4 min
GDPR
GDPR Preparation Checklist: January – Teach and Tidy
New year, new things to think about when it comes to your GDPR compliance
[https://www.rapid7.com/solutions/compliance/gdpr/] preparations. Hopefully your
GDPR project is in full swing by now. If it’s not, then you do really need to be
getting your skates well and truly on. Do take a look through our November
[/2017/11/14/gdpr-preparation-november-form-storm/] and December
[/2017/12/04/gdpr-compliance-checklist-december-assess-review/] preparation
blogs for ideas on how to get going. As of Janua
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)
This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)
Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)
In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...
4 min
GDPR
GDPR Compliance Checklist: December – Assess & Review
With under six months to go until the General Data Protection Regulation (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/] comes into force,
organizations that handle the personal data of EU citizens are preparing for
this new compliance regulation. In order to help you through this new
regulation, we’re creating a series of helpful blog posts to see you all the way
to May 25th 2018. This GDPR-focused infographic
[https://www.rapid7.com/resources/infographic-your-month-to-month-guide-to
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)
Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.
3 min
GDPR
GDPR Preparation: November – Form & Storm
With just over six months to go until the General Data Protection Regulation (
GDPR [https://www.rapid7.com/solutions/compliance/gdpr/]) comes into force,
organizations that handle the personal data of EU citizens are preparing for
this new compliance regulation. If you’ve not gotten started yet, or your plans
are still in their infancy, we’re creating a series of helpful blog posts to see
you through to May 25th 2018. This infographic
[https://www.rapid7.com/resources/infographic-your-month-to-
2 min
NIST
NIST Standards and Why They Matter
A primer on implementing NIST recommendations by guest author Matt Kelly
3 min
Compliance
Australian Privacy Amendment (Notifiable Data Breaches) Bill 2016
Mandatory notification of data breaches is becoming more commonplace across the
globe. Many financial institutions are now required to comply with NY DFS
[https://www.rapid7.com/solutions/compliance/ny-dfs-cybersecurity-requirements/]
, any organization processing the personal data of EU citizens should be in the
midst of their GDPR [https://www.rapid7.com/solutions/compliance/gdpr/]
preparations, and now Australia has announced that it will also be joining the
party.
The Privacy Amendment (No
2 min
Nexpose
Maximizing PCI Compliance with Nexpose and Coalfire
In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build
their PCI Approved Scan Vendor offering. PCI was just a few years old and
merchants were struggling to achieve and document full compliance with the
highly proscriptive Data Security Standard. Our goal was to find that classic
sports car blend of style and power: a vulnerability assessment solution that
was as streamlined and easy to use as possible, but robust enough to
significantly improve the customer's security.
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports
[/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53
controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export].
Last week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how
3 min
User Behavior Analytics
[Q&A] User Behavior Analytics as Easy as ABC Webcast
Earlier this week, we had a great webcast all about User Behavior Analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If
you'd like to learn why organizations are benefiting from UBA, including how it
works, top use cases, and pitfalls to avoid, along with a demo of Rapid7
InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC
[https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's
Tool
Kit
[https://information.rapid7.com/
2 min
Nexpose
Getting More Out of Nexpose Policy Reports
Auditing your systems for compliance with secure configuration policies like
CIS, DISA STIGs, and USBCG is an important part of any effective security
program, not to mention a requirement for many industry and regulatory
compliances like PCI, DSS, and FISMA. With Nexpose, you can automate this
assessment using our Policy Manager feature.
Back in March we launched two brand new policy report templates, Policy Rule
Breakdown Summary and Top Policy Remediations, to help organizations understand
h
5 min
PCI
Seven Ways InsightIDR Helps Maintain PCI Compliance
If your company processes credit card transactions, you must be compliant with
the Payment Card Industry Data Security Standard, or PCI DSS
[https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf]. Any
entity that stores, processes, or transmits cardholder data must abide by these
requirements, which provide best practices for securing your cardholder data
environment (CDE) [https://www.rapid7.com/solutions/compliance/pci-dss/].
Rapid7 InsightVM [https://www.rapid7.com/products/i
5 min
Compliance
People and Process Are Keys to Compliance, Tech Simply Must Make Them Both More Efficient
Compliance is not always an exciting topic to write about, in fact it's almost
NEVER an exciting topic to write about, but that doesn't diminish its
importance. For those of you in security who must adhere to a varietal (first of
many references to adult beverages) of compliance policies you know that it is
often a painful, yet necessary, part of your jobs. Unfortunately, the log
management and SIEM technologies we all deployed over the years have served
compliance officers by making it possible