Cybersecurity Framework

News & Analysis as of

Consumer Protection Organization Petitions FTC To Enforce U.S.-EU Safe Harbor Framework

On August 14, the Center for Digital Democracy (CDD) announced that it filed a complaint with the FTC claiming that 30 U.S. companies are compiling, using, and sharing EU consumers’ personal information without their...more

Business Litigation Alert: "Cybersecurity Costs Rising: How will the Government Respond?"

A new study reveals that hackers now cost consumers and businesses between $375 and $575 billion worldwide, with North America and Europe experiencing the highest losses. Those numbers are only expected to grow as the U.S....more

Article 29 Working Party Publishes Statement on the Risk-Based Approach to Data Protection

On May 30, 2014, the European Union’s Article 29 Data Protection Working Party adopted “Statement on the role of a risk-based approach in data protection legal frameworks” (WP281). The Working Party, made up of EU member...more

Bank of England Launches New Framework to Test for Cyber Vulnerabilities

On June 10, the Bank of England launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated cyber-attack. The new framework is called CBEST and was launched in May 2014. ...more

Commissioner Aguilar Shares His Views on Directors’ Oversight of Cyber-Risk Management

On June 10, 2014, Commissioner Luis A. Aguilar spoke at a NYSE conference, “Cyber Risks and the Boardroom,” about what boards of directors should do to ensure that their companies are appropriately considering and addressing...more

Orrick's Financial Industry Week in Review

Bank of England Launches New Framework to Test for Cyber Vulnerabilities - On June 10, the Bank of England launched a new framework to help identify areas where the financial sector could be vulnerable to sophisticated...more

UK Government launches “Cyber Essentials” badge

The UK Government has launched a new cyber security certification framework called “Cyber Essentials“. This is part of a continuing effort to get business to take cyber security seriously in the wake of the recent...more

SEC Commissioner Calls on Corporate Boards to Address Cybersecurity—Refers to NIST Cyber Framework as “the Bible”

While attending the "Cyber Risks and the Boardroom" Conference at the New York Stock Exchange on Tuesday, June 10, 2014, U.S. Securities and Exchange Commissioner Luis Aguilar called on corporate boards to make sure they are...more

Will the Cybersecurity Framework Create a New Standard Operating Procedure for Businesses?

On February 12, 2013, President Barack Obama issued Executive Order 13636 (EO 13636) entitled “Improving Critical Infrastructure Cybersecurity.”EO 13636 noted the importance of cybersecurity for the nation’s security and...more

The SEC’s Cybersecurity Assessment: A Roadmap for Companies Nationwide

The U.S. Securities & Exchange Commission (SEC) provided cybersecurity guidance to the securities industry in the form of a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE) on April 15,...more

Evolving Data Protection Regimes in the Asia-Pacific Arena and Their Impact on Litigation: Part II – Country-Specific Policies

Part I of this article addressed basic concepts of data privacy as set out in the policies of numerous regional and multilateral organizations, including the Organisation for Economic Co-operation and Development (“OECD”),...more

The NIST Cybersecurity Framework: Four Takeaways For The Energy Industry

On February 12, 2014, the Commerce Department’s National Institute of Standards and Technology (NIST) released its “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”). Developed jointly by...more

SEC Cybersecurity Initiative: Five Steps ALL Broker-Dealers and Investment Advisers Should be Taking

Last week, the U.S. Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) released a Risk Alert announcing its Cybersecurity Initiative....more

5 Things Every Company's Data Security Program Should Include

What's the one thing every company's data security program must include? That's the question we put recently to experts in the field, knowing that, especially after Heartbleed, the diversity of responses would create an...more

Trendy “Cybersecurity” Versus Traditional “Information Security” Two Sides of the Same Security Coin

Cybersecurity has become a dominant topic of the day. The Snowden revelations, the mega-data breaches of 2013, the pervasiveness of invisible online “tracking” and the proliferation of “ data broker” trading in personal data...more

New Cybersecurity Framework Revealed

The framework provides standards and best practices for identifying, assessing, and managing cybersecurity risk. Now that the Obama administration has unveiled the final version of its anticipated Cybersecurity...more

Federal Court Upholds FTC’s Authority To Bring Enforcement Actions Over Data-Security Standards; Will Class Actions Follow?

Already, 2014 has been an eventful year in the world of data breaches and cybersecurity. In addition to a flurry of litigation over high-profile breaches at the start of the year, the National Institute for Standards and...more

Cybersecurity Assessments – Using the Tool Well

Are you considering a cybersecurity assessment? If you heard Venable's presentation, "New Cybersecurity Framework Released: What You Need to Know," you might be. The Framework places increased emphasis on...more

The New Cybersecurity Framework—A Roadmap for All Companies

The recent string of well-publicized data breaches has demonstrated that cyber criminals are targeting companies of all sizes and in all industries. Even companies with the most sophisticated security systems admit that the...more

With Cyberattacks on the Rise, White House Releases Cybersecurity Framework

Given the apparent vulnerabilities evidenced by recent cyberattacks to big-box retailers, cybersecurity remains a top priority for both the federal government and private sector. On February 12, the National Institute of...more

California AG Weighs in on Cybersecurity

Just as NIST completes its version 1.0 national Framework for Improving Critical Infrastructure Cybersecurity, California Attorney General Kamala Harris has made clear she intends a leadership role for California. With a...more

California Bill Would Create Cyber Security Commission

In recognition of the increasing threat that cyber-attacks pose to the state's infrastructure and the considerable costs that government and private sectors are estimated to spend on cyber security (more than $70 billion...more

The Download - February 2014

In this issue: - Heard on the Hill - Around the Agencies - White House Developments - Venable News - Excerpt from Heard on the Hill: Congress Holds Hearings on Preventing Data...more

NIST Issues Cybersecurity Framework

On February 12, 2014, the Obama administration released the "Framework for Improving Critical Infrastructure Cybersecurity" (the "Framework"), a voluntary cybersecurity framework developed by the National Institute of...more

Remain Vigilant: Managing Cybersecurity Risks in Third-Party Outsourcing Relationships

Managing third-party suppliers presents significant compliance challenges that often span an organization, raising legal, insurance, human resources and technology concerns, to name just a few. Corporations will continue to...more

113 Results
|
View per page
Page: of 5