NormShield Blog

GDPR Compliance Checker

Free GDPR Compliance Checker

The Europe Union (EU) General Data Protection Regulation (GDPR) proposed by Europe Commission became active after May 25, 2018. GDPR has very strict rules about collecting, storing, and processing data. Gathering even very small piece of information about an EU citizen requires consent from customer/visitor and very high responsibility for the companies. The fines are […]

Your ecosystem

British Airways Breach: Is it a third-party attack?

British Airways (BA) announced that 380,000 customer records containing credit card details had been taken during the cyber attack executed between 21 August and 5 September. As one of the major data breach in 2018, the cyber attack, though still fresh, has been speculated by many respectful cyber security researchers about  the cause of the […]

Software supply chain attacks

How to Prevent Software Supply-Chain Attacks

The recent warning posted by US National Counterintelligence and Security Center (NCSC) for software supply-chain attack risk draws attention to software used by companies in their supply chain. Every 3 out of 4 professionals acknowledge that they are not fully prepared for supply-chain attacks (aka third-party attacks or value-chain attacks) in responses given to a […]

iso 27001

Do You Monitor Your Suppliers? ISO/IEC 27001 Regulations Say You Should

Suppliers, in general third parties, have become one of the weaker links in the system. Recent TicketMaster data breach show how third parties may carry too much risk to your organization. Thus, they should be constantly monitored as ISO 27001 standard suggests. What is ISO/IEC 27001? ISO/IEC 27001 (some only write ISO 27001) is an […]

cobit organization

Third-Party Risk Management from COBIT’s perspective

Since its release in 2012, COBIT 5 has become a good-practice framework for IT management and governance for enterprises. By following certain checkpoints in the framework, a company can create a good IT risk management. It’s not surprising that COBIT emphasize third party risk management considering major cause of recent data breaches are third parties. […]

hipaa compliance

3rd Party Vendors of Healthcare Providers Must Meet HIPAA Regulations

The Health Insurance Portability and Accountability Act (HIPAA) aims to protect health-related and personal information of individuals, including medical records, health insurance data, SSNs of patients, etc. These information is very valuable and profitable in the blackmarket of dark web. Every year the data theft or extortion through ransomwares become a very big problem for […]

ssl tsl secure connection

How Strong is Your SSL/TLS? 6 Simple Steps to Make it Stronger

Secure Sockets Layer (SSL) protocol and its successor Transport Layer Security (TLS) protocol secure connections between web servers and browsers. If a company’s website requests sensitive data such as credit card information, then SSL/TLS certificate is a must. Especially, e-commerce websites use SSL/TLS to encrypt such information. Do I need an SSL/TLS? SSL/TLS has become […]

ticketmaster

Lesson from TicketMaster Breach: CDN Security of third-party suppliers

UK-based company TicketMaster, a ticket sales and distribution company, experienced a major breach as they announced on June 27. Upto 40,000 UK citizens might have been affected while their customer information are compromised. Many reports confirmed that TicketMaster was not directly breached or compromised, but a third-party supplier for their website was the one that […]

Outsmart Your Hackers

Outsmart Your Hackers

The simple truth: you are being targeted right now by a range of hackers from young-age script kiddies to sophisticated state-sponsored agents. They all have one thing in common, they are looking for a way to disrupt your business. When hackers identify their targets, they first conduct cyber reconnaissance. they quietly scan and map your […]