No Password Required: LIVE From Sunshine Cyber Con
An Update On IOT Device Breaches, Framework, And Legislation
Your Cyber Minute: Importance of the GDPR to the global business community
Your Cyber Minute: The Implications of the GDPR for Cybersecurity
How to Respond to President Obama's Cybersecurity Executive Order
Cyber regulation is changing in Australia. As governments globally grapple with the everchanging and increasingly challenging cyber landscape, Australia is poised to implement new laws and update existing regulation in order...more
RegFi co-hosts Jerry Buckley and Sherry Safchuk welcome Orrick partner Aravind Swaminathan for a conversation exploring the critical and evolving role of the Chief Information Security Officer in today’s corporate landscape.....more
Earlier this year, the National Institute of Standards and Technology (NIST) issued an update to its Cybersecurity Framework (CSF) with the release of version 2.0, the first update since April 2018 (version 1.1). While the...more
Tamiko Fletcher —CISO at Kennedy Space Center With a Heart of Gratitude Tamiko Fletcher’s career at NASA began in 1999 as a cooperative education student. Her journey to CISO over the following 20 years is nothing short of...more
In the absence of federal cybersecurity and data privacy laws, companies have to look to other sources of guidance, including industry standards, and state laws. The National Institute of Standards and Technology (“NIST”)...more
In this series of articles, we explore the different certification requirements of CMMC Levels 1, 2 and 3; the impact on contractors and external service providers; and proposed next steps... On December 26, 2023, the US...more
In response to “multiple” cyber threat vectors, the Biden administration has asked governors of all 50 states to generate cybersecurity plans within 90 days (approximately July 1, 2024) to protect local water and wastewater...more
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
NIST has updated its widely used Cybersecurity Framework to provide key updates and practical resources for organizations to manage and discuss cybersecurity risk. The updated framework, which remains voluntary, is designed...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the Cybersecurity Framework version 2.0 (CSF 2.0). CSF 2.0 is a generational update to NIST’s foundational cybersecurity guidance, which...more
The National Institute of Science and Technology (NIST) has released NIST Cybersecurity Framework (2.0) (Framework 2.0). NIST released two earlier versions of the Framework for Improving Critical Infrastructure Cybersecurity...more
Cybersecurity compliance, governance, and disclosure practices have evolved significantly over the past decade. As we have noted in prior blog posts, the U.S. Securities and Exchange Commission is requiring cybersecurity...more
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
On November 1, 2023, the New York Department of Financial Services (NYDFS) announced the adoption of amendments to its Cybersecurity Regulation 23 NYCRR Part 500 (“Amended Cybersecurity Rules” or “Amended Rules”). NYDFS...more
The last months of 2023 capped off another major year for insurance regulation, with state insurance regulators and the National Association of Insurance Commissioners undertaking a number of initiatives that will affect the...more
A previous installment discussed the centrality of network topology to an organization’s data security and outlined the legal framework and obligations incumbent upon many organizations in the U.S. The first installment can...more
On November 1, 2023, the New York State Department of Financial Services (“NYDFS”) issued its Second Amendment (the “Amendment”) to its Cybersecurity Requirements for Financial Services Companies adopted in 2017, codified in...more
The National Institute of Standards and Technology (NIST) is updating version 1.1 of the Cyber Security Framework (CSF). Version 2.0 will be released in final form sometime in 2024, but the August 08 working draft of the CSF...more
In 2017, the New York Department of Financial Services (“NYDFS”) enacted a landmark regulation requiring financial services institutions such as banks and insurance companies in the state to meet substantial cybersecurity...more
This month is the 20th annual Cybersecurity Awareness Month, co-sponsored by the Cybersecurity and Infrastructure Agency and the National Cybersecurity Alliance. This year’s theme is “Secure Our World.” The takeaways from...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
On August 8, 2023, the National Institute of Standards and Technology (NIST) released the initial draft of its Cybersecurity Framework 2.0 and draft Implementation Examples for public comment. This marks the first significant...more
In early August, the National Institute of Standards and Technology released the initial public draft of its Cybersecurity Framework 2.0. The draft is a long-awaited update to a framework that’s been in place for almost 10...more
In this month’s Privacy & Cybersecurity Update, we examine the newly established data privacy framework between the EU and U.S. and new consumer privacy laws in Oregon and Texas. We also review a court ruling that delayed...more
If you ask corporate board members and senior executives to list their number one risk (other than financial operations), the answer in today’s risk environment is clear – cybersecurity and data privacy. The rapid elevation...more