Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
The first year of a new significant regulatory obligation is often more notable for the absence of regulatory enforcement actions as regulators often observe compliance efforts and challenges, offer guidance, and look for...more
Last year we made some predictions about 2024’s cyber landscape and major issues. Several proved prescient, with incident reporting, CISO scrutiny, SEC aggression, and new regulation of various sectors taking shape as the...more
In an impactful decision that may limit the scope of future Securities and Exchange Commission (“SEC”) enforcement efforts against public companies over inadequate cyber controls, the U.S. District Court for the Southern...more
The Securities and Exchange Commission’s cybersecurity-related case against SolarWinds and its CISO was largely dismissed, but a securities fraud claim against the CISO lives on. Our Securities Litigation, Privacy, Cyber &...more
The U.S. District Court for the Southern District of New York has dealt a significant blow to the cybersecurity enforcement efforts of the U.S. Securities and Exchange Commission (SEC or Commission). In its July 18, 2024,...more
The U.S. District Court for the Southern District of New York on July 18, 2024, dismissed most of the SEC's landmark cyber enforcement litigation against SolarWinds Corp. (SolarWinds or the Company) and the Company's Chief...more
The SEC’s high-profile litigation against SolarWinds and its Chief Information Security Officer (CISO), Timothy Brown, reached a critical juncture on May 15, 2024, when the parties presented oral arguments before Judge Paul...more
Corporations have struggled to manage cybersecurity risk for years, and now they have a new tool to help them bring order to chaos: a new and improved cybersecurity risk management framework, released at the end of February...more
On October 30, 2023, the Securities and Exchange Commission filed a securities fraud claim in federal court in the Southern District of New York against SolarWinds Corporation as well as its Chief Information Security...more
The U.S. Securities and Exchange Commission (SEC) has filed a fraud suit against SolarWinds and its chief information security officer (CISO), alleging they made false statements regarding the company’s security practices and...more
On October 30, 2023, the Securities and Exchange Commission (SEC) announced a civil suit against SolarWinds and their chief information security officer (CISO) for fraudulent cybersecurity information. The SEC claims that...more
The U.S. Securities and Exchange Commission ("SEC") has charged SolarWinds Corp. (SolarWinds) and the company's chief information security officer ("CISO") with securities fraud and violations of internal controls...more
On October 30, 2023, the US Securities and Exchange Commission ("SEC") announced that it filed charges against SolarWinds Corp. ("SolarWinds" or the "Company") and its Chief Information Security Officer ("CISO") in connection...more
Earlier this week, the SEC accused SolarWinds Corporation (“SolarWinds” or the “Company”) and its Chief Information Security Officer (“CISO”) of committing scienter-based securities fraud, among other violations, for...more
The New York State Department of Financial Services (NYDFS) recently published a revised proposed second amendment to its cybersecurity regulation, 23 NYCRR 500. ...more
Currently defense contractors who receive or create Controlled Unclassified Information (“CUI”) from or for the U.S. Department of Defense (“DoD”) are subject to several contract-based cybersecurity requirements, including...more
People like to say that cybersecurity threats are constantly evolving. So perhaps it’s fitting that cybersecurity compliance is undergoing a significant evolution of its own this year, too. That evolution is the arrival of...more
[author: Matt Kelly] In September 2020 the National Institute of Standards and Technology (NIST) unveiled the fifth version of its cybersecurity standard formally known as SP 800-53, “Security and Privacy Controls for...more
I always enjoy hosting and participating in the CISO Executive Network meetings. The meetings offer Chief Information Security Officers (CISOs) the opportunity to discuss together ways they can improve security in their...more
As we previously reported, in September 2016 the New York Department of Financial Services (the “DFS”) proposed a regulation that would require banks, insurance companies and other financial services institutions regulated by...more
A continuing frequent question from public companies is how a board should be constituted to oversee cybersecurity. Many public companies foist this additional burden on the audit committee. Those large enough to have a...more
The Obama administration has introduced its Cybersecurity National Action Plan (the "CNAP") in connection with its 2017 budget proposal. The CNAP aims to protect Americans, government agencies, and companies against the...more