No Password Required: LIVE From Sunshine Cyber Con
Corruption, Crime and Compliance : Cybersecurity and Compliance: The Growing Partnership of CISOs and CCOs
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Compliance Into The Weeds - HanesBrands Cyber Security Breach Disclosure
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
Cyberside Chats: Don’t silo your risk from legal (with Ingrid Rodriguez)
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Marti Arvin and Anthony Buenger on the CMMC Framework
Editor’s Note: During a recent HaystackID webcast, expert panelists explored the role of the Committee on Foreign Investment in the United States (CFIUS) in protecting sensitive technologies, classified contracts, and other...more
The SEC continues to expand its cybersecurity enforcement authority to include allegations that a company's failure to monitor its managed security service providers (MSSP) amounts to violations of federal securities laws....more
Amazon Sued for Not Telling New York Store Customers about Tracking Biometrics - “Thanks to a 2021 law, New York is the only major American city to require businesses to post signs letting customers know they’re tracking...more
Report on Patient Privacy 22, no. 1 (January, 2022) - New Jersey issued its third settlement in three months on state-level health care privacy and security laws, announcing that three cancer care providers would adopt new...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
The New York Department of Financial Services (NYDFS) has launched its first enforcement action under New York’s Cybersecurity law for financial services, so-called Part 500. Part 500 requires NYDFS licensed institutions to...more
Developing Contingency Plans: The NYDFS Mandate on Licensed Virtual Currency Businesses - The events surrounding COVID-19 have increased the use of fintech products, both out of necessity and convenience. Shelter-in-place...more
The NYDFS has announced that it has extended the deadline for compliance with certain cybersecurity requirements due to the coronavirus emergency. The announcement from the Superintendent of Financial Services of the State...more
Five things schools, colleges and universities can do this summer to address data privacy and protect against cybersecurity threats. Consider these five steps during your summer break to address the protection of...more
Cybersecurity company Carbon Black recently issued a report of the results of a survey of chief information security officers (CISOs) of financial organizations, which showed that the financial industry is getting hammered by...more
On September 4, 2018, the third stage of compliance deadlines under the New York Department of Financial Services’ (DFS) expansive cybersecurity regulation went into effect....more
The New York State Department of Financial Services (NYDFS) Cybersecurity Regulation (23 NYCRR Part 500) came into effect March 1, 2017...more
Last week, the New York Department of Financial Services (DFS) sent notices to companies that had not yet certified their compliance with the DFS Cybersecurity Regulation....more
On March 1, 2018, the one year transition period within which banks, insurance companies, and other financial services institutions and licensees regulated by the New York Department of Financial Services (“Covered Entities”)...more
We’ve discussed privacy compliance with regulations, legal requirements, etc. in the space since this blog’s inception. “Privacy by design” – while not a new concept – is certainly enjoying a new spot in the sunshine thanks...more
The New York Department of Financial Services has adopted detailed cybersecurity regulations for financial institutions. (Here). The NYDFS has filled a vacuum created by the failure of the federal government to act in this...more
For the several thousand financial institutions and insurance companies covered by New York’s landmark data security regulation, the first certification of compliance must be filed with the State’s Department of Financial...more
On February 15th, organizations subject to the New York Department of Financial Services Cybersecurity Regulation are required to submit their first annual certification attesting to their compliance with the state’s new data...more
August 28, 2017 marks the end of the initial 180-day grace period for compliance under the New York Department of Financial Services’ “first-in-the-nation” cybersecurity regulations (the “Rules”). The initial regulations...more
Banks, insurance companies and other financial institutions have only a few days left to comply with the first wave of requirements under New York’s controversial new cybersecurity regulation....more
Companies subject to New York’s Department of Financial Services (DFS) new cybersecurity regulation should be preparing to comply with the first round of requirements by the upcoming August 28th deadline: enacting a...more
As a follow-up to our previous reports (December 30, 2016 Alert; February 24, 2017 Alert) regarding the cybersecurity regulations issued by the New York State Department of Financial Services (NYDFS), we would like to remind...more
Effective March 1, 2017, the New York State Department of Financial Services promulgated regulations to help protect against cybercriminals and their efforts to exploit sensitive electronic data. These cybersecurity...more
The New York Department of Financial Services (NYDFS) recently updated frequently asked questions (FAQs) about its cybersecurity regulations, 23 NYCRR 500, to address four new issues. NYDFS published its initial set of FAQs...more
New York’s powerful Department of Financial Services (DFS) upended cybersecurity regulation with its new and sweeping “Cybersecurity Requirements for Financial Services Companies,” which took effect on March 1, 2017. But is...more