Items Tagged with "Regulation"


A966b1b38ca147f3e9a60890030926c9

SEC to Enterprises: Account for Cybersecurity

October 14, 2011 Added by:Chris Blask

On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...

Comments  (0)

8b5e0b54dfecaa052afa016cd32b9837

Network Security and Mandatory Disclosure

October 10, 2011 Added by:Craig S Wright

Security disclosures can have an impact on a company’s share price. Some organisations actually have no economic impact from a breach. For others, the effect is catastrophic. But, security through obscurity is simply false security and leaves us vulnerable with no way to measure the true risk...

Comments  (2)

5e402abc3fedaf8927900f014ccc031f

Protecting Your Privacy Is Your Responsibility

October 02, 2011 Added by:Allan Pratt, MBA

Do you wonder what happens with your financial information when a background check is conducted for a job? Do you wonder what happens to your driver’s license information when you’re asked to provide it on a medical form? Truth is, you’re the only one who can safeguard your privacy...

Comments  (1)

8c4834b99847b9f7c9ee94b45df086f9

Data Breaches - Beyond the Impact of Fines

September 27, 2011 Added by:Emmett Jorgensen

With several high profile breaches this year, regulators have proposed data breach notification bills and heavy fines for organizations that fail to keep sensitive information safe. The real concern for organizations that have experienced a data breach, however, is customer confidence...

Comments  (8)

8b5e0b54dfecaa052afa016cd32b9837

What the Law Says about Distributing a Virus or Malware

September 20, 2011 Added by:Craig S Wright

It is probable a service provider or content hosting entity will face a degree of liability dependent on intention. If malware is intentionally posted such as in the Morris’ case, no uncertainty as to whether the conception and insertion of the malware was deliberate exists...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DigiNotar Files for Bankruptcy Following Security Lapse

September 20, 2011 Added by:Headlines

DigiNotar has filed a voluntary bankruptcy petition following a serious breach of security. “We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible..."

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Blumenthal Bill Bumps Up Fines for Security Breaches

September 18, 2011 Added by:David Navetta

Richard Blumenthal (D-CT) introduced bill that would levy significant penalties for identify theft and other “violations of data privacy and security,” criminalize software that collects “sensitive personally identifiable information” without clear and conspicuous notice and consent...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

DigiNotar Banned from Issuing New Digital Certificates

September 16, 2011 Added by:Headlines

"An unauthorized third party (hacker) has been active on the CA server that is used for issuing qualified certificates... The integrity of the data on the [DigiNotar] server that is used for production and issuance of qualified certificates is therefore impossible to guarantee..."

Comments  (0)

8c4834b99847b9f7c9ee94b45df086f9

Why Encryption Alone Isn’t Enough

September 16, 2011 Added by:Emmett Jorgensen

There are variables at work that often require security measures above and beyond encryption. The confidentiality of the data you are working with, state, federal and industry regulations, user habits, platforms and more all factor into the security measures needed to safeguard your data...

Comments  (0)

69dafe8b58066478aea48f3d0f384820

Senator Seeks Punitive Model for Data Security Laws

September 14, 2011 Added by:Headlines

The devil is in the details with these laws. But there are a number of questions here... These companies are already victims in these attacks, so why are we penalizing them after a breach? I think that's because it's easier to issue fines than it is to track down the criminals and go after them..."

Comments  (0)

69dafe8b58066478aea48f3d0f384820

GAO Report: FDIC Information Security is Inadequate

August 17, 2011 Added by:Headlines

According to the GAO, the FDIC has not always required strong passwords systems; reviewed user access to financial information; encrypted information transmitted over and stored on its network; protected powerful database accounts and privileges from unauthorized use...

Comments  (1)

69dafe8b58066478aea48f3d0f384820

FINRA Fines Citigroup for Failing to Detect Fraud

August 11, 2011 Added by:Headlines

FINRA found that Citigroup failed to detect or investigate a series of "red flags" that upon further inquiry should have alerted the firm to the improper use of customer funds, including reports reflecting suspicious transfers of funds between unrelated accounts...

Comments  (1)

37d5f81e2277051bc17116221040d51c

Why Complex Device Identification Isn’t Enough

August 07, 2011 Added by:Robert Siciliano

“Complex device identification” is more sophisticated. This security technique relies on disposable, one-time cookies, and creates a complex digital fingerprint based on characteristics including PC configuration, Internet protocol addresses, and geolocation...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Russia Amends Federal Data Protection Law

July 20, 2011 Added by:David Navetta

In the past, some of the strict foreign data protection laws have not been rigorously enforced, giving businesses breathing room. The enforcement landscape is likely to tighten in the near future, however, increasing the risk of investigations and sanctions for privacy violations...

Comments  (0)

A7290c5bd7bc2aaa7ea2b6c957ef639b

Privacy by Design: Key Concern for VCs and Start-Ups

June 13, 2011 Added by:David Navetta

Privacy by design makes privacy an essential component of the core product or service a company delivers. Spotting privacy issues and addressing concerns before launch aligns products and services with consumer expectations and can save everyone from future headaches...

Comments  (0)

F520f65cba281c31e29c857faa651872

GRC is Not a Tool But a Business Enabler

June 04, 2011 Added by:Rahul Neel Mani

GRC is not an out of the box solution, which would immediately make you compliant. It is a tool that will allow you to collect information, report to you, help you to make changes in it, put the feedback into the new policy, see how much variance exists...

Comments  (0)

Page « < 5 - 6 - 7 - 8 - 9 > »