One of the fiduciary responsibilities that CISOs and their fellow C-suite executives have is to ensure that their organization abides by all laws and government regulations pertaining to their business. Failure to follow the letter of the law – or a federal regulation, which operates with the same force and effect as a law passed…
Over the past year or so, board members have become more aware of cybersecurity and their responsibility in this area. As a result, more security officers are being invited to present at a board meeting for the first time. Perhaps you are one of them. If you are a CSO or a CISO and you…
There are specific state and federal laws that require companies to disclose when they have had a data breach, but there are few actual requirements to notify a law enforcement agency when a criminal cybersecurity incident takes place. However, it’s in your best interest to contact a law enforcement agency if an incident or…
This morning, the United States Supreme Court heard oral argument on a case that could decide the fate of the Cloud, the Internet, and the fate of the free world. Or not. The case deals with the thorny issue of “data sovereignty,” that is, whether the location of the data impacts the ability of governments…
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) becomes effective on May 25, 2018. It is an extensive and unifying regulation pertaining primarily to the privacy of personal data belonging to or derived from EU citizens and residents. With its focus on personal privacy, the GDPR is quite different from US regulations which tend…
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) was enacted on April 27, 2016, with the enforcement date being May 25, 2018. It replaces the European Data Protection Directive (DPD) (Directive 95/46/EC), which was the previous privacy and data protection scheme for the European Union. GDPR is intended to strengthen and unify data protection…
Women make up half the workforce in America, yet they hold fewer than 20% of board seats among the 2017 Fortune 1000 companies.[i] However, the Fortune 1000 companies are comparatively progressive, given that nearly 90% of the world’s board seats overall still belong to men. It’s important to have women serve on boards. Studies show…
The most common identity and access management (IAM) authentication control in use today is a user ID and password, and there is growing awareness that passwords are incrementally becoming obsolete as an authentication control. Three billion credentials were harvested in North America in 2016 alone according to Shape Security. You and I know there’s only…
If your organization were to experience some sort of cyber incident – e.g., an intrusion of your network, theft of your intellectual property or sensitive data, Internet fraud – does your company have an incident response plan that includes notifying federal law enforcement? If so, do you know what agencies like the FBI do when…
We have all read and probably even lived the statistics. ISACA claims there will be a global shortage of two million cyber security professionals by 2019. Every year in the U.S., 40,000 jobs for information security analysts go unfilled. Maybe some of those positions are in your organization. It’s tough for all of us who…
