Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Imagine a world in which powerful computers can instantaneously break a company’s standard encryption, threatening the most valuable financial data, intellectual property, personal information, and even national security...more
In this week’s edition of Consumer Protection Dispatch, we look at the latest regulatory developments from the U.S. Department of Commerce, Consumer Financial Protection Bureau, and the Securities and Exchange Commission...more
Experts estimate that within the next decade or so, adversaries will have the capacity to use quantum computing to break the encryption on virtually all existing digital databases. This is why it is highly significant...more
Most people don’t know, or care to know, about cryptography. Without cryptography, the internet privacy that we all rely on for transmitting virtually all forms of digital communication would be insecure from attackers. Our...more
The President’s new Executive Order on Improving the Nation’s Cybersecurity includes wide-ranging measures intended to strengthen security standards for the federal government and federal government contractors in response to...more
Storage infrastructure, along with computing and network infrastructures, represents one of the fundamental pillars of Information Technology (IT). Just like computing and networking, the storage infrastructure landscape is...more
The State Department has adopted an important new ITAR amendment confirming that if controlled technical data is encrypted using end-to-end encryption, the transfer of such data outside the U.S. is not considered an export...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In late December, New York State’s Department of Financial Services (“DFS”) released its revised proposed cybersecurity regulation (the “DFS Rule”). While the revisions pare back some of the DFS Rule’s original requirements...more
As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by...more
Whether you realize it or not, you are probably storing some personal or business data in the cloud. The National Institute of Standards and Technology (NIST) defines cloud computing as a model for enabling ubiquitous,...more
Last week, the FTC published a blog post titled The NIST Cybersecurity Framework and the FTC, in which the agency issued a nuanced answer to an oft-asked question: “If I comply with the NIST Cybersecurity Framework, am I...more
The National Association of Insurance Commissioners’ (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more
The National Association of Insurance Commissioners (NAIC) Cybersecurity Task Force released a revised draft of the Insurance Data Security Model Law (Model Law) last week. The Model Law’s goal is to “establish exclusive...more
The National Institute of Standards and Technology (NIST) announced last week that it is seeking comments on its draft publication “Recommendation for the Entropy Sources Used for Random Bit Generation.” What does this mean...more
Data encrypted in accordance with the Advanced Encryption Standard (“AES”) gives dentists a “safe harbor” in the event of certain breaches of patient information. However, those relying on Henry Schein’s Dentrix G5 software...more
Earlier this month, Henry Schein Practice Solutions, Inc. (“Schein”), a provider of office management software to dental practices, learned the hard way that exaggerating the capabilities of its products can be very costly....more
The FTC reached a $250,000 settlement with a 20-year consent order with Henry Schein Practice Solutions, Inc. over its use of allegedly subpar encryption technology in its offering to dental practices. This settlement is...more
Everyone in healthcare knows that the next round of HIPAA audits is coming. Covered entities and business associates have long been advised to review and update their HIPAA security risk analyses, have business associate...more
In 2014, the United States Court of Appeals for the Third Circuit ruling in FTC v. Wyndham Worldwide Corporation agreed to hear an immediate appeal on two issues: “whether the FTC has authority to regulate cybersecurity under...more
The National Institute of Standards and Technology (NIST) cybersecurity center released a draft guide last week for health IT professionals to use to bolster security for the use of mobile devices in the health care industry....more
In the latest edition of the PCI Council’s Assessor Newsletter, the Council previewed a proposed change related to the use of Secure Socket Layer (SSL) protocol for encrypting communications between your website’s e-commerce...more
As a service to our readers, we have distilled last week’s joint HHS Office of Civil Rights (OCR) and National Institute of Standards in Technology (NIST) conference, “Safeguarding Health Information: Building Assurance...more
The National Institute of Standards and Technology (NIST) has issued guidelines to help federal agencies manage and secure mobile devices used by their employees for government business....more