No Password Required: LIVE From Sunshine Cyber Con
An Update On IOT Device Breaches, Framework, And Legislation
Your Cyber Minute: Importance of the GDPR to the global business community
Your Cyber Minute: The Implications of the GDPR for Cybersecurity
How to Respond to President Obama's Cybersecurity Executive Order
The National Institute of Standards and Technology (NIST) has been a leading voice in cybersecurity standards since 2013, when President Obama’s Executive Order on Improving Critical Infrastructure Cybersecurity tasked NIST,...more
Our Health Care and Privacy, Cyber & Data Strategy Groups cover an upcoming proposed rule from U.S. Health and Human Services (HHS) that would formalize cybersecurity requirements and allow the Office for Civil Rights (OCR)...more
In this post in our series on basic cybersecurity concepts for lawyers (see here and here for prior posts), we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a...more
Recently, the National Institute of Standards and Technology (NIST) released its second public draft of Digital Identity Guidelines (Draft Guidelines). The Draft Guidelines focus on online identity verification, but several...more
The Securities and Exchange Commission’s cybersecurity-related case against SolarWinds and its CISO was largely dismissed, but a securities fraud claim against the CISO lives on. Our Securities Litigation, Privacy, Cyber &...more
Companies, particularly those in “critical infrastructure” sectors, have seen a dramatic increase in cybersecurity regulatory requirements in just the past few years – and the White House is looking to move faster. At the...more
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the...more
In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws. The National Institute of Standards and Technology (“NIST”)...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was...more
These days, cyber regulators are in a hurry. Commentators have observed, the “federal government is quietly directing a seismic shift in the economy” with new mandates. Ann Neuberger, Deputy National Security Advisor for...more
Corporations have struggled to manage cybersecurity risk for years, and now they have a new tool to help them bring order to chaos: a new and improved cybersecurity risk management framework, released at the end of February...more
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
Biden Administration Issues Executive Order Restricting Bulk Transfers of U.S. Citizens' Personal Data to “Countries of Concern” - On February 28, 2024, President Biden issued an Executive Order (“EO”) to address the...more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
The National Institute of Science and Technology (NIST) has released NIST Cybersecurity Framework (2.0) (Framework 2.0). NIST released two earlier versions of the Framework for Improving Critical Infrastructure Cybersecurity...more
Cybersecurity compliance, governance, and disclosure practices have evolved significantly over the past decade. As we have noted in prior blog posts, the U.S. Securities and Exchange Commission is requiring cybersecurity...more
The National Institute of Standards and Technology released an updated version of its Cybersecurity Framework, CSF 2.0. earlier this week. The CSF, initially launched in 2014, is a tool developed by NIST to help private...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the long-awaited second version of the Cybersecurity Framework (CSF). Dubbed “CSF 2.0,” it contains a few significant changes...more
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
A previous installment discussed the centrality of network topology to an organization’s data security and outlined the legal framework and obligations incumbent upon many organizations in the U.S. The first installment can...more
The National Institute of Standards and Technology (NIST) is updating version 1.1 of the Cyber Security Framework (CSF). Version 2.0 will be released in final form sometime in 2024, but the August 08 working draft of the CSF...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant...more
In early August, the National Institute of Standards and Technology released the initial public draft of its Cybersecurity Framework 2.0. The draft is a long-awaited update to a framework that’s been in place for almost 10...more