Find Someone Observant: The Vital Role of Facility Security Officers
2023 DSIR Report Deeper Dive into the Data
Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
Debra Geroux and Scott Wrobel on Responding to Data Breaches
The EU recently introduced the AI Act, landmark legislation aimed at regulating artificial intelligence (AI) technologies. This article provides an in-depth overview of the EU AI Act, its implications for organizations, and...more
On February 8, 2024, the Federal Communications Commission outlawed AI-generated voices in robocalls and with the upcoming Presidential election in the United States, it is easy to see why. Imagine the implications if “leaked...more
When evaluating cybersecurity and data protection risk for our clients, the two most fundamental questions that need to be answered are: How vulnerable is our organization to active cyber threats that are likely to...more
Learning Objectives: - Benefits of doing a comprehensive security risk assessment - Understanding of the scope of a comprehensive risk assessment - Ability to evaluate their current security risk assessment - Ability to...more
The New York Department of Financial Services (NYDFS) on Nov. 9, 2022, released Proposed Amendments to its Cybersecurity Regulation. The NYDFS Cybersecurity Regulation was one of the first laws requiring companies to comply...more
Ken Mendelson welcomes back Andy Cottrell, the founder and CEO of cybersecurity consulting firm Truvantis to talk more about cybersecurity frameworks. They discuss the difference between a cyber audit and cyber assessment and...more
The global central bank cooperative body envisions stablecoins within the context of international standards for payment, clearing, and settlement systems. Among the different types of digital assets, global authorities...more
As summarized in the first installment of our two-part blog series, President Biden recently issued a sweeping Executive Order aimed at improving the nation’s cybersecurity defense. The Order is a reaction to increased...more
In a rare move, the Department of Health and Human Services (HHS) has issued a warning to hospitals and health systems to prioritize the patching of a two-year-old vulnerability in picture archive communication systems...more
The U.S. Securities and Exchange Commission (SEC) has launched a stunning salvo across the bows of public companies with its announcement of civil monetary penalties and a cease-and-desist order against First American...more
U.S. hospitals, already on the front lines of fighting the coronavirus pandemic, are now facing viral attacks by cybercriminals. More than 20 U.S. hospitals and health care organizations have reported their data being held...more
Following Ubiquiti’s security incident and its subsequent recommendation to change your router password and enable multi-factor authentication, and the fact that it is widely reported that using default passwords on routers...more
The Office of Civil Rights (OCR) at the U.S. Department of Health and Human Services recently published its findings from audits conducted in 2016 and 2017 of covered entities’ and business associates’ compliance with...more
On October 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a joint cybersecurity advisory (the...more
In response to challenges facing the financial services industry as a result of coronavirus (COVID-19), New York's Department of Financial Services (DFS) has issued a COVID-19 compliance order, along with a series of industry...more
On 5 December 2019 the Bank of England (Bank), UK Prudential Regulation Authority (PRA) and UK Financial Conduct Authority (FCA) published coordinated consultation papers and policy on new requirements to strengthen...more
We are living in the age of data and big data, where everyone wants to collect as much information as possible. The ability to analyze and monetize such information is a key strategy and selling point for many businesses. ...more
Government contractors are no strangers to the numerous quality standards and assurances required by the government. Over the past several years, cybersecurity in federal contracting has emerged as yet another standard to...more
The Health Insurance Portability and Accountability Act (“HIPAA”) was created for one specific reason – evolution of technology. Today, health care providers are using online clinical applications and electronic health...more
James Grago has a nice business going. He runs a website called ClixSense.com that permits users to earn money by completing surveys and watching advertisements. Revenues grew from $6.7 million in 2015 to $9.1 million in...more
California has taken bold steps to regulate the privacy and security of personal information, creating unprecedented remedies for data breaches and recognized European-style rights for consumers in their data. On September...more
The Federal Trade Commission is putting more teeth into the multiyear compliance obligations of consent orders it enters into with companies to settle enforcement actions related to data breaches. The FTC recently issued a...more
In data privacy and security jargon, an insider threat usually includes: an employee who creates a security risk due to a lack of awareness or carelessness, but doesn’t mean to do...more
Encryption refers to the process of converting data into a form that is unreadable unless the recipient has a pre-designated algorithm, a “key,” and a password to convert the information into readable text. Most statutes,...more
On Sept. 19, 2018, the U.S. Department of Defense (DoD) issued a corrected Class Deviation 2018-O0020, to remove the sunset provision in DFARS 239.73, "Requirements for Information Relating to Supply Chain Risk," that was due...more