3 min
InsightVM
How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations
Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.
2 min
Compliance
The British Airways Breach: PCI is Not Enough
Magecart's techniques are sophisticated and worth understanding in detail, especially because they point out a major gap that occurs even with perfect PCI compliance.
3 min
Compliance
Address the NAIC Insurance Data Security Model Law
The NAIC Insurance Data Security Model Law suggests a modern approach to detecting and responding to threats. This post looks at a few interesting requirements and shares how we can partner with your team across people, process, and technology.
3 min
CIS Controls
CIS Critical Security Control 19: Steps for Crafting an Efficient Incident Response and Management Strategy
An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.
3 min
GDPR
GDPR Preparation March and April: Course Correct
Wow, how did March just happen? Living in a country that just fell apart like a
clown car because of snow, it’s still feeling decidedly wintery here in the UK,
and as a weather obsessed Brit I am fully looking forward to sunnier times. You
know, that single day sometime in August. By that time, we’ll have crossed the
border into the brave new world of the General Data Protection Regulation (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/], and like many of you, I am
curious as to what t
3 min
GDPR
Tonight I'm gonna IR like it's 99 (days until GDPR)…
Sorry Nena, it was going to be you or Prince that was going to get the headline,
and whilst 99 Red Balloons [https://www.youtube.com/watch?v=HZ1TQYjCwYc] is a
catchy 80’s classic, I had to give credit to His Royal Purpleness
[https://www.youtube.com/watch?v=rblt2EtFfC4]. It was that or pay tribute to a
childhood favourite vanilla ‘whippy’ ice cream, adorned with a Cadbury’s Flake,
but I’m not so sure that would resonate so well with a global audience.
“Why 99?”, you may ask. Why not a nice roun
3 min
Compliance
HIPAA Security Compliance Fallacies (And How To Avoid Them)
Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t
been what I thought it was going to be. When I first started out as an
independent security consultant, I was giddy over the business opportunities
that I just knew HIPAA compliance was going to bring. Around that time, I
learned something from sales expert, Jeffrey Gitomer, that has had a profound
impact on my career. He said that if you work for yourself and are in sales,
which I am, that you must write and speak if
4 min
GDPR
GDPR Preparation Checklist: January – Teach and Tidy
New year, new things to think about when it comes to your GDPR compliance
[https://www.rapid7.com/solutions/compliance/gdpr/] preparations. Hopefully your
GDPR project is in full swing by now. If it’s not, then you do really need to be
getting your skates well and truly on. Do take a look through our November
[https://www.rapid7.com/blog/post/2017/11/14/gdpr-preparation-november-form-storm/]
and December
[https://www.rapid7.com/blog/post/2017/12/04/gdpr-compliance-checklist-december-assess-revi
4 min
GDPR
GDPR Compliance Checklist: December – Assess & Review
With under six months to go until the General Data Protection Regulation (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/] comes into force,
organizations that handle the personal data of EU citizens are preparing for
this new compliance regulation. In order to help you through this new
regulation, we’re creating a series of helpful blog posts to see you all the way
to May 25th 2018. This GDPR-focused infographic covers the month-by-month high
level topics. If you missed our November bl
3 min
GDPR
GDPR Preparation: November – Form & Storm
With just over six months to go until the General Data Protection Regulation (
GDPR [https://www.rapid7.com/solutions/compliance/gdpr/]) comes into force,
organizations that handle the personal data of EU citizens are preparing for
this new compliance regulation. If you’ve not gotten started yet, or your plans
are still in their infancy, we’re creating a series of helpful blog posts to see
you through to May 25th 2018.
With holiday season fast approaching in many parts of the world, getting you
2 min
Guest Perspective
NIST Standards and Why They Matter
A primer on implementing NIST recommendations by guest author Matt Kelly
4 min
CIS Controls
The CIS Critical Security Controls Explained - Control 6: Maintenance, Monitoring and Analysis of Audit Logs
In your organizational environment, Audit Logs are your best friend. Seriously.
This is the sixth blog of the series based on the CIS Critical Security Controls
[https://www.rapid7.com/fundamentals/cis-critical-security-controls/]. I'll be
taking you through Control 6: Maintenance, Monitoring and Analysis of Audit
Logs, in helping you to understand the need to nurture this friendship and how
it can bring your information security program to a higher level of maturity
while helping gain visibilit
2 min
Nexpose
Maximizing PCI Compliance with Nexpose and Coalfire
In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build
their PCI Approved Scan Vendor offering. PCI was just a few years old and
merchants were struggling to achieve and document full compliance with the
highly proscriptive Data Security Standard. Our goal was to find that classic
sports car blend of style and power: a vulnerability assessment solution that
was as streamlined and easy to use as possible, but robust enough to
significantly improve the customer's security.
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports and NIST 800-53
controls
mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last
week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how compliant you are overall,
understand where you need to
2 min
Compliance
Top 3 Takeaways from the "PCI DSS 3.0 Update"
In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross
[/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security
professionals need to be diligent to remain compliant and secure. Jane and
Guillaume discussed some key results from the Verizon 2015 PCI Compliance
Report, tips and tricks for complying with requirements 7, 8, and 10, and
touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways
from the “PCI DSS 3.0 Update: How to Restrict