Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
2023 was another active year in cybersecurity, with high profile vulnerabilities and data breaches, and government and private sector responses to them. Examples include pervasive ransomware attacks targeting the healthcare,...more
The date July 26, 2023, marks the latest evolution of the cybersecurity regulation landscape as the Securities and Exchange Commission passed cybersecurity regulations for publicly traded companies. At the open meeting, SEC...more
GREAT SCOTT! Did you know publication of the NIST Cybersecurity Framework (CSF) 2.0 is around the corner? Last updated in 2018, NIST is making substantial changes to the CSF due to evolving threats. What are these changes?...more
The legal profession is under constant threat of cyberattacks and breaches. Cybersecurity challenges exist in many contexts but the legal profession is particularly vulnerable due to its federated environment and disparate...more
United States - Regulatory—Policy, Best Practices, and Standard - NIST Unveils Draft Guidance to Protect Critical Infrastructure - On October 22, 2020, the National Institute of Standards and Technology ("NIST")...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Submits Comment on the Preliminary Draft for the NIST Privacy Framework - On October 24, 2019, the Federal Trade Commission ("FTC") announced that...more
For Cybersecurity and Privacy, “What Are the Industry Standards? Are We Meeting Them?” These are questions the FTC Chairman, Joseph Simons, strongly suggested a CEO must ask before a data breach occurs to avoid the...more
Regulators, industry experts, and researchers provided insight into health privacy and security enforcement trends, emerging threats, and new tools at a recent conference focused on the Health Insurance Portability and...more
The United States Government Accounting Office (GAO) recently issued a report on the cybersecurity risks facing the electric grid. The GAO reviewed the cybersecurity of the electric grid to determine the risks and challenges...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - NIST Releases Internal Report Regarding IoT Cybersecurity - In September, the National Institute of Standards and Technology ("NIST") released a draft...more
Organizations of all types are increasingly subject to data theft and loss, whether the asset is customer information, intellectual property, or sensitive company files. The federal government and, thus, its private...more
The Ohio legislature recently passed S.B. 220, which gives businesses that suffer a data breach an affirmative defense against tort claims brought in class action suits....more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - FTC Comments on Improvements to IoT Device Security - On June 19, the Federal Trade Commission ("FTC") submitted comments to a working group organized by the...more
On December 28, 2016, the New York Department of Financial Services ("DFS") released a revised version of a proposed regulation that would require banks, insurance companies, and other financial services institutions...more
On February 16, 2017, the National Cybersecurity Center of Excellence released its draft practice guide for electric utilities, entitled “Situational Awareness for Electric Utilities.”...more
In this edition of our Privacy & Cybersecurity Update, we discuss how the prospect of a new chair and three new commissioners at the FTC may impact the agency's approach to cybersecurity regulation, a new Massachusetts...more
There is no such thing as compliance with the NIST Cybersecurity Framework (FTC). In September, the FTC dispelled a commonly held misconception regarding the NIST Framework: It “is not, and isn’t intended to be, a standard or...more
In the past month, the National Institute of Standards and Technology (NIST) has issued a draft update to its flagship cybersecurity framework as well as new standalone guidance on how organizations can plan to recover from...more
Harmonizing Cybersecurity And Trade Secret Protection – Many companies are investing heavily in cybersecurity and implementing a framework such as the Cybersecurity Framework from the National Institute of Standards and...more
On August 24, 2015, the Third Circuit Court of Appeals issued a much-awaited decision in FTC v. Wyndham Worldwide Corporation, holding that the Federal Trade Commission (FTC) has authority to regulate “unfair” or “deceptive”...more
In This Issue: - Dismissal in P.F. Chang’s Data Breach Case Shows Challenge Plaintiffs Face in Such Actions - Eleventh Circuit Court of Appeals Decision Underscores the Need to Evaluate Insurance Programs for Cyber...more
Cybersecurity has become a dominant topic of the day. The Snowden revelations, the mega-data breaches of 2013, the pervasiveness of invisible online “tracking” and the proliferation of “ data broker” trading in personal data...more
2013 likely will be considered a watershed period in the role of cybersecurity in corporate strategy and management. While there were few significant legislative developments, a marked increase in cybersecurity attacks...more
Hospitals and health care providers must often look to third party vendors offering cloud computing solutions, but are these companies well-prepared to meet the HIPPA/HITECH Act privacy and security requirements as well as...more