National Institute of Standards and Technology Cyber Attacks

News & Analysis as of

September Privacy and Security Updates

Although National Cyber Security Month isn’t until October, September has brought plenty of privacy and security updates that health care companies need to be aware of. In this post, we review guidance from the Office for...more

FFIEC Provides Concrete Guidance on Setting Up Information Security Programs

The Federal Financial Institutions Examination Council (FFIEC)—the interagency body tasked with setting uniform principals and standards for the examination of financial institutions by federal prudential regulators,...more

FTC Round-Up: NIST Framework Compliance Is Not Enough and Looming Ransomware Enforcement Activity

On August 31st and September 7th, 2016, the Federal Trade Commission (FTC) provided guidance regarding cybersecurity standards, which companies should consider when assessing their current data security posture....more

Cybersecurity and Data Breaches: How In-House Counsel Can Engage the Board

A company's board of directors has a duty to oversee all aspects of the company's risk management efforts. This includes a duty to recognize and minimize the company's exposure to cyber attacks. In today's increasingly...more

BIMCO issues cybersecurity guidelines for ships

Last week, BIMCO, along with other shipping organizations, “launched” guidelines “to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident on-board...more

Also In the News - Data, Privacy, & Security Practice Report - December 2015 #2

Harmonizing Cybersecurity And Trade Secret Protection – Many companies are investing heavily in cybersecurity and implementing a framework such as the Cybersecurity Framework from the National Institute of Standards and...more

Board Participation in Cybersecurity: What More Needs to Be Done?

High-profile data breaches seem to hit the headlines almost every day. These breaches have proved terrifying for many companies, particularly as the attackers release embarrassing emails and other information. The frequency...more

FFIEC Weighs in on Cybersecurity in Light of Unprecedented Risk of Cyber Threats

As financial institutions of all sizes continue to face unprecedented cybersecurity risk, the Federal Financial Institutions Examination Council (FFIEC) released its Cybersecurity Assessment Tool. The Assessment is...more

Disclosure Of Numerous Hacks At The U.S. Department Of Energy Renews Cybersecurity Concerns In The Energy Sector

Records produced by the U.S. Department of Energy (“DOE”) to USA TODAY under a Freedom of Information Act request revealed over 150 successful cyber intrusions into DOE computer systems between 2010 and 2014. Concerns about...more

Data Breach Response Planning: Laying the Right Foundation

Part of Bradley Arant’s Privacy and Information Security Team’s seven-part Data Breach Toolkit Webinar Series, the “Data Breach Response Planning: Laying the Right Foundation” webinar, led by Paige Boshell and Amy Leopard,...more

Incident Response Practice Tip: Balance Meeting Breach Notification Deadlines With Securing Your Network

State breach notification statutes are being amended on almost a monthly basis. Several laws have, or will soon have, a mandatory notification deadline for notifying affected individuals after the discovery of the incident....more

The OMB’s New Cybersecurity Guidance for Federal Contractors

Is Controlled Unclassified Information Out of Control? The OMB apparently thinks so. On August 11, 2015, the Obama administration, through the Office of Management and Budget (OMB), which is the largest office within the...more

Government Websites With Cybersecurity Tips & Information

As part of the government’s recent clarion call to improve our individual and collective cybersecurity posture, several federal and state agencies have released a variety of guidelines, frameworks, best practices and tips. ...more

FTC Can Regulate Cybersecurity Practices, Third Circuit Rules

The Federal Trade Commission (FTC) can regulate cybersecurity policies and procedures as “unfair” acts or practices under Section 5 of the FTC Act, the U.S. Court of Appeals for the Third Circuit has ruled in a very important...more

Federal Appeals Court Recognizes for the First Time the FTC’s Authority to Enforce Cybersecurity Practices

On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more

Defense Department Issues Interim Rule Requiring Contractor and Subcontractor Reporting of Cyber Incidents

On August 26, 2015, the Department of Defense (DoD) published a long-awaited Interim Rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to require “rapid” reporting of “cyber incidents” that result in...more

New Guidance for Financial Institution Directors and Officers In Cybersecurity Preparedness

Earlier this summer, the Federal Financial Institutions Examination Council (FFIEC) released its highly anticipated Cybersecurity Assessment Tool (Assessment), which is designed to assist financial institutions in identifying...more

NIST Guide Highlights Cybersecurity Considerations for Utilities and Manufacturing Companies

In 2013 alone, the U.S. Department of Homeland Security (DHS) and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to more than 256 cyber-incident reports—more than half of them in the energy...more

OMB Issues Guidance on Government Contractors’ Cybersecurity Systems

The Office of Management and Budget (OMB) released a draft guidance document on Aug. 11, 2015, titled “Improving Cybersecurity Protection in Federal Acquisitions” (the “OMB Guidance”). The OMB Guidance instructs agencies on...more

New NIST Guide Advises Healthcare Companies on Securing Patient Health Information on Mobile Devices

In response to a growing demand for cybersecurity guidance in the health care industry, the National Institute of Standards and Technology (NIST), through its National Cybersecurity Center of Excellence, recently published a...more

NIST Issues Draft Guidance for Mobile Health Data

With health care breaches constantly on the rise, increasing access to electronic health records (EHRs) from mobile devices, and more prevalent “shadow” cloud use, health care organizations are getting a bit of help from the...more

Higher Education Institutions Increasingly Falling Victim to Cyberattacks

Higher education institutions are treasure troves for hackers. Colleges and universities are huge repositories of research data, sensitive information for large populations of applicants and enrolled students (personal,...more

FERC, NERC and Business Blackout: New CIP Standards and Fictional Cyber Attacks

The Federal Energy Regulatory Commission (FERC) issued a Notice of Proposed Rulemaking (NOPR) July 16, 2015, proposing to approve various Critical Infrastructure Protection (CIP) reliability standards proposed by the North...more

FFIEC Cybersecurity Assessment Tool: Not Just For Financial Institutions

On June 30, 2015, the Federal Financial Institutions Examination Council (FFIEC) released its long anticipated Cybersecurity Assessment Tool (press release here). The FFIEC is a formal interagency organization empowered to...more

Breaking Down the DOJ Cybersecurity Unit’s Guidance on Responding to Cyberattacks

Another federal agency has weighed in with “guidance” on cybersecurity preparation and breach response. The Department of Justice (DOJ) is the latest to issue guidance on how companies should respond to data breaches. The...more

36 Results
View per page
Page: of 2
JD Supra Readers' Choice 2016 Awards

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.