Blog Posts Tagged with "Mandatory Reporting"
September 06, 2012 Added by:David Navetta
Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...
July 17, 2012 Added by:Megan Berry
Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
July 11, 2012 Added by:Matthijs R. Koot
In 2012, Netherlands will establish mandatory breach notification for vital sectors, giving the government increasing sectoral intervention possibilities. This includes the authority to obtain information, administrative enforcement of designations and the authority to appoint an officer on behalf of the government...
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
June 19, 2012 Added by:Joel Harding
Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...
February 13, 2012 Added by:Pierluigi Paganini
The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...
January 28, 2012 Added by:Bozidar Spirovski
Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
October 14, 2011 Added by:Chris Blask
On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...
October 10, 2011 Added by:Craig S Wright
Security disclosures can have an impact on a company’s share price. Some organisations actually have no economic impact from a breach. For others, the effect is catastrophic. But, security through obscurity is simply false security and leaves us vulnerable with no way to measure the true risk...
September 16, 2011 Added by:Robert Siciliano
Big companies and big government get big press when their data is breached. When a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often in the dark, regardless of the state laws requiring notification...
September 07, 2011 Added by:David Navetta
SB 24 requires the inclusion of certain content in data breach notifications, including a description of the incident, the type of information breached, the time of the breach, and toll-free telephone numbers and addresses of the major credit reporting agencies in California...
June 14, 2011 Added by:Headlines
“You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit ‘enter.’ E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security..."
June 10, 2011 Added by:Thomas Fox
Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...
June 09, 2011 Added by:Andrew Baker
The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...
NSA Surveillance Is Legal And Not Targeting ... John Smith on 06-13-2013
Vulnerability Management and Root Cause Anal... Ian Tibble on 06-12-2013
Vulnerability Management and Root Cause Anal... Koen Van Impe on 06-11-2013