Information Security and ISO 27001
A Compliance Officer Turned Board Member's Advice
Cyberside Chats: Protect Your Crown Jewels – Nobody breaks into a bank to steal the posters
No Password Required: The Philosopher CISO of Tallahassee Who Lives to Help Other People
Cyberside Chats - Zero Trust and Cyber Negligence: A conversation with Dr. Zero Trust Chase Cunningham
No Password Required: A Former Police Officer Who Embodies All the Qualities of a Great Leader
Modernize your Information Governance: Building a Framework for Success
CyberSide Chats: Recap of the White House Cyber Summit (with Amanda Fennell)
Canna We Talk Cannabis? Cybersecurity Risks Bring Growing Pains to Cannabis Businesses
The Importance Of Cybersecurity During A Merger & Acquisition Transaction
Phishing and Vishing and Smishing (Oh my!): New Types of Scams Require Increased Vigilance
Hawaii’s State Data Office recently issued a series of guidance documents for its state agencies on how to handle artificial intelligence. This includes guidance on data protection, data retention and use of Generative AI....more
On October 31, OIG for the Fed and the CFPB released its 2024 Audit of the Board’s Information Security Program. The audit found that the Board’s information security program continues to operate at a level-4 (managed and...more
Country Status Legislation* Commentary Austria Available here Austria has submitted the “Network and Information Security Act” for Parliament’s consideration. It is anticipated that the “Network and Information Security Act”...more
ISO 27001 is the leading standard for information security management systems. As Mel Blackmore, CEO of UK-based Blackmores explains, it is a framework that applies and is of value regardless of an organization’s size, sector...more
With escalating cyber risks and heightened regulatory scrutiny, every minute after a data breach is crucial. Sophisticated cybercriminals relentlessly target your organization’s most valuable asset: personally identifiable...more
Utah, among other privacy laws it has enacted or modified recently, has also modified its breach notification law. This follows last year’s changes to the law, which among other things codified the state’s Cyber Center....more
The recent ransomware attack against the Duvel Moortgat Brewery demonstrated the very real risk that cybersecurity incidents pose to the alcohol industry, reportedly halting operations for several days at four of Duvel...more
Hosted by American Conference Institute, the 14th Advanced Forum on Global Encryption, Cloud & Cyber Export Controls returns for another exciting year with curated programming that brings together a global gathering of...more
CYBERSECURITY - TechRadar's Cyber Predictions for 2024 are Spot On - Because technology develops so rapidly, and “trends” are fast and furious, it is always hard to predict what the big issues will be for the next...more
As the relentless march of technology continues, scams have evolved into cunning traps, presenting a challenge to individuals of all ages. Among the great tapestry of age groups, despite the wealth of experience and...more
On October 30, 2023, the SEC filed a litigated complaint against SolarWinds, a software development company, and Timothy Brown, its chief information security officer (CISO). The SEC alleges that from October 2018, when...more
Perkins Coie's Privacy & Security practice maintains this comprehensive chart of state laws regarding security breach notification. The chart is for informational purposes only and is intended as an aid in understanding each...more
Clearly defined roles and responsibilities are an essential component of an effective compliance program. Failure to adequately assign responsibility can lead to gaps in compliance coverage and a lack of accountability. ...more
The term cybersecurity is thrown about because it covers so many risks. There is no common definition of cybersecurity and the technical elements included in the term. From a technical standpoint, cybersecurity covers...more
China's Cybersecurity Law ("CSL"), Personal Information Protection Law ("PIPL") and Data Security Law ("DSL") set a series of rules and requirements for the cross-border transfer of personal information located in China....more
When it comes to providing Managed Detection and Response (MDR) solutions for businesses, the idea of one size fits all is being replaced by the concept of right-sizing. A one-size-fits-all option is a preconfigured security...more
Russia-linked ransomware gang Clop has claimed that it has attacked over 130 organizations since late January, using a zero-day vulnerability in the GoAnywhere MFT secure file transfer tool, and was successful in stealing...more
In recent years, alongside the rapid development of the digital economy and the concomitant increase in data generation, collection, processing and monitoring in the People’s Republic of China (PRC or China), the Chinese...more
A seguito dell’entrata in vigore del D. Lgs.10 agosto 2018, n. 106 che ha dato attuazione alla Direttiva (UE) 2016/2102 “relativa all’accessibilità dei siti web e delle applicazioni mobili degli enti pubblici” è stata...more
The FTC recently issued a proposed order that would settle an enforcement action against Drizly, LLC and its co-founder and CEO, James Rellas, arising from data breaches in 2018 and 2020 that affected over 2.5 million...more
Currently defense contractors who receive or create Controlled Unclassified Information (“CUI”) from or for the U.S. Department of Defense (“DoD”) are subject to several contract-based cybersecurity requirements, including...more
The legal profession is under constant threat of cyberattacks and breaches. Cybersecurity challenges exist in many contexts but the legal profession is particularly vulnerable due to its federated environment and disparate...more
In the late summer, the Consumer Financial Protection Bureau (CFPB) issued a circular that concluded in no uncertain terms that insufficient data protection or information security could be considered an unfair practice under...more
With the threat of cyber-attacks making the news, it is a good time for all non-profit organizations to review their policies and procedures with respect to data privacy. Many non-profit organizations are particularly...more
Despite strengthening security across and beyond the business, many legal organizations overlook a critical vulnerability with surprising frequency – the risk presented by third parties. Cybersecurity risk is further...more