Information Security and ISO 27001
A Compliance Officer Turned Board Member's Advice
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Cyberside Chats - Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Modernize your Information Governance: Building a Framework for Success
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Canna We Talk Cannabis? Cybersecurity Risks Bring Growing Pains to Cannabis Businesses
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Phishing and Vishing and Smishing (Oh my!): New Types of Scams Require Increased Vigilance
ISO 27001 is the leading standard for information security management systems. As Mel Blackmore, CEO of UK-based Blackmores explains, it is a framework that applies and is of value regardless of an organization’s size, sector...more
NETWORK AND INFORMATION SECURITY 2 DIRECTIVE (NIS2) - WHO WILL BE IN SCOPE? Operators of essential and important services across various sectors including energy, transport, banking, health, medical devices, chemicals...more
Pressure for companies to use AI to gain a competitive advantage (or at least not fall behind versus competitors) is steadily rising, and in 2024, CEOs will push their Legal, Compliance, Privacy, and IT Teams to deploy AI...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
This week, the SEC filed a high-profile litigation asserting fraud and internal controls charges against software company SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, in connection with...more
The use of artificial intelligence (AI) in the preparation of materials filed with the courts has been the subject of recent practice directions, with certain Canadian courts requiring that any reliance on AI by a litigant...more
The term cybersecurity is thrown about because it covers so many risks. There is no common definition of cybersecurity and the technical elements included in the term. From a technical standpoint, cybersecurity covers...more
Third-party vendors pose a significant risk - The greatest data privacy threat to companies is commonly thought to be that company’s employees. While employees can be a threat, the majority of data breaches and ...more
The recent arrest and criminal charges against Airman First Class Jack Teixeira for the alleged posting of classified and sensitive information on social media is yet another example of the significant risk that trusted...more
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing...more
A seguito dell’entrata in vigore del D. Lgs.10 agosto 2018, n. 106 che ha dato attuazione alla Direttiva (UE) 2016/2102 “relativa all’accessibilità dei siti web e delle applicazioni mobili degli enti pubblici” è stata...more
Currently defense contractors who receive or create Controlled Unclassified Information (“CUI”) from or for the U.S. Department of Defense (“DoD”) are subject to several contract-based cybersecurity requirements, including...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 3.0, released on September 14, 2022. The public comment period currently is open and closes on October...more
In case the complexities of corporate data weren’t creating enough turbulence to keep corporate and legal teams up at night, along comes a prolonged pandemic to really shake things up. Because now, a complex data landscape...more
Cybersecurity experts around the world are scrambling to sound the alarm about a newly discovered security vulnerability that could be used by attackers to easily infiltrate computer systems. The vulnerability is found in...more
Report on Patient Privacy 21, no. 11 (November, 2021) - Attorney Brad Hammer doesn’t always don a suit and tie, or what he calls his “lawyer’s uniform.” A privacy and security expert and founder of the Vakaris Group based...more
In many ways, the COVID-19 pandemic has served as a prime example of punctuated equilibrium. Shifts that have been slowly building for decades seemingly occurred overnight, giving us the contradictory sense that these changes...more
Mandiant, a division of FireEye, has reported that it has discovered a vulnerability in a software protocol that enables hackers to gain access to audio and visual data on smart devices including baby monitors and web...more
The FedRAMP Program Management Office is seeking comments on its draft FedRAMP Authorization Boundary Guidance, Version 2.0, released on July 13, 2021. The public comment period currently is open and closes on September 13,...more
Speaking of security education and training, the National Cybersecurity Center this week launched a new initiative to offer cyber-hygiene and IT security sessions to elected state government officials and their staff for...more
Last month there was a cyber-attack suspected to have been perpetrated by Russian hackers. The attack was traced back to third party – a network management software vendor, SolarWinds. Among its 300,000 customers, SolarWinds...more
After undergoing several rounds of revisions to the 2019 draft specifications, the new Information Security Technology-Personal Information Security Specifications (GB/T35273-2020) (New Personal Information Specifications)...more
The Financial Industry Regulatory Authority (“FINRA”) has issued a special alert to its member firms, alerting them to an imposter website: www.finnra.org (containing an extra “n”)....more
Given the choice between credit card data and digital health records, cybercriminals prefer the latter. A stolen credit card can be canceled. Electronic protected health information (ePHI) with its treasure-trove of...more
China’s State Administration for Market Regulation and the State Standardization Administration issued the recommended national standards named the Information Security Technology - Personal Information Security...more