Blog Posts Tagged with "Mandatory Reporting"
Utility Breach Prompts Enforcement and Industry-Wide Security Review
September 06, 2012 Added by:David Navetta
Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...
Comments (0)
Notifying Customers About a Data Breach: Five Rules
July 17, 2012 Added by:Megan Berry
Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...
Comments (0)
Study Finds Minimal Transparency in Breach Reports
July 17, 2012 Added by:Headlines
"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...
Comments (0)
Netherlands to Establish Mandatory Breach Notification
July 11, 2012 Added by:Matthijs R. Koot
In 2012, Netherlands will establish mandatory breach notification for vital sectors, giving the government increasing sectoral intervention possibilities. This includes the authority to obtain information, administrative enforcement of designations and the authority to appoint an officer on behalf of the government...
Comments (0)
Two Northeast States Updated Breach Notification Statutes
June 27, 2012 Added by:David Navetta
Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...
Comments (0)
Tip of the Iceberg: 107,655 Cybersecurity Incidents in 2011
June 19, 2012 Added by:Joel Harding
Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...
Comments (0)
KPN Hack: Why was Customer Notification Delayed?
February 13, 2012 Added by:Pierluigi Paganini
The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...
Comments (0)
A Failed Attempt at Optimizing an Infosec Risk Assessment
January 28, 2012 Added by:Bozidar Spirovski
Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...
Comments (3)
SEC Calls for Cohesive Incident Response and Reporting
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
Comments (0)
SEC to Enterprises: Account for Cybersecurity
October 14, 2011 Added by:Chris Blask
On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...
Comments (0)
Network Security and Mandatory Disclosure
October 10, 2011 Added by:Craig S Wright
Security disclosures can have an impact on a company’s share price. Some organisations actually have no economic impact from a breach. For others, the effect is catastrophic. But, security through obscurity is simply false security and leaves us vulnerable with no way to measure the true risk...
Comments (2)
Hackers Targeting Small Businesses
September 16, 2011 Added by:Robert Siciliano
Big companies and big government get big press when their data is breached. When a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often in the dark, regardless of the state laws requiring notification...
Comments (0)
California Amends Data Breach Law - For Real This Time
September 07, 2011 Added by:David Navetta
SB 24 requires the inclusion of certain content in data breach notifications, including a description of the incident, the type of information breached, the time of the breach, and toll-free telephone numbers and addresses of the major credit reporting agencies in California...
Comments (0)
Legislation to Require Mandatory Breach Reporting
June 14, 2011 Added by:Headlines
“You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit ‘enter.’ E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security..."
Comments (0)
Essentials for an FCPA Compliance Program
June 10, 2011 Added by:Thomas Fox
Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...
Comments (1)
To Disclose or NOT to Disclose...
June 09, 2011 Added by:Andrew Baker
The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...
Comments (0)
- Why I'm Not (very) Worried about PRISM
- Brand Damage Through Information Access
- Identity & Access Management: Give Me a REST
- Over-Sharing Riskier than Government Snooping
- 20 Critical Security Controls: Control 13 – Boundary Defense
- Redefining Social Networking
- Creating Your Own Privacy & ROI
- Security Intelligence for the Enterprise - Part 1
- Why are Cybercrimes NOT Always White-collar Crimes?
- From the SMB to Security Guru: Five Ways IT Pros Can Manage Security on a Budget