compliance

Cisa Urges Endpoint Management System Hardening After Cyberattack Against US Organization

By / Blog / , , ,

The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert following a cyberattack on U.S.-based medical technology firm Stryker Corporation targeting their Microsoft environment. CISA urges organizations to harden endpoint management system configurations by implementing Microsoft’s best practices for securing Microsoft Intune, including least privilege administrative roles, phishing-resistant multi-factor authentication, and multi-admin approval policies, to protect against similar malicious activities.

https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization

Focus Areas When Implementing Data Protection by Design and by Default in 2026

By / Blog / , , , ,

Data protection by design and by default, a key principle of the EU GDPR, remains inconsistently implemented nearly a decade after its adoption, requiring organizations to consider four main factors—state of the art, cost of implementation, processing context, and risks to individuals—for effective compliance. In 2026, evolving technologies and regulations, especially concerning AI, demand a dynamic, risk-based approach that integrates ongoing assessment and adaptation of technical and organizational measures from the system design stage through deployment to safeguard personal data and uphold individuals' rights.

https://iapp.org/news/a/focus-areas-when-implementing-data-protection-by-design-and-by-default-in-2026

Stop Building Security Goals Around Controls

By / Blog / , , ,

Devin Rudnicki, CISO at Fitch Group, emphasizes that security goals should be aligned with business outcomes rather than focused solely on controls, advocating for strategies anchored in corporate objectives, real cyber threats, and industry standards. She highlights three key metrics for security programs—value, risk, and maturity—and stresses the importance of presenting risk in actionable terms for leadership, balancing innovation speed with measured risk, and using automation to free human resources for higher-value work.

https://www.helpnetsecurity.com/2026/03/18/devin-rudnicki-fitch-group-ciso-business-alignment/

Autonomous AI Agents and the GDPR: First Detailed Spanish Regulatory Guidance Sets the Bar

By / Blog / , , , , ,

The Spanish Data Protection Agency (AEPD) has published the first detailed regulatory guidance on autonomous AI agents under the GDPR, addressing challenges posed by AI systems that independently plan, reason, and execute tasks with limited human oversight. This guidance highlights critical compliance issues, including defining controller and processor roles, transparency obligations, data minimization, automated decision-making risks, and the need for thorough risk assessments, setting a precedent that extends beyond Spain and is relevant for all organizations deploying agentic AI in personal data processing.

https://technologyquotient.freshfields.com/post/102mmys/autonomous-ai-agents-and-the-gdpr-first-detailed-spanish-regulatory-guidance-set

Cyber Enforcement – When an Incident Is Just the Tip of the Iceberg

By / Blog / , , , ,

The article explains that recent UK enforcement trends show cyber incidents often expose broader compliance failures, making the reported breach only the starting point for regulatory scrutiny. Regulators increasingly focus on security weaknesses, governance gaps, and data-handling practices across the organization, especially after cyberattacks. Fines have risen, and enforcement actions target private-sector companies with inadequate safeguards. The article concludes that organizations must treat cyber resilience, contractual risk allocation, and data protection controls as ongoing obligations because investigations can extend beyond the original incident to encompass broader operational and legal failings. 

https://www.slaughterandmay.com/insights/new-insights/cyber-enforcement-when-an-incident-is-just-the-tip-of-the-iceberg/

Scale Computing™ Simplifies PCI DSS Readiness With New Compliance Self-Assessment Tool

By / Blog / , , , ,

Scale Computing announced the release of its new PCI DSS Compliance Self-Assessment Tool, part of the SC//AcuVigil™ managed network services. The tool helps organizations evaluate their security posture and PCI DSS readiness across all locations and vendors. It provides a personalized report summarizing strengths, potential risks, and actionable recommendations to improve audit outcomes and strengthen security.

https://www.prnewswire.com/news-releases/scale-computing-simplifies-pci-dss-readiness-with-new-compliance-self-assessment-tool-302706290.html

Information Security Strategy

By / Blog / , , ,

Build a resilient information security strategy that aligns cybersecurity, risk management, and business goals. This approach integrates policies, people, and processes for effective protection in a rapidly evolving digital landscape. Establish a clear vision, assess current capabilities, define risks, and ensure ongoing adaptation to support operational stability and compliance. Engage security teams early in digital transformations to mitigate emerging risks and ensure smooth integration. Focus on practical execution through structured decision-making, budget alignment, and continuous improvement.

https://www.processexcellencenetwork.com/data-security/articles/information-security-strategy-how-to-build-a-system-that-actually-works

How Does AI Pentesting Work With Compliance?

By / Blog / , ,

Compliance frameworks like SOC 2, ISO 27001, HIPAA, and PCI DSS focus on documentation and test methodologies rather than who conducts the tests. AI pentests provide extensive audit trails, thorough coverage, and timely reports, enabling efficient compliance. While AI pentesting is increasingly accepted, some regulations still require human oversight. The report’s quality and validation of findings are crucial; true AI pentests exploit vulnerabilities rather than just flagging them. Continuous AI pentesting can enhance security by integrating with development cycles, ensuring ongoing compliance.

https://www.aikido.dev/blog/ai-pentesting-compliance

CIO Risk Management: Lessons From Southern Glazer’s CIO

By / Blog / ,

CIOs face diverse technology risks, not limited to cybersecurity. Key insights from Steve Bronson of Southern Glazer's include managing operational fragility, talent gaps, AI uncertainties, and vendor dependencies. He emphasizes the importance of governance, adopting T-shaped teams for talent development, maintaining flexibility through microservices, and building redundant systems in supply chains. Risks should be viewed holistically, prioritizing non-cyber threats based on their likelihood and potential impact while effectively communicating these risks to executives through an outcomes-focused approach.

https://www.techtarget.com/searchcio/feature/CIO-risk-management-Lessons-from-Southern-Glazers-CIO

5 Innovations Desperately Needed for EUDR Compliance

By / Blog / , , , ,

EUDR compliance poses challenges, especially for small businesses, as the EU Deforestation Regulation aims to eliminate deforestation in global supply chains. Key innovations needed include public policy improvements, collaborative corporate practices, innovative financial services, action from civil society, and harmonized technological solutions. While major firms are preparing for the regulation, smaller players require support to meet compliance requirements. Ultimately, harmonized tech and collective efforts will be crucial for transitioning to sustainable, deforestation-free supply chains.

https://www.foodnavigator.com/Article/2026/03/03/innovations-for-eudr-compliance/

Scroll to Top