Wednesday, December 2, 2020

Subscribers Only

Free

IT Industry Council: Proposed FCC Privacy Rules Need More Transparency

The Information Technology Industry Council is urging the Federal Communications Commission to increase the transparency of its proposed privacy rules for internet services providers and the commission’s deliberation process, and to allow for more public input on the regulations. Specifically, the council wants to know how the revised proposed rule aligns with other privacy frameworks, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DFARS Final Rule Requires Contractor Reporting of Network Penetrations, Amends Definitions of Covered Defense...

The Department of Defense has published a final rule amending the Defense Federal Acquisition Regulation Supplement to require contactor reporting on network penetrations and to implement DoD policy on the purchase of cloud computing software. In a change from the interim rule, the definition of covered defense information is amended to clarify that the information […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

IRS Not Fully Compliant with FISMA Security Controls

The Internal Revenue Service needs to improve security program deficiencies related to continuous monitoring, configuration management, and identity and access controls, according to a new report from the Treasury Inspector General for Tax Administration. In its latest report on IRS’s implementation of the Federal Information Security Modernization Act, TIGTA found the agency’s information security program […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

DOE Needs Updated Cyber Policies, Stronger Security Controls

The Department of Energy and National Nuclear Security Administration have taken a number of positive actions to strengthen their cybersecurity programs and address vulnerabilities, but many deficiencies continue to exist, according to a new report from the DOE Office of Inspector General. For example, OIG identified ongoing issues related to the department’s vulnerability management program, […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Cyber Due Diligence in a Post-Yahoo World

The breach of Yahoo’s systems highlights the importance of due diligence during merger and acquisition activity. Although attorneys are beginning to incorporate cybersecurity into their due diligence practices, they often leave this discussion to the end of negotiations, leaving little time to assess and negotiate problems before a deal closes. More at Legaltech News
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Questions Every CIO Should Ask the Cybersecurity Leader: Part 1

The increase in cyber threats and escalating focus on cybersecurity in the boardroom have placed more responsibility on the chief information officer to understand the risks and benefits of cybersecurity approaches. To develop a strong risk management focus, CIOs should ask their cyber leaders to identify the prioritized list of business risks at the focus […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Muddy Waters Shows More Attacks on St. Jude Cardiac Devices

Investment research firm Muddy Waters and security company MedSec have published additional allegations that devices manufactured by St. Jude Medical are vulnerable to cyber attacks. The firms have published four videos allegedly demonstrating potentially lethal attacks against implanted cardiac devices made by St. Jude. St. Jude has denied the claims, but has announced a recall […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Luxembourg Bill Amending the Data Protection Act with regard to the Authorization Regime

A new bill presented to the Luxembourg Parliament would amend existing law to eliminate certain authorization requirements to the Luxembourg data protection authority, in anticipation of the effective date of the General Data Protection Regulation in 2018. If the bill becomes law, companies will no longer be required to obtain an authorization from the country’s […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

U.S. Chamber of Commerce Calls for Cyber (Anti-)Regulation Czar

Federal Trade Commission commissioner Terrell McSweeny says regulators should not attempt to regulate emerging technologies they don’t yet understand. As examples, McSweeny cited artificial intelligence, machine learning, and the internet of things as technologies that are sufficiently distinctive to require a unique policy approach. McSweeny says FTC will maintain an enforcement role rather than a […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.

Secret Service Lacks Controls Over Sensitive Information

According to a new report from the Department of Homeland Security Office of Inspector General, the Secret Service lacks adequate controls and data protections over sensitive data. According to OIG, the service’s IT management was ineffective, including inadequate system security plans, systems with expired authorities to operate, inadequate access and audit controls, noncompliance with logical […]
Must be a Paid Member or a Free Trial Member to Access Content. Members log in here.