Cost of Noncompliance: More Than Just Fines
No Password Required: President at Constellation Cyber, Former FBI Translator, and Finder of Non-Magical Mushrooms
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
2023 DSIR Report Deeper Dive into the Data
Episode 282 -- CISO and CCOs -- The Evolving Partnership
Cyber Threats
No Password Required: A Developer Advocate with Auth0 and an "Accordion Guy" with Rockstar Aspirations
Cybersecurity Threats Facing Food and Agribusiness Companies & the Preparation and Protection Safeguards to Help Mitigate Them
[Podcast] NSA Cybersecurity Services for Defense Contractors
Dark Web Monitoring - Unauthorized Access Podcast
Cyberside Chats: Everyone wants to be Batman. Hacking Back & Cybersecurity Law
Mandatory Cyber Incident Reporting: Pros, Cons, and Next Steps
Fighting the Constantly Evolving Threat of Cybercrimes
Part 2: Cybersecurity and the Role of Management
Part 1: Cybersecurity and the Role of Management
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Ransomware, Geopolitical Tensions, and the Race to Regulate
Introduction It wouldn't be much of an exaggeration to say that NIS2 is the acronym on everyone's lips. When coupled with its European sister legislation DORA, we encounter a regulatory twosome that make GDPR feel like...more
Cyberattacks powered by artificial intelligence have become more sophisticated as bad actors utilize machine learning to analyze vulnerabilities, automate exploits, and outpace traditional security measures. Through the use...more
Defining the role of inherent risk in cybersecurity - Inherent risk is a concept that while fundamental to cybersecurity, has largely been disregarded by popular cybersecurity risk guidelines and standards and remains arcane...more
Fragile or volatile supply chains, increases in regulatory obligations and enforcement, natural disasters, inflation, political turmoil – all complicated issues for any business to navigate. Among the myriad business...more
Selected U.S. Privacy and Cyber Updates - CISA Posts Notice of Proposed Rulemaking Under CIRCIA - On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (CISA) published a notice of proposed rulemaking (NPRM)...more
The HHS Office for Civil Rights (OCR) and other government agencies aren’t just worried that providers understand—and mitigate—the privacy and security risks of telehealth. In fact, in 2022, the Government Accountability...more
The ever-increasing privacy and security risks via third-party vendors and service providers were apparent in 2023 with news of large organizations such as MOVEit, Okta and AT&T being affected. Research has shown that 98...more
New York has released proposed cybersecurity regulations for hospitals. The regulations, which were published in The State Register on Dec. 6 and will undergo a 60-day public comment period ending on Feb. 5, are designed to...more
On May 24, 2023, Microsoft announced the detection of a direct threat to critical infrastructure organizations in Guam and elsewhere in the United States. The alert attributed observed malicious activity to a state-sponsored...more
Join Industry experts Florian Spindler, Manager at KPMG, Claudia Howe, Executive Director of GRC Solutions at Mitratech, and Henry Umney, Director of GRC Strategy at Mitratech as they explore 2023’s current cyber risk...more
Report on Patient Privacy 22, no. 1 (January, 2022) - As the COVID-19 pandemic enters its third year, real “security fatigue” with pandemic-related issues will combine with cybercriminals’ increasingly sophisticated...more
An executive order was signed on May 12, directing the federal government to overhaul its approach to cybersecurity. Corporate compliance and risk management professionals should consider this order carefully — because, in...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
The old saying goes, personnel is policy. This may be particularly true at this point in federal cybersecurity policy, where multiple agencies and Congressional committees play changing roles, including expanding capacities...more
Our Virtual Regional Healthcare Compliance Conferences provide updates on the latest news in regulatory requirement, compliance enforcement, and strategies to develop effective compliance programs. Watch, listen, and ask...more
For the second year in a row, Foley & Lardner LLP and PYA hosted a compliance master class on various health-related compliance issues. “Let’s Talk Compliance” is an annual one-day event featuring a panel of presenters that...more
Just recently, Equifax had the largest-ever settlement for a data breach. They are to pay at least $575 million, and potentially as much as $700 million, to settle allegations over its massive 2017 data breach. What we tell...more
In its recent Cybersecurity Strategy, the U.S. Department of Homeland Security (DHS) defined “cyberspace” as “the independent network of information technology infrastructure, including the Internet, telecommunications...more
Two major security flaws recently discovered in nearly all the world’s microprocessors, termed Meltdown and Spectre, leave much of the world’s computers vulnerable to hackers looking to steal entire memory contents. They...more
On February 1, 2016, the Federal Deposit Insurance Corporation (“FDIC”) published the Winter 2015 issue of Supervisory Insights. Not surprisingly, the first article dealt with the most important issue facing the financial...more
Non-Enforcement Cybersecurity Is At the Top of SEC Examination Concerns In a recent SEC “risk alert” for registered broker-dealers and investment advisers, the SEC’s Office of Compliance Inspections and Examinations (OCIE)...more
On September 15, 2015, the Office of Compliance Inspections and Examinations (OCIE) of the Securities and Exchange Commission (SEC) issued a Risk Alert announcing its second round of examinations of registered investment...more