Posts tagged Compliance

4 min CISOs

How CISOs’ Roles – and Security Operations – Will Change in 2024

It’s fair to say that 2023 was a turning point for the cybersecurity industry, and no one felt it more than the CISO. From the onslaught of ransomware and zero-day attacks, [] to the SEC’s new reporting rules [] , and added to technological innovation and sprawl, CISOs have never been under more pressure to ge

4 min Cloud Security

New InsightCloudSec Compliance Pack for CIS AWS Benchmark 2.0.0

The Center for Internet Security (CIS) recently released version two of their AWS Benchmark: CIS AWS Benchmark 2.0.0.

4 min Cloud Security

New InsightCloudSec Compliance Pack: Implementing and Enforcing ISO 27001:2022

In this article, we discuss how the recently released ISO 27001:2022 compliance pack for InsightCloudSec can benefit your organization.

4 min Cloud Security

Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix

In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).

3 min Compliance

Cloud Audit: Compliance + Automation

Today’s regulatory environment is incredibly fractured and extensive. However, deploying a cloud security posture management (CSPM) can ease the administrative burden associated with staying in compliance.

4 min Compliance

Rapid7 Makes Security Compliance Complexity a Thing of the Past With InsightIDR

Here are three ways InsightIDR has been built to elevate and simplify your compliance processes.

1 min Public Policy

Incident Reporting Regulations Summary and Chart

A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.

9 min Public Policy

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.

5 min Public Policy

Navigating the Evolving Patchwork of Incident Reporting Requirements

Rapid7 is supportive of CIRCIA and cyber incident reporting, but we encourage regulators to ensure reporting rules do not impose unnecessary burdens.

2 min Compliance

ISO 27002 Emphasizes Need For Threat Intelligence

Earlier this year, the International Organization for Standardization (ISO) released ISO 27002, which features a dedicated threat intelligence control.

6 min Cloud Security

Cloud Security and Compliance: The Ultimate Frenemies of Financial Services

Here are four ways finserv companies can embrace the love-hate relationship with cloud security and compliance while effectively navigating the need to maintain pace with today's rapid rate of change.

3 min Compliance

Simplifying Complex Cybersecurity Regulations

Cybersecurity regulations often require similar baseline security practices, even though the legislation may structure compliance requirements differently.

3 min DevOps

Creating coefficiency: DevOps, Security, and Compliance

The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.

3 min InsightIDR

Utilize File Integrity Monitoring to Address Critical Compliance Needs

To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.

3 min InsightVM

How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations

Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.