Information Security

News & Analysis as of

CFPB Information Security Remains a Challenge

The Office of the Inspector General (OIG) has released the “2015 list of major management challenges” faced by the CFPB that the OIG believes will hamper the CFPB’s ability to accomplish the CFPB’s strategic objectives. Like...more

Information Security: MBA Whitepaper

Recently, the Mortgage Bankers Association released “The Basic Components of an Information Security Program,” for small and medium size companies in the mortgage industry that may not have the resources to stay well-informed...more

Media Query Call on Line 1: Do’s and Don’ts from an Information Security Officer

Putting your organization’s name in the paper can be a boon to both your business and your career. The ego stroke isn’t bad either; it can be quite a jolt to see your name in a trade or general news publication for the first...more

What's So Great About an Information Security Policy?

Lawyers and compliance professionals constantly tout the importance of internal information security policies, particularly in light of data privacy problems that are reported almost daily in the media. Admittedly, drafting...more

National Futures Association Proposes Cybersecurity Guidance for NFA Member Firms

NFA links NFA’s supervisory requirements with its proposed requirements mandating that NFA Members have information systems security programs. The National Futures Association (NFA) has proposed cybersecurity...more

Security Frameworks 101: Which is Right for my Organization?

These days information security is on the minds of virtually all technology professionals and business executives alike. But how does an organization ensure that their security profile is adequate. It can certainly help to...more

Social networking service, MeetMe, Inc., settles minors’ privacy violations for $200,000

On August 19, 2015, MeetMe, Inc. (MeetMe), a social networking website and mobile app, agreed to pay $200,000 and to change its privacy policies to settle a lawsuit alleging that MeetMe distributed teenagers’ geolocation and...more

Not So Far Out: OMB Memo Indicates Cybersecurity FAR Clauses Are Coming Soon

On August 11, 2015, the Office of Management and Budget (“OMB”) released a draft policy memo entitled “Improving Cybersecurity Protections in Federal Acquisitions.” The purpose of the memo is to provide federal agencies with...more

Under the Thumb: Regulatory Compliance When Outsourcing Cybersecurity Management

Managed security services are often a natural “add-on” when outsourcing IT services given that data protection is integral to application development, software as a service, and cloud storage, among other services. More...more

Germany rolls out IT Security Act

Germany's controversial IT Security Act (ITSG) came into effect on July 25, 2015.[1] The new act seeks to increase protections for German citizens, companies and government institutions that may be vulnerable to a range of IT...more

A Firewall for the Boardroom: Best Practices to Insulate Directors and Officers From Derivative Lawsuits and Related Regulatory...

Shortly after the massive 2013 Target data breach, shareholders filed four derivative lawsuits against the company’s directors and some of its officers (13 CARE 624, 3/20/15). The shareholders alleged that the defendants had...more

Assessing Your Cybersecurity Preparedness: It May Be Time to Update Your Bank’s Information Security Plan and Response Program

With increased oversight, regulatory scrutiny and risk related to cybersecurity, now is the time for those in the banking industry to be proactive in managing cybersecurity risk. Waiting until a breach occurs to formulate or...more

What Every Company’s Board Must Know About Cybersecurity

In recent years, data breaches at some of the world’s largest corporations have made news. But smaller companies are just as vulnerable, and must take steps to protect their data. In addition, businesses that serve as vendors...more

Information Security Policies and Data Breach Response Plans – If You Updated Yours In June, It’s Already Obsolete

With the recent uptick in the U.S. of lawsuits filed as a result of a data breaches, state legislators in the U.S. have been busy updating the many different state laws that dictate how a company must respond if they have...more

Trade Secret Protection: What are Reasonable Steps?

Regional and national laws are increasingly focusing on the specific steps that companies should take to protect trade secrets. In the 1996 World Trade Organization (WTO) Trade-Related Aspects of Intellectual Property Rights...more

Actions Foreshadow Uniform Cybersecurity Regulations for Federal Contractors - Two Recent Executive Agency Actions Lay the...

Federal government contractors handling Controlled Unclassified Information (CUI) should take notice of two recent executive agency actions. Combined, they lay the groundwork for a new cybersecurity clause to be added to the...more

New Whitepaper: Reasonable Steps to Protect Trade Secrets

Every company has trade secrets (so-called “crown jewels”)– confidential business and technical information – that if exposed, could result in lost sales, competitive advantage or the ability to further innovate....more

Profile of a Malicious Insider: Top Warning Signs

How are your company’s crown jewels – trade secrets, digital assets and the like – most likely to be compromised? Although coverage in the media would suggest that nation states or competitors are most likely to be the...more

Cybersecurity Coverage Litigation: Learning to Survive After the Second Wave Hits

It’s a familiar pattern. First, new risks inspire legislation and regulations that impose new penalties. Next, insurers and policyholders fight over whether the new liabilities are covered under traditional liability...more

Proper Disposal of Background Check Reports

A recent blog posting by the Federal Trade Commission (FTC) on data retention and disposal practices is the genesis of this blog. The posting talks about the importance of having a plan in place due to the potential that a...more

Staying Out of the FTC’s Data Security Cross-Hairs

As the Federal Trade Commission acknowledges in a recent blog post, no company wants to discover that its data security practices are under federal investigation. Yet any company that collects, uses or maintains consumer data...more

NY Dept. of Financial Services releases final Bitcoin license regulations

The New York Department of Financial Services (NYDFS) made history last summer when it proposed Bitcoin regulations (reportedly the first in the nation) including the requirement that financial firms handling virtual...more

US Department of Commerce proposes licensing requirements for export and transfer of cybersecurity items

In December 2013, the Wassenaar Arrangement - a group of 41 countries including the United States - agreed to add so-called cybersecurity items to its list of controlled dual-use items. On May 20, 2015, the Department of...more

[Webinar] Cyber Threats and the Crown Jewels: Practical Steps to Protect Corporate Assets - June 24, 9 a.m. EDT

Information security is a growing concern for companies and legal teams around the world. The rising tide of cybersecurity issues and insider threats pose great risks to a company’s crown jewels: its intellectual property....more

The Buck Stops Here: CEOs Held Most Accountable by Directors for Major Data Breaches

According to a recent joint survey of nearly 200 directors of public companies by the New York Stock Exchange and Veracode, CEOs are most likely to be held responsible in the event of a major data breach, ahead of the chief...more

43 Results
View per page
Page: of 2

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.