Guidepost in Motion - Cybersecurity Frameworks and Metrics Part 2
As schools review their safety and security protocols, many are turning to third-party security auditors or consultants for help. These outside security professionals can help you review and evaluate your school’s security...more
What if I told you that a security assessment of your business and residence could provide tax deductible expenses for private air transportation, a security driver, and executive protection agents and have favorable tax...more
Ken Mendelson welcomes back Andy Cottrell, the founder and CEO of cybersecurity consulting firm Truvantis to talk more about cybersecurity frameworks. They discuss the difference between a cyber audit and cyber assessment and...more
INVESTMENT ADVISERS - Annual Compliance Reviews - All investment advisers registered with the Securities and Exchange Commission (“SEC”) or at the state level, are required to review their compliance policies and...more
At the end of 2020, the Association of Corporate Counsel launched their new ACC Data Steward Program which was designed to enable law firms to assess their security posture against a set of global standards and generate an...more
On December 17, 2020, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its Industry Report on the HIPAA audits it conducted in 2016 and 2017. OCR found widespread noncompliance with...more
Health insurer Anthem, Inc. has finally reached a settlement with a coalition of 41 states plus the District of Columbia, and a separate settlement with California, to resolve state attorney general investigations of a data...more
In this part of our briefing series, we cover how prior regulatory enforcement action affects the assessment of sanctions and some pitfalls associated with undertaking internal security audits. Who is this relevant for?...more
The Department of Veterans Affairs’ Office of Inspector General (VA OIG) recently completed an audit of the VA’s Milwaukee Regional Office after it was tipped off by a whistleblower about the exposure of sensitive information...more
As most of you know, I rarely download an app. However, here’s one I just downloaded and here’s why. The Jumbo Privacy app, available in the Apple store, is all about providing consumers with a way to audit their privacy and...more
As businesses continue to digitise their assets and operations, the need to continually assess IT infrastructure and the technical measures in place to safeguard key information assets and data becomes ever more important....more
No! It is a common misconception among the general public that someone always has to pay when there is a data breach. It is understandable that individuals affected by a data breach will be upset, distraught, and even angry....more
One day in the not too distant future, your organization may be fighting to protect its balance sheet against high-stakes claims in a cyber tort trial. Arrayed against you will be the best of the class action plaintiff’s...more
On December 9, 2015, Wyndham and the FTC settled the enforcement action brought by the FTC that had led to a significant decision by the Third Circuit in August of this year. While the details of the settlement are...more
On September 15, 2015, the Conference of State Bank Supervisors (“CSBS”) issued its final Model Regulatory Framework on virtual currency activities (“Final Framework”). The Final Framework follows the CSBS’s December 2014...more
Add dating website Ashley Madison to the list of large companies like Target, Home Depot and Michael’s that have had customer information stolen by hackers. Published reports say Ashley Madison is now facing multiple lawsuits...more
Cybersecurity has increasingly become a critical issue for all types of businesses, few more so than broker-dealers, investment advisers and others in the financial sector. The cyber threat is much broader than customer data...more
On April 8, 2014, several news agencies, including the New York Times and CNN, reported the discovery of a vulnerability in a core security protocol used by an estimated two-thirds of the world’s servers. The vulnerability...more
On December 5, 2013, the Office of Inspector General (OIG) reported on the Office for Civil Rights’ (OCR) compliance as of May 2011 with oversight and enforcement of the Security Rule and compliance with federal cybersecurity...more
A tempting response to the Cybersecurity Executive Order (the "Order"), announced by President Obama at his State of the Union address, is to ignore it. It is vague in key particulars, such as which companies are part of the...more