6 min
PCI
Enforce and Report on PCI DSS v4 Compliance with Rapid7
The PCI Security Standards Council (PCI SSC) is a global forum that connects stakeholders from the payments and payment processing industries to craft and facilitate adoption of data security standards and relevant resources that enable safe payments worldwide.
4 min
CISOs
How CISOs’ Roles – and Security Operations – Will Change in 2024
It’s fair to say that 2023 was a turning point for the cybersecurity industry,
and no one felt it more than the CISO. From the onslaught of ransomware and
zero-day attacks,
[https://www.rapid7.com/blog/post/2024/01/12/2023-ransomware-stats-a-look-back-to-plan-ahead/]
to the SEC’s new reporting rules
[https://www.rapid7.com/globalassets/_pdfs/policy/sec-cybersecurity-compliance-solution-brief.pdf]
, and added to technological innovation and sprawl, CISOs have never been under
more pressure to ge
4 min
Cloud Security
New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0
The Center for Internet Security (CIS) recently released version two of their AWS Benchmark: CIS AWS Benchmark 2.0.0.
4 min
Cloud Security
New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022
In this article, we discuss how the recently released ISO 27001:2022 compliance pack for InsightCloudSec can benefit your organization.
4 min
Cloud Security
Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix
In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).
3 min
Compliance
Cloud Audit: Compliance + Automation
Today’s regulatory environment is incredibly fractured and extensive. However, deploying a cloud security posture management (CSPM) can ease the administrative burden associated with staying in compliance.
4 min
Compliance
Rapid7 Makes Security Compliance Complexity a Thing of the Past With InsightIDR
Here are three ways InsightIDR has been built to elevate and simplify your compliance processes.
1 min
Public Policy
Incident Reporting Regulations Summary and Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.
9 min
Public Policy
Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.
5 min
Public Policy
Navigating the Evolving Patchwork of Incident Reporting Requirements
Rapid7 is supportive of CIRCIA and cyber incident reporting, but we encourage regulators to ensure reporting rules do not impose unnecessary burdens.
2 min
Compliance
ISO 27002 Emphasizes Need For Threat Intelligence
Earlier this year, the International Organization for Standardization (ISO) released ISO 27002, which features a dedicated threat intelligence control.
6 min
Cloud Security
Cloud Security and Compliance: The Ultimate Frenemies of Financial Services
Here are four ways finserv companies can embrace the love-hate relationship with cloud security and compliance while effectively navigating the need to maintain pace with today's rapid rate of change.
3 min
Compliance
Simplifying Complex Cybersecurity Regulations
Cybersecurity regulations often require similar baseline security practices, even though the legislation may structure compliance requirements differently.
3 min
DevOps
Creating coefficiency: DevOps, Security, and Compliance
The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.
3 min
InsightIDR
Utilize File Integrity Monitoring to Address Critical Compliance Needs
To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.