Posts tagged Compliance

4 min GDPR

GDPR Preparation Checklist: January – Teach and Tidy

New year, new things to think about when it comes to your GDPR compliance [https://www.rapid7.com/solutions/compliance/gdpr/] preparations. Hopefully your GDPR project is in full swing by now. If it’s not, then you do really need to be getting your skates well and truly on. Do take a look through our November [/2017/11/14/gdpr-preparation-november-form-storm/] and December [/2017/12/04/gdpr-compliance-checklist-december-assess-review/] preparation blogs for ideas on how to get going. As of Janua

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)

In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...

4 min GDPR

GDPR Compliance Checklist: December – Assess & Review

With under six months to go until the General Data Protection Regulation (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/] comes into force, organizations that handle the personal data of EU citizens are preparing for this new compliance regulation. In order to help you through this new regulation, we’re creating a series of helpful blog posts to see you all the way to May 25th 2018. This GDPR-focused infographic [https://www.rapid7.com/resources/infographic-your-month-to-month-guide-to

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)

Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.

3 min GDPR

GDPR Preparation: November – Form & Storm

With just over six months to go until the General Data Protection Regulation ( GDPR [https://www.rapid7.com/solutions/compliance/gdpr/]) comes into force, organizations that handle the personal data of EU citizens are preparing for this new compliance regulation. If you’ve not gotten started yet, or your plans are still in their infancy, we’re creating a series of helpful blog posts to see you through to May 25th 2018. This infographic [https://www.rapid7.com/resources/infographic-your-month-to-

2 min NIST

NIST Standards and Why They Matter

A primer on implementing NIST recommendations by guest author Matt Kelly

3 min Compliance

Australian Privacy Amendment (Notifiable Data Breaches) Bill 2016

Mandatory notification of data breaches is becoming more commonplace across the globe. Many financial institutions are now required to comply with NY DFS [https://www.rapid7.com/solutions/compliance/ny-dfs-cybersecurity-requirements/] , any organization processing the personal data of EU citizens should be in the midst of their GDPR [https://www.rapid7.com/solutions/compliance/gdpr/] preparations, and now Australia has announced that it will also be joining the party. The Privacy Amendment (No

2 min Nexpose

Maximizing PCI Compliance with Nexpose and Coalfire

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamlined and easy to use as possible, but robust enough to significantly improve the customer's security.

2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports [/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's Tool Kit [https://information.rapid7.com/

2 min Nexpose

Getting More Out of Nexpose Policy Reports

Auditing your systems for compliance with secure configuration policies like CIS, DISA STIGs, and USBCG is an important part of any effective security program, not to mention a requirement for many industry and regulatory compliances like PCI, DSS, and FISMA. With Nexpose, you can automate this assessment using our Policy Manager feature. Back in March we launched two brand new policy report templates, Policy Rule Breakdown Summary and Top Policy Remediations, to help organizations understand h

5 min PCI

Seven Ways InsightIDR Helps Maintain PCI Compliance

If your company processes credit card transactions, you must be compliant with the Payment Card Industry Data Security Standard, or PCI DSS [https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf]. Any entity that stores, processes, or transmits cardholder data must abide by these requirements, which provide best practices for securing your cardholder data environment (CDE) [https://www.rapid7.com/solutions/compliance/pci-dss/]. Rapid7 InsightVM [https://www.rapid7.com/products/i

5 min Compliance

People and Process Are Keys to Compliance, Tech Simply Must Make Them Both More Efficient

Compliance is not always an exciting topic to write about, in fact it's almost NEVER an exciting topic to write about, but that doesn't diminish its importance. For those of you in security who must adhere to a varietal (first of many references to adult beverages) of compliance policies you know that it is often a painful, yet necessary, part of your jobs. Unfortunately, the log management and SIEM technologies we all deployed over the years have served compliance officers by making it possible