No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 157: Sarah Glover, Maynard Nexsen Cybersecurity Attorney
Overview of Cybersecurity in Government Contracts
Episode 282 -- CISO and CCOs -- The Evolving Partnership
The maritime industry has become a prime target for hackers. In the last few years, it has seen a steep increase in the number of shipping-related cyberattacks. The recent surge marks a new and pressing challenge for ports...more
Cyberattacks are affecting every company and sector. Meanwhile, the regulatory landscape is intensifying as the SEC continues to enforce the cyber-risk management disclosure rules. Every day presents a new compliance and...more
Paul Hastings released its SEC Cyber Incident Disclosure Report today, providing a unique look at how public companies have responded to new incident disclosure requirements. The Securities Exchange Commission (SEC) approved...more
Numbers never lie. The second most targeted industry in terms of hacking and breaches is Finance, which was the victim somewhere in the realm of 2,306 to 2,792 cyberattacks in 2023 (depending on the source). With each data...more
The U.S. Securities and Exchange Commission (SEC) Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rules officially went into effect in December 2023. Aimed at improving cybersecurity risk...more
On October 22, 2024, the SEC charged two current reporting companies, Unisys Corp. and Check Point Software Technologies, and two former public companies, Mimecast Limited and Avaya Holdings Corp., with making materially...more
Let’s review for a moment. It’s not a HIPAA violation to be a victim of ransomware. It’s not a HIPAA violation to pay a ransom. It’s up to the covered entity (CE) to determine if a security or privacy incident is a...more
Cyber incidents have been growing at an exponential rate in recent years. A recent report from the Identity Theft Resource Center found that there were over one billion data breach victims in Q2 of 2024, which is around five...more
On June 24, 2024, the U.S. Securities and Exchange Commission (SEC) Division of Corporation Finance (Corp Fin) added to its Compliance and Disclosure Interpretations (C&DI) related to disclosure of Material Cybersecurity...more
As questions and commentary continue to arise with respect to the SEC’s rules on disclosure of material cybersecurity incidents, the SEC staff has sought to provide additional guidance on the application of the final...more
New regulations continue to push boards in the direction of active engagement in their cyber oversight role, including breach response. But, how can boards strike the right balance in their oversight role during a significant...more
Data security is a top concern for organizations in today’s digital landscape. It protects data from unauthorized access, use, modification, or disclosure, and requires implementing technical, administrative, and physical...more
Report on Patient Privacy 23, no. 11 (November, 2023) Tim DiBona clearly remembers Christmas Eve 2018 when the staff of his small firm—Doctors’ Management Service (DMS)—arrived at their West Bridgewater, Mass., office to...more
The U.S. Securities and Exchange Commission’s (SEC) impending cyber disclosure rule, slated to commence on 15 December 2023, underscores an imperative shift towards a more transparent and accountable cybersecurity posture for...more
Report on Patient Privacy 23, no. 10 (October, 2023) Kaiser Foundation Health Plan Inc. and Kaiser Foundation Hospitals will pay California $49 million to resolve allegations that they unlawfully disposed of hazardous waste,...more
On July 26, the Securities and Exchange Commission (SEC) adopted new cybersecurity rules. Organizations will need to disclose material cyber incidents pursuant to a prescribed timeline and information regarding risk...more
A cyber incident response plan is a set of guidelines and protocols designed to help an organization detect, respond, contain, and manage any form of a cybersecurity breach. It outlines how best to safeguard the organization...more
The UK government confirmed on 30 November 2022 that there will be changes to the UK’s cybersecurity regulations in response to a public consultation launched earlier this year. This follows recent updates relating to the...more
The Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA” or “the Act”) is a new federal law, adopted in March 2022, which requires critical infrastructure entities to report certain cybersecurity incidents and...more
Mark Lanterman, Chief Technology Officer of Computer Forensic Services lives technology at its most terrifying, helping organizations manage the risks of the IT we all use constantly. Recently he authored an article...more
On October 8, 2015, California Governor Jerry Brown signed A.B. 964 and S.B. 570 into law, a pair of bills that amended the Golden State’s data breach notification statute (Ca. Civ. Code § 1798.82). The amendments...more
On October 6, California Governor Jerry Brown signed legislation updating California’s data breach notice statute for the third time in three years. The news was quickly overshadowed by the CJEU’s decision invalidating the...more
The SEC announced last week that an investment adviser had agreed to settle charges that it failed to take required steps to protect against and respond effectively to a cybersecurity breach. The action comes on the heels of...more