Friday, January 22, 2021

Subscribers Only

Free

Will the GDPR Apply to U.S. Government Agencies?

Though the EU’s General Data Protection Regulation applies to both public and private entities, the U.S. government will likely rely on ad-hoc agreements to meet some of its obligations instead of fully complying. In theory, agencies such as the Departments of State or Homeland Security could fall under the terms of the GDPR, but Karen […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

How the Security Clearance Backlog Hurts Cybersecurity

Tempers flared over a backlog of security clearances during a Senate hearing about vulnerabilities in the energy sector, with Martha McSally (R-AZ), Lisa Murkowsi (R-AK), and Angus King (I-ME) each raising concerns with Karen Evans of the Department of Energy that the issue was leading to poor cybersecurity. In fiscal 2016, only 10 percent of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Making Fortune 50 Security Capabilities Accessible to Any Organization

In a recent set of articles, Joshua Goldfarb, FireEye’s CTO for Emerging Technologies, argues that the days when comprehensive, in-depth security operations were limited to security mature organizations have passed. With today’s integrated solutions and delivery methods, even organizations without large enterprise-sized budgets can have access to the world’s best security – and it is […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

It’s Here: California Voters Approve the CPRA

On Tuesday, November 3, 2020, California voters passed ballot Proposition 24, the California Privacy Rights Act of 2020 (“CPRA”). Also known as CCPA 2.0, CPRA brings a number of changes to the CCPA, the majority of which will become operative on January 1, 2023. In addition to revising some of the definitions that are fundamental […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Federal CIO: Agencies Already Tracking Future Cyber Reskilling Graduates

The program hasn't begun yet, but agencies are already interested in hiring the first graduates of the federal Cyber Reskilling Academy, making requests of...

JAIC Has More Work To Do in Developing Artificial Intelligence Standards, while DoD Components...

On July 1, 2020, the Department of Defense (DoD) Office of Inspector General (OIG) published its audit report. The report assessed the DoD Joint Artificial Intelligence Center’s (JAIC) progress in developing an Artificial Intelligence (AI) governance framework and standards, as well as DoD components’ implementation of security controls to protect AI data and technologies from internal […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

New State Dept. Bureau Will Handle International Cybersecurity Issues

Since last year, the State Department has been working to establish a new bureau focused on international cybersecurity issues. The department intends to work with several other agencies, but State hasn’t shared its plans,  hasn’t told them what it’s up to, and that could lead to difficulty collaborating. The director of international affairs and trade […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Don’t Acquire a Company Until You Evaluate its Data Security

Chirantan Chatterjee and D. Daniel Sokol write about the importance to the buyer of throughly evaluating the cybersecurity of any company they are planning to purchase. They cite the example of Starwood Hotels, whose long-term, large scale security breach became a major liability to Marriott after their merger; they’d purchased a “data lemon”. They suggest […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Security Awareness Training: Don’t Exclude Contract Workers

Gretel Egan of Proofpoint argues that contract workers should be included in agency security training, and are at least as important as full-time employees to federal, state, and local government cybersecurity, because their generally impermanent nature makes them vulnerable targets of social-engineering attacks. Although contractors should be chosen with security competence as a requirement, “it’s […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Anthem Will Pay $115 Million in Largest Data Breach Settlement in History

Anthem Inc. will pay $115 million to settle a lawsuit over a 2015 data breach that exposed the sensitive health information of nearly 80 million Americans. As a result of the breach, hackers were able to obtain Social Security numbers, birth dates, addresses, income and employment data. The settlement also requires the company to guarantee […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.