No Password Required: SVP at SpyCloud Labs, Former Army Investigator, and Current Breakfast Champion
Fintech Focus Podcast | Responding to a Cyber Attack – Key Considerations for GCs and CISOs
On-Demand Webinar: Bring Predictability and Reduce the Spiraling Cost of Cyber Incident Response
Episode 334 -- District Court Dismisses Bulk of SEC Claims Against Solarwinds
The Justice Insiders Podcast - Human Beings: Cybersecurity's Most Fragile Attack Surface
FBI Lockbit Takedown: What Does It Mean for Your Company?
Privacy Officer's Roadmap: Data Breach and Ransomware Defense – Speaking of Litigation Video Podcast
Decoding Cyber Threats: Protecting Critical Infrastructure in a Digital World — Regulatory Oversight Podcast
No Password Required: Chief Adversarial Officer at Secure Yeti, a DEF CON Groups Global Ambassador, and a World-Class Awkward Hugger
2023 DSIR Deeper Dive: How International and Domestic Regulatory Enforcement Spotlights the Information Governance Tensions Between ‘There’ and ‘Here’ and Between ‘Keep’ and ‘Delete’
Marketing Minute with NP Strategy (Video): How to Respond to a Cyber Security Breach
Life With GDPR – Lessons Learned from The Singtel Opus Data Breach
No Password Required: Founder and Commissioner of the US Cyber Games, CEO of the Cyber Marketing Firm Katzcy, and Someone Who Values Perseverance Over Perfection
2023 DSIR Deeper Dive: State Privacy and Data Collection
Digital Planning Podcast Episode: When Cyber Attacks Hit Home
No Password Required: Threat Intelligence Analyst at Recorded Future, the Ransomware Sommelier, and a Guy With a Mildly Exciting Expense Account
Compliance & Disaster Preparedness
Taking the Pulse, A Health Care and Life Sciences Video Podcast | Episode 157: Sarah Glover, Maynard Nexsen Cybersecurity Attorney
Overview of Cybersecurity in Government Contracts
Episode 282 -- CISO and CCOs -- The Evolving Partnership
With the HIPAA Security Rule set to undergo a massive overhaul to boost cybersecurity protections, PEOs need to take note. After all, as stewards of worksite employee and client company data – and as sponsors of group health...more
On December 27, 2024, the Department of Health and Human Services (HHS) issued a notice of proposed rulemaking (NPRM) related to the Security Rule under the Health Insurance Portability and Accountability Act (HIPAA). ...more
The HIPAA Security Rule may soon undergo a big overhaul that would better defend healthcare data from cybersecurity threats – and require much more from covered entities when it comes to establishing and maintaining defenses....more
The Commerce Department’s Bureau of Industry and Security (BIS) has proposed a rule that would establish reporting requirements to track development of advanced artificial intelligence (AI) models, in accordance with...more
As discussed in our previous blog post, the Cybersecurity and Infrastructure Security Agency (CISA) is proposing a significant new rule to bolster the nation’s cyber defenses through mandatory incident reporting. While...more
CISA's proposed rules will require organizations operating in U.S. critical infrastructure sectors to report cyber incidents within 72 hours and ransom payments within 24 hours. ...more
In 2025, new federal reporting requirements will require hundreds of thousands of organizations to report cyber incidents within hours of discovery to the United States Government, marking a significant impact on how...more
On March 15, 2022, the Cyber Incident Reporting for Critical Infrastructure Act of 2022 was signed into law. Generally, CIRCIA requires “covered entities,” defined as entities in certain critical infrastructure sectors, to...more
A sweeping array of businesses are another step closer to requirements to report cybersecurity incidents and ransomware payments to the federal government. On April 4, 2024, the U.S. Department of Homeland Security's (DHS)...more
On March 27, 2024, the Cybersecurity & Infrastructure Security Agency (CISA) within the US Department of Homeland Security released a much-anticipated notice of proposed rulemaking (NPRM) to implement the Cyber Incident...more
The federal Cybersecurity and Infrastructure Security Agency (CISA) released a draft of its proposed rule detailing how covered entities operating in critical infrastructure sectors report cyberattacks and ransomware payments...more
Prepare your organization to stay one step ahead in the ongoing battle against cyber and IT risk management. As organizations increasingly leverage third-party services and cloud technologies, cybercriminals are becoming...more
The U.S. Securities and Exchange Commission’s (SEC) 2023 Spring Unified Agenda of Regulatory and Deregulatory Actions was released last month and includes an anticipated action date for finalizing rules for cybersecurity...more
The Securities and Exchange Commission is proposing new cybersecurity disclosure rules for public companies. According to the SEC, while public companies have improved their cyber disclosures over time, overall, they have...more
On March 9, 2022, the U.S. Securities and Exchange Commission (“SEC”) proposed amendments to its rules to require additional disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by...more
Increasingly, the Federal government implements a rule for government contractors which then makes its way in some form into all of US industry. Cybersecurity regulations, mandating that government contractors, grant and...more
The Securities and Exchange Commission is busy. The new Chairman Gary Gensler hit the ground running and is pushing an active agenda of policy issues and enforcement. Along with this push, the SEC’s new enforcement director,...more
On March 15, 2022, President Biden signed into law the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (the “Act”) as part of an omnibus appropriations bill. The Act compels “covered entities” — companies in...more
In the wake of Russia’s invasion of Ukraine, and amid growing concerns regarding the threat of increased cyberattacks targeting infrastructure and other critical industries, there has been a flurry of federal activity to...more
In This Issue. The U.S. Securities and Exchange Commission (SEC) proposed rules to include certain significant market participants as “dealers” or “government securities dealers” to essentially eliminate the trader exclusion...more
On March 9, 2022, the Securities and Exchange Commission (SEC) proposed amendments to its rules that would require certain cybersecurity-related disclosures by public companies. The proposed rules are intended to enhance and...more
The United States Congress recently passed legislation that includes new cybersecurity provisions requiring critical infrastructure providers to report cyber security incidents, including the payment of ransom, to the...more
THE SEC’S RULE PROPOSALS AIM TO ASSIST INVESTORS - On March 9, 2022, the U.S. Securities and Exchange Commission (SEC) proposed new rules “to enhance and standardize disclosures regarding cybersecurity risk management,...more
On March 1, the Senate unanimously passed the Strengthening American Cybersecurity Act of 2022, which will require critical infrastructure companies to report significant cyber-incidents and all ransom payments to the...more
Last week, the SEC proposed rule amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. The proposed rules include an...more