information security
Subscribe to information security's Posts

New York’s Cybersecurity Requirements Pose Multi-Year Compliance Challenges

New cybersecurity regulations issued by the NYDFS define the nonpublic information they regulate in exceptionally broad terms. This expanded definition of Nonpublic Information will create major challenges for regulated companies and their third-party service providers that will likely ripple through other ancillary industries. Continue Reading.

Continue Reading

C-Suite – Changing Tack on the Sea of Data Breach?

The country awoke to what seems to be a common occurrence now: another corporation struck by a massive data breach.  This time it was Anthem, the country’s second largest health insurer, in a breach initially estimated to involve eighty million individuals.  Both individuals’ and employees’ personal information is at issue, in a breach instigated by hackers. Early reports, however, indicated that this breach might be subtly different than those faced by other corporations in recent years.  The difference isn’t in the breach itself, but in the immediate, transparent and proactive actions that the C-Suite took. Unlike many breaches in recent history, this attack was discovered internally through corporate investigative and management processes already in place.  Further, the C-Suite took an immediate, proactive and transparent stance: just as the investigative process was launching in earnest within the corporation, the C-Suite took steps to fully advise its...

Continue Reading

An Update on the Cybersecurity Framework and Action Items for NIST

The National Institute of Standards and Technology (NIST) recently released an update on its Framework for Improving Critical Infrastructure Cybersecurity (The Framework).  The Framework was first issued in February 2014 as a voluntary risk-based program to enable owners and operators of U.S. critical infrastructure to assess and remediate their cybersecurity risks.  For more detail on The Framework, see our previous blog post, “Trendy “Cybersecurity” Versus Traditional “Information Security” Two Sides of the Same Security Coin,” and article, “The Cybersecurity Framework’s Components,” Privacy and Data Protection 2014 Year in Review at 32-34. Industry Feedback The NIST update provides a summary of feedback concerning industry’s initial use of the Framework.   NIST reports that many users have found the Framework helpful in improving communication within and across organizations, assessing risks of current practices, and as a tool to demonstrate alignment with...

Continue Reading

Trendy “Cybersecurity” Versus Traditional “Information Security” Two Sides of the Same Security Coin

Cybersecurity has become a dominant topic of the day.  The Snowden revelations, the mega-data breaches of 2013, the pervasiveness of invisible online “tracking” and the proliferation of “ data broker” trading in personal data – all feed into the fears of individuals who struggle to understand how their personal information is collected, used and protected.  Over the past year, these forces have begun to merge an old concern by individuals about the security of their personal information into a broader, more universal fear that the country’s infrastructure lay vulnerable. In many respects, however, the concept of cybersecurity is not new.  Cybersecurity is a form of information security, albeit perhaps with a broader, more universal view of required security controls.  Decades-old statutes include information security requirements for certain types of information, the Health Insurance Portability and Accountability Act (HIPAA) addresses health information and...

Continue Reading

STAY CONNECTED

TOPICS

ARCHIVES