Tuesday, January 25, 2022

Subscribers Only

Free

NPPD Builds on Reorg Momentum in Renewed Pitch for Name Change

Hoping to maintain momentum after launching its National Risk Management Center last month, DHS has renewed its pitch to Congress to approve an agency reorganization that would streamline DHS’ cybersecurity functions and rename the National Programs and Protection Directorate as the Cybersecurity and Infrastructure Security Agency. A bill sponsored in December by House Homeland Security Committee […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DoD Cybersecurity Certification Body Moving Forward Despite Uncertain Funding

The first class of assessors being trained by the Cybersecurity Maturity Model Certification Accreditation Body should start receiving approval within the coming week, but may not have access to continuous monitoring to conduct initial audits, as the organization struggles to fund its operations. “We don’t have any external funds to pay for things that we […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Advisory Group Approves Data Breach Notification Best Practices

The Department of Homeland Security’s Data Privacy and Integrity Advisory Committee has approved a set of best practices for DHS agencies to use when notifying employees, citizens, or other users about a data breach that has affected their personal information. An earlier draft of the guidance urged agencies to provide notice of a breach quickly, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Sweden Grapples with Sensitive Data Leak Scandal

Sweden’s Transport Agency is dealing with the fallout of a recently-discovered data breach of the country’s driver’s license database, which has resulted in the prosecution of the agency’s former director and raised questions about the agency’s contract with IBM. The exposed data included driver’s license photos and information, as well as information on whether an […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Deputy AG Monaco Touts DOJ Cyber Review, Ransomware Task Force

Deputy Attorney General Lisa O. Monaco spoke at the DOJ’s Criminal Division Cybersecurity Roundtable about her goals for the recently launched Comprehensive Cyber Review. “The first is assess how we can improve our capability to investigate, to prosecute and disrupt these actors and their evolving techniques,” she said. “The second is we need to focus […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

NIST Cybersecurity Framework: Fifth, Iterate and Adapt

Josh Mayfield of Absolute finishes his guide to implementing the NIST Cybersecurity Framework, looking at its final pillar: Recover. The first sub-goal of Recover is Planning, which gives us the opportunity to figure out how to restore systems, data, access, applications, and users in advance: at a time when we are not inclined to panic […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

The SEC’s Latest Salvo on Cybersecurity Disclosures: A $1 Million Penalty and Cease &...

On August 16, 2021, the SEC issued an order announcing that it had imposed a civil penalty of $1 million on Pearson plc, a London-based multinational educational publishing and services company, for misleading investors about a 2018 data breach that involved the theft of millions of student records. The agency has initiated a number of […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

GM’s Top Cyber Official Warns FTC Not to Repeat History

Jeff Massimilla, chief product cybersecurity officer for General Motors, cautioned federal regulators against placing too many cybersecurity mandates on self-driving automobile manufacturers, or risk hindering innovation. Speaking during a conference hosted by the Federal Trade Commission and the National Highway Traffic Safety Administration, two agencies with authority to set cyber and safety standards for autonomous […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

SEC Chair Wants More Cyber Risk Disclosure From Public Firms

Securities and Exchange Commission chair Jay Clayton told the Senate Banking Committee that publicly traded companies should do a better job of disclosing the cyber risks they face in their filings with the SEC. The SEC itself and Equifax each came under scrutiny by members of the committee, who gave the most attention to the […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

CIPL and AvePoint Launch Second Annual GDPR Organizational Readiness Survey

Hunton & Williams’ Centre for Information Policy Leadership and AvePoint are seeking participatns for their 2nd annual survey assessing organizational readiness for the EU’s upcoming General Data Protection Regulation. Last year, over 220 predominantly multinational organizations participated in the study which focused on key areas of impact and change under the GDPR such as consent, legitimate […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.