder competitiveness and seeking changes. Concerns center around copyright in AI training and independent risk assessments. The fight over the AI Act highlights the balance between innovation and safety as global regulatory actions intensify.

https://www.pymnts.com/artificial-intelligence-2/2025/tech-giants-push-back-at-a-crucial-time-for-the-eu-ai-act/

Chief Information Security Officer (CISO)

By CIO / C / cybersecurity

CISO oversees organization's info security strategy, risk management, policy development, team leadership, and incident response. Responsible for safeguarding data and ensuring compliance with regulations.

Center for Internet Security (CIS)

By CIO / C / cybersecurity

CIS: Non-profit focused on improving cybersecurity. Develops benchmarks, guidelines, and best practices. Offers tools like CIS Controls and CIS-CAT for effective security management. Provides resources for organizations to enhance defense against cyber threats.

CIS Benchmarks

By CIO / Blog / cybersecurity

CIS provides cybersecurity benchmarks for various platforms, aimed at helping organizations mitigate threats. These include configuration guidelines for over 25 vendor products, tools for assessing compliance, and a variety of resources like the CIS SecureSuite and webinars for implementation support. Membership benefits include access to exclusive tools and community development.

https://www.cisecurity.org/cis-benchmarks

OWASP Application Security Verification Standard (ASVS)

By CIO / O / software development, cybersecurity

OWASP ASVS: framework for assessing application security. Defines security requirements, levels (1-3) for assurance, guides development lifecycle, promotes secure coding, testing practices. Aims to standardize security evaluation in software projects.

What CISOs Need From the Board: Mutual Respect on Expectations

By CIO / Blog / cybersecurity, CISO

CISOs need mutual respect and understanding from their boards to effectively navigate cybersecurity challenges. Boards require CISOs to communicate risks clearly and ensure compliance with regulations while maintaining transparency. In turn, CISOs need strategic support, accountability, resources, and the board's involvement in shaping security culture and direction. A collaborative relationship enhances organizations' ability to address cybersecurity risks effectively.

https://www.csoonline.com/article/3829678/what-cisos-need-from-the-board-mutual-expectations-respect.html

Council Post: The Growing Cybersecurity Skills Gap: a Breach Waiting To Happen

By CIO / Blog / cybersecurity, training

Cybersecurity faces a severe talent shortage, risking sensitive data and systems as organizations struggle to find qualified professionals. Nearly 90% of leaders attributed breaches to this skills gap, with over 700,000 roles unfilled. Human error causes 88% of breaches, highlighting the need for effective training. To address this, companies should invest in enhanced education, role-based training, and automation. Utilizing gamified, hands-on training can engage potential talent and effectively prepare them for real-world threats, helping to bridge the skills gap and improve cybersecurity defenses.

https://www.forbes.com/councils/forbestechcouncil/2025/02/26/the-growing-cybersecurity-skills-gap-a-breach-waiting-to-happen/