News & Analysis as of

Risk Assessment Data Security

Jackson Lewis P.C.

HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations

Jackson Lewis P.C. on

Earlier this year, North Dakota’s Governor signed HB 1127, which introduces new compliance obligations for financial corporations operating in North Dakota. This new law will take effect on August 1, 2025....more

Husch Blackwell LLP

FBI Notes Increase in Cyber Activity Targeting Operational Technology

Husch Blackwell LLP on

On June 30, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and the Department of Defense Cyber Crime Center (DC3) published a...more

Paul Hastings LLP

The Changing Cyber Threat Landscape and Lessons Learned From Data Breaches

Paul Hastings LLP on

Last month, Paul Hastings sponsored the Cybersecurity Law Workshop at the Spring Privacy & Security Forum held at George Washington University in Washington, D.C. The Cybersecurity Law Workshop featured three panels of...more

Robinson+Cole Data Privacy + Security Insider

New Hires More Likely to Fall for Phishing + Social Engineering Attacks

When assessing cybersecurity risk in your organization, it is important to understand your users and their behavior. A new study by Keepnet sheds light on new hire behavior concerning phishing susceptibility. According to its...more

Mitratech Holdings, Inc

The 2025 TPRM Study: Key Findings and Recommendations

The 2025 Mitratech Third-Party Risk Management (TPRM) Study conveys a clear message: the third-party risk landscape is evolving into a complex, interconnected ecosystem — one where every vendor, supplier, and partner plays a...more

Paul Hastings LLP

NYDFS Urges Covered Entities to Review Security Practices Amidst World Turmoil

Paul Hastings LLP on

Citing “escalating global conflict,” the New York Department of Financial Services issued an alert on Monday, June 22, 2025, to its regulated covered entities, urging them to be vigilant against potential security threats,...more

Cooley LLP

Understanding and Complying With the DOJ’s Bulk Data Rule  

Cooley LLP on

This post is one in a series where we discuss the US Department of Justice’s (DOJ’s) bulk sensitive data rule (rule), which prohibits individuals or entities from certain foreign countries, including China, from accessing...more

Nelson Mullins Riley & Scarborough LLP

Enforcement Date for DOJ’s Sensitive Data Rule Approaches: Are Your Cross-Border Transfers Compliant?

On April 8, 2025, the Department of Justice’s Final Rule, titled “Provisions Pertaining to Preventing Access to U.S. Sensitive Personal Data and Government-Related Data by Countries of Concern or Covered Persons,” (the “Final...more

Sheppard Mullin Richter & Hampton LLP

North Dakota Passes New Data Security Law for “Financial Corporations”

North Dakota recently passed a law establishing new rules for certain financial companies operating in the state – specifically “financial corporations.” The new obligations will take effect on August 1, 2025. They will apply...more

Accelerynt, Inc.

The Headcount Trap: Why Large SOCs Often Lose Effectiveness

Accelerynt, Inc. on

Enterprises don’t have a staffing problem. They have a systems problem. In a recent engagement, we were engaged to help improve a global SOC operation. Despite having over 30 analysts on staff, the team was missing...more

Morrison & Foerster LLP

Trump Issues Executive Order on Cybersecurity Rolling Back Some Prior Policies and Introducing New Ones

Last week, the Trump administration made its priorities clear for the nation’s cybersecurity posture in the form of the newly issued executive order entitled “Sustaining Select Efforts to Strengthen the Nation’s Cybersecurity...more

Davis Wright Tremaine LLP

NSA Issues Cybersecurity Guidance and Best Practices for AI Systems

The National Security Agency (NSA), in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and cybersecurity agencies from Australia, New Zealand, and the...more

Jackson Lewis P.C.

Different Country, Same Challenges: Lessons from a Breach That Could Have Been Prevented

Jackson Lewis P.C. on

A recent breach involving Indian fintech company Kirana Pro serves as a reminder to organizations worldwide: even the most sophisticated cybersecurity technology cannot make up for poor administrative data security hygiene....more

A&O Shearman

US, Australian, New Zealand and UK cybersecurity agencies publish guidance on best practices for securing data used to train and...

A&O Shearman on

On May 22 2025, the cybersecurity agencies from the US, UK, Australia, and New Zealand published a Cybersecurity Information Sheet (CIS) on ensuring that data used to train and use artificial intelligence (AI) and machine...more

Baker Donelson

DOJ Final Rule Casts Wider Net: Common Business Data May Now Trigger National Security Scrutiny

Baker Donelson on

If you thought your company's collection of email address, IP address, zip code, birth date, or cookie data was too mundane to catch the federal government's attention – think again. Effective April 8, 2025, a new DOJ final...more

Accelerynt, Inc.

Making Cloud Risk Data Actionable in Sentinel: A Playbook for CSPM Integration

Accelerynt, Inc. on

The Posture Visibility Problem - CrowdStrike Cloud Security Posture Management (CSPM) provides critical visibility into misconfigurations—such as publicly accessible storage, unencrypted assets, and overly permissive...more

Venable LLP

A Closer Look at the Data Security Requirements in DOJ's Bulk Data Rule

Venable LLP on

As described in an earlier alert, the Department of Justice (DOJ) recently announced a 90-day pause in enforcement of the "Bulk Data Rule" for entities engaging in good faith compliance. That 90-day grace period ends on July...more

HaystackID

The Era of Shadow AI: New Challenges for Corporate Security

HaystackID on

Artificial intelligence is driving a transformation across industries, with unprecedented opportunities for innovation, automation, and efficiency. Yet as AI integrates more deeply into business processes, it also brings a...more

Bennett Jones LLP

Q&A on Cybersecurity and Family Enterprises: How to Navigate the Digital Frontier

Bennett Jones LLP on

In an era where digital threats are more sophisticated than ever, cybersecurity has become a pressing concern for family enterprises. These businesses are attractive targets for cyberattacks and need to balance the critical...more

Osano

3 Ways GRC Pros Can Manage Privacy Risk (and Still Have Time to Sleep, Eat, and Relax)

Osano on

Governance, risk, and compliance (GRC) can feel like thankless work at times. You can’t ship risk mitigation to market. It's not usually reflected on your balance sheet. Only especially canny investors notice the absence of...more

Katten Muchin Rosenman LLP

Choose your GenAI model providers, models, and use cases wisely

Generative AI (GenAI) vendors, models, and uses cases are not created equal. Model providers must be trusted to handle sensitive data. Models, like tools in a toolbox, may be better suited for some jobs than others. Use cases...more

Constangy, Brooks, Smith & Prophete, LLP

Warning: Cyber criminals are coming for your client’s retirement information

As cyberattacks and cybercriminals are becoming increasingly sophisticated, safeguarding employee benefit plans, including health and welfare plans, is crucial. The Employee Benefits Security Administration of the U.S....more

Accelerynt, Inc.

Trapped in the Vendor Web: When More Vendors Can Mean Less Security

Accelerynt, Inc. on

More vendors were supposed to mean more protection. The thinking was simple: pick the best in every category—endpoint, identity, SIEM, automation—and assemble a flexible, layered defense. But over time, that flexibility...more

Husch Blackwell LLP

Effective Dates Draw Near for Insurance Industry to Comply with NYDFS's Cybersecurity Rules

Husch Blackwell LLP on

As part of a multiyear rollout, the New York Department of Financial Services (NYDFS) has established May 1, 2025, and November 1, 2025, as effective dates for certain amendments to its cybersecurity regulations. These...more

Ankura

Generative AI Risks: Legal and Compliance Insights - Part 2

Ankura on

The Bottomline: Five Practical Steps for Generative AI Risk Management - As the first line of defense, employees within business operations must own and manage risks related to the business, including risks resulting from...more

366 Results
 / 
View per page
Page: of 15

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
- hide
- hide