National Institute of Standards and Technology

News & Analysis as of

NIST Vetting Guidance Valuable for Health Care Organizations Seeking to Use Third-Party Apps

The mobile app and wearables market in health care is booming, most recently evidenced by Apple’s entry into the market with its widely-anticipated “HealthKit,” a purportedly secure platform that allows mHealth apps to share...more

NIST Issues Draft Report Enumerating Risks and Protections to Consider When Evaluating Mobile Apps for Your Enterprise

As the world recovers from the excitement leading up to Tuesday’s Apple Live Event announcement of the new iPhone 6 and Apple Watch, mobile app developers are chomping at the bit to create software that leverages the new...more

Privacy & Cybersecurity Update - August 2014

In This Issue: - NIST Announces October Workshop and Releases Framewok Update - Insurance Company Succeeds in Cybersecurity Litigation - Safe Harbor Under Attack — This Time From a US Group -...more

NIST Seeks Comments on Cybersecurity Framework

The National Institute of Standards and Technology (NIST), publishers of the Framework for Improving Critical Infrastructure Cybersecurity (the “Framework”) last February, have published a Request for Information in the...more

OIG Report Takes Issue With Oversight of Security Controls for Electronic Health Records

HHS Office of Inspector General (OIG) recently released a report concluding that the entity responsible for overseeing the testing and certification process for electronic health records (EHRs) did not fully ensure that...more

OIG Finds Privacy and Security Risks with ONC EHR Certification Process

It is ironic to learn the Office of Inspector General (OIG) believes the Office of the National Coordinator for Health Information Technology (ONC) essentially has an insufficient compliance program to maintain the privacy...more

House Passes Three Bipartisan Cybersecurity Bills to Protect Critical Infrastructure

On July 28, 2014, the House of Representatives passed three bills aimed at enhancing the cybersecurity efforts of the Department of Homeland Security (DHS) in certain critical infrastructure sectors, including the energy...more

Capital Thinking: Cybersecurity

Legislative Branch Activity - House Cybersecurity Legislation - This week, the House will consider four pieces of cybersecurity legislation on the floor including the National Cybersecurity and Critical...more

Capital Thinking: Cybersecurity

Legislative Branch Activity - Cybersecurity Legislation - Last week, the Senate Permanent Select Committee on Intelligence held a closed session to mark up the Cybersecurity Information Sharing Act (CISA) which...more

Cybersecurity: Having a Privacy Policy is Not Enough

With the rash of significant data security incidents that occurred in 2013 and have continued to this day, it is increasingly important for companies to have an updated cybersecurity preparedness plan. The World Economic...more

Commissioner Aguilar Addresses Boards’ Focus on Cybersecurity

One June 10th SEC Commissioner Luis Aguilar made a speech before the New York Stock Exchange, and he took the opportunity to discuss good corporate governance as it relates to cybersecurity and boards of directors....more

Survey Shows U.S. Organizations Need More Improvement To Counter Cybercriminals

Despite a surge in both the number of detected cybersecurity incidents and the financial costs associated with such breaches, a new report shows that U.S. organizations lack the necessary defenses to effectively counter...more

Government Officials Continue to Reference NIST Framework

On Thursday, June 12, 2014, while delivering remarks on cybersecurity at the American Enterprise Institute in Washington, D.C., Federal Communications Commission Chairman Tom Wheeler challenged businesses to be more proactive...more

Commissioner Aguilar Shares His Views on Directors’ Oversight of Cyber-Risk Management

On June 10, 2014, Commissioner Luis A. Aguilar spoke at a NYSE conference, “Cyber Risks and the Boardroom,” about what boards of directors should do to ensure that their companies are appropriately considering and addressing...more

Calling All Boards of Directors: Four Recommendations from the SEC

SEC Commissioner Luis Aguilar recently spoke at the New York Stock Exchange Conference “Cyber Risks and the Boardroom.” In his speech, Commissioner Aguilar emphasized the importance of cybersecurity and how fast the need for...more

SEC Commissioner Calls on Corporate Boards to Address Cybersecurity—Refers to NIST Cyber Framework as “the Bible”

While attending the "Cyber Risks and the Boardroom" Conference at the New York Stock Exchange on Tuesday, June 10, 2014, U.S. Securities and Exchange Commissioner Luis Aguilar called on corporate boards to make sure they are...more

Will the Cybersecurity Framework Create a New Standard Operating Procedure for Businesses?

On February 12, 2013, President Barack Obama issued Executive Order 13636 (EO 13636) entitled “Improving Critical Infrastructure Cybersecurity.”EO 13636 noted the importance of cybersecurity for the nation’s security and...more

The SEC’s Cybersecurity Assessment: A Roadmap for Companies Nationwide

The U.S. Securities & Exchange Commission (SEC) provided cybersecurity guidance to the securities industry in the form of a Risk Alert issued by the SEC’s Office of Compliance Inspections and Examinations (OCIE) on April 15,...more

Broker-Dealers and Investment Advisers Now Targeted by Both Cyber Intruders and SEC Cybersecurity Examiners

Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data...more

The NIST Cybersecurity Framework: Four Takeaways For The Energy Industry

On February 12, 2014, the Commerce Department’s National Institute of Standards and Technology (NIST) released its “Framework for Improving Critical Infrastructure Cybersecurity” (the “Framework”). Developed jointly by...more

Senate Commerce Committee Passes Manufacturing Bill

On April 9, the Senate Committee on Commerce, Science, and Transportation passed the Revitalize American Manufacturing and Innovation (RAMI) Act of 2013, which aims to grow U.S. manufacturing by strengthening the...more

Trendy “Cybersecurity” Versus Traditional “Information Security” Two Sides of the Same Security Coin

Cybersecurity has become a dominant topic of the day. The Snowden revelations, the mega-data breaches of 2013, the pervasiveness of invisible online “tracking” and the proliferation of “ data broker” trading in personal data...more

New Cybersecurity Framework Revealed

The framework provides standards and best practices for identifying, assessing, and managing cybersecurity risk. Now that the Obama administration has unveiled the final version of its anticipated Cybersecurity...more

Cybersecurity Is Not Just an IT Issue; It’s an IG Issue

For leaders and counsel in many organizations, the word “cybersecurity” typically triggers concerns about the IT department, conjuring images of hackers and requiring unfamiliar terminology such as “firewalls” and...more

The New Cybersecurity Framework—A Roadmap for All Companies

The recent string of well-publicized data breaches has demonstrated that cyber criminals are targeting companies of all sizes and in all industries. Even companies with the most sophisticated security systems admit that the...more

147 Results
|
View per page
Page: of 6