A complete understanding of your cardholder data environment (CDE) is a cornerstone of a successful PCI DSS compliance program, but for that, you need to ensure you include all the systems, technologies, processes, and people that comprise it because if not, an omission or lack of controls applied could lead to non-compliance.

The European Union (EU) has made significant strides lately in shaping cybersecurity regulation—new developments include those related to the NIS2 Directive, the EU Cybersecurity Act, the EU Cloud Services Cybersecurity Scheme (EUCS), and the EU Cyber Resilience Act.

If you’ve decided to undergo a red team assessment and engaged Schellman to perform it, you may be wondering what the next steps entail—as in, how will the next stages of the process work and what should you expect?

With the escalation of climate and various environmental, social, and governance (ESG)-related risks, organizations are now actively setting bold sustainability objectives, and in recognition of the related concerns in their supply chains over which they lack control, companies are also asking for cooperation from their vendors in addressing their emissions to further minimize their environmental impact.

With the introduction of the Cybersecurity Maturity Model Certification (CMMC) program, contractors working with the U.S. Department of Defense (DoD) will be required to meet a certain level of cybersecurity maturity ensuring the protection of the involved sensitive information and data, specifically controlled unclassified information (CUI) and federal contract information (FCI).

Having now grown into one of the world’s leading international security standards, ISO 27001 lays out the required criteria for taking a holistic approach to information security through the implementation and ongoing maintenance of an information security management system (ISMS).

With over two decades of HIPAA history behind us, more than a decade of mandatory compliance and federal compliance enforcement, and a shortage of resources to help hospitals achieve compliance, the healthcare industry is still plagued by non-compliance issues every year—particularly regarding risk and access management.

When considering cybersecurity, many may first think of cutting-edge tech companies. Healthcare providers may spring to mind for others and government agencies for still others. But strong cybersecurity—if it’s not already—is becoming paramount in every sector, and if the recent attacks tell us anything, it’s now paramount for universities as well.