Podcast - Cybersecurity Roundup: Analyzing New and Proposed Rules for Contractors
Cybersecurity Insights: Updates on CMMC Implementation and CUI Identification
Podcast - Third-Party Assessments and NIST SP 800-171
Third-Party Assessments and NIST SP 800-171
[Podcast] AI Risk Management: A Discussion with NIST’s Elham Tabassi on the NIST AI Risk Management Framework
Compliance into the Weeds - ChatGPT for the Compliance Professional
Nota Bene Episode 150: Building an AI Risk Management Framework with Siraj Husain
DoD Cyber: A Conversation with Melissa Vice, COO for DoD’s Vulnerability Disclosure Program
Cybersecurity and Data Privacy Year in Review: Major Breaches, Changes in the Law, and Upcoming Trends
The Government Contracts Cyber Café: Recent Developments Update
How to Respond to President Obama's Cybersecurity Executive Order
Welcome to your monthly rundown of all things cyber, privacy, and technology, where we highlight all the happenings you may have missed. State Action: Virginia Governor Signs Bill Restricting Minor’s Use of Social...more
Encryption is one of several cornerstones of a robust information security program. Articles on quantum computing often include the compelling narrative that encryption is at risk, but as with any revolutionary technology,...more
On April 14, 2025, the National Institute of Standards and Technology (NIST) released a draft update to the NIST Privacy Framework 1.1. The updates are meant to enhance organizations’ data governance and risk management and...more
For community associations, this is especially important as these organizations often manage large amounts of PII of homeowners and residents (e.g., name, address, phone number, etc.), including certain categories of...more
Citing the threats posed by foreign adversaries and criminal organizations, and seeking enhanced accountability for companies that provide software and cloud services to the federal government, the Biden administration has...more
In the waning months of the current administration, the White House issued a memo setting forth actions focused on national security as directed in the AI Executive Order from last year. As a reminder, the order -while...more
Welcome to our ninth 2024 issue of Decoded - our technology law insights e-newsletter. How are States Using Generative Artificial Intelligence? and Employee AI Adoption Cools Globally - Why this is important: As...more
As AI systems become more complex, companies are increasingly exposed to reputational, financial and legal risks from developing and deploying AI systems that do not function as intended or that yield problematic outcomes....more
In this post in our series on basic cybersecurity concepts for lawyers (see here and here for prior posts), we delve into the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, which is a...more
Whether the game is football, baseball, hockey, or Indy Car racing, no team goes into their major championship matchup without training. Companies need to train as well if they intend to operate on the internet and expect to...more
MIT Report Details New Cybersecurity Risks - “Cloud misconfigurations, more sophisticated ransomware, and vendor exploitation attacks are contributing to rising cyberattacks.” Why this is important: Worldwide spending...more
We have now reached the 180-day mark since the White House Executive Order (EO) on the Safe, Secure and Trustworthy Development of AI and we are seeing a flurry of mandated actions being completed. See here for a summary of...more
On February 26, 2024, the National Institute of Standards and Technology (NIST) released the NIST Cybersecurity Framework 2.0 (CSF 2.0). CSF 2.0 represents the first major update to the Cybersecurity Framework, which was...more
Corporations have struggled to manage cybersecurity risk for years, and now they have a new tool to help them bring order to chaos: a new and improved cybersecurity risk management framework, released at the end of February...more
In its first major overhaul since 2014, the National Institute of Standards and Technology (NIST) updated its Cybersecurity Framework (CSF) on February 26, 2024. The updated 27-page CSF version 2.0 builds on version 1.1 and...more
The National Institute of Standards and Technology released an updated version of its Cybersecurity Framework, CSF 2.0. earlier this week. The CSF, initially launched in 2014, is a tool developed by NIST to help private...more
President Biden signed an Executive Order regarding artificial intelligence (“AI”) on October 30, 2023 (the “Order”). The Order touts the importance of responsible development and use of AI and calls for collaboration between...more
As we discussed in part three of this series, “Navigating the Complexities of Regulatory Data Incident Investigations,” when an organization is the subject of regulatory data incident investigations, it must navigate a...more
The American Hospital Association (AHA) has warned that information technology (IT) help desks are being targeted in a social engineering scheme that uses the stolen identity of revenue cycle employees or employees in other...more
On October 30, 2023, the Biden administration released a far-reaching executive order (EO) on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (AI). The EO issues directives related to the use...more
Biden’s sweeping AI Executive Order sought to have artificial intelligence used in accordance with eight underlying principles. The order, while directed to government agencies, will impact businesses as well. In particular,...more
On October 30, 2023, the Biden Administration issued the groundbreaking Executive Order 14110 on the Safe, Secure, and Trustworthy Development and Use of Artificial Intelligence (Order), which sets in motion a comprehensive...more
The AI executive order moves the U.S. closer to a broader unified approach on federal AI regulation, expanding on the AI Bill of Rights and NIST AI Risk Management Framework and focusing on the responsible development and...more
In this month’s Privacy & Cybersecurity Update, we analyze the Biden administration’s proposed cybersecurity labeling program for smart devices, NIST’s extensive overhaul of its cybersecurity framework, and data privacy law...more
In the burgeoning realm of data incidents, it is a truism that such incidents are not created equal. Indeed, a data incident is not necessarily a data breach. Originally published in Reuters -August 24, 2023...more