Tuesday, September 29, 2020

Subscribers Only

Free

CISPE Unveils Cloud Providers Code of Conduct

The Cloud Infrastructure Services Providers in Europe has published its Data Protection Code of Conduct, addressing transparency and compliance with EU data protection laws. Based on internationally recognized security standards and compliant with the new EU General Data Protection Regulation, the code calls for cloud customers to be offered the ability to process and store […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

You’ve Been Hacked and You Have No Cyber Insurance?

In the major recent decision Travelers Insurance v. Portal Healthcare Solutions, a federal court of appeals held that a cyber incident was covered, at least in part, by the victim company’s commercial general liability policy. While policies vary, CGL commonly covers oral or written publication of material that violates a person’s right to privacy. Although […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

More Companies in EU-U.S. Data Transfer Plan at Deadline

Nearly 300 firms submitted certifications for the EU-US Privacy Shield data transfer program in advance of the September 30 safe harbor deadline, which provides them nine months to ensure their third party partners have the same levels of data protection as required under the Shield. However, some firms have balked at certifying, in part due […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

A Grand Bargain to Make Tech Companies Trustworthy

In this commentary, Jack Balkin, the Knight Professor of Constitutional Law and the First Amendment at Yale Law School, and Jonathan Zittrain, a professor at Harvard Law School, suggest the creation of a fiduciary requirement for tech firms that gather and store significant amounts of data from the public. The approach would establish a legal […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

SWIFT Security Controls to be Mandatory by 2018

The SWIFT interbank messaging system will require its banking partners to implement baseline security controls, but observers say the plan’s lack of detail calls into question how well the new policy can be implemented and enforced. More at Search Security
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Compliance Pushing Boards’ Cyber Security More Than Breaches

According to a new survey by Bay Dynamics and Osterman Research, corporate boards say federal and state regulatory requirements are more important than the threat of a breach when it comes to cybersecurity planning. Eighteen percent of respondents said more government regulation was the top driver for prioritizing cybersecurity, compared to only three percent who […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Why DHS Didn’t Need Its Own Internet of Things Guidance

In this commentary, independent analyst and freelance writer Ariel Robinson says the Department of Homeland Security’s plan to develop a set of unifying principles for security the internet of things is duplicative and unnecessary. Instead of creating yet another set of government guidelines, DHS would be better served to drive awareness and adoption of existing […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

HHS Awards Funds for Health IT Cybersecurity Threat Sharing

The Department of Health and Human Services has entered into a cooperative agreement with the National Health Information Sharing and Analysis Center to build an infrastructure for sharing cybersecurity threat and prevention information. Under the agreement, HHS is providing $350,000 in funding to the center to build the information sharing environment. More at Federal Times
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Surgeon General Warns Employees of Personal Information Breach

A breach of the United States Public Health Service Commissioned Corps’ systems has potentially exposed the personal information of current, former, and retired members of the agency. The breach involved a system used to process employee payroll, leave, time, and attendance. Surgeon General Vivek Murthy notified employees of the breach in an email. More at […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DHS Needs Policy Ensuring Contractors Implement Cybersecurity Protections

The Department of Homeland Security has completed key activities related to the Cybersecurity Act, including developing enterprise-wide logical access policies and procedures for its national security systems; ensured logical access controls and multi-factor authentication are implemented; and established software inventory policies. However, according to the DHS Office of Inspector General, not all components used data […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.