Access, Definition, Financial Services and Security

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

Thales Cloud Protection & Licensing

JANUARY 16, 2024

Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds madhav Wed, 01/17/2024 - 05:46 The Digital Operational Resilience Act (DORA) will apply to the EU financial sector from 17 January 2025. As set out in its Article 2, DORA applies to the entire financial services sector.

Financial Services

Financial Services Cloud Cybersecurity Encryption

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Hunton Privacy

NOVEMBER 23, 2022

On November 9, 2022, the New York Department of Financial Services (NYDFS) released its second, proposed amendments to the Part 500 Cybersecurity Rule. Any cybersecurity event that affects a third-party service provider that also affects the covered entity. Revised Definition of Class A Companies.

Financial Services

Financial Services Cybersecurity Ransomware Compliance

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

Regulatory compliance and data privacy issues have long been an IT security nightmare. GDPR (among other legal requirements in the EU and elsewhere) can expose multinational organizations to hefty financial penalties, additional rules for disclosing data breaches, and increased scrutiny of the adequacy of their data security.

Data Privacy

Data Privacy Compliance Privacy Security

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. On November 9, 2022, NYDFS published a first draft of the proposed Amendment and received comments from stakeholders over a 60-day period.

Cybersecurity

Cybersecurity IT Compliance Financial Services

Scary Fraud Ensues When ID Theft & Usury Collide

Krebs on Security

JANUARY 25, 2022

But Jim has long had a security freeze on his credit file with the three major consumer credit reporting bureaus , and none of the lenders seemed willing to proceed without at least a peek at his credit history. ” According to the Native American Financial Services Association (NAFSA), a trade group in Washington, D.C.

Financial Services

Financial Services IT Data breaches Authentication

The Many Challenges of a Multi-Cloud Business Environment

Thales Cloud Protection & Licensing

OCTOBER 27, 2021

The benefits of cloud come with significant new security challenges for organizations. The Thales Cloud Security Study 2021 of more than 2,600 respondents from around the world tries to respond to key questions: How widespread is multi-cloud? What are the operational challenges of managing security across multiple clouds?

Cloud

Cloud Encryption Financial Services Authentication

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

The Last Watchdog

APRIL 3, 2019

Meanwhile, employees, partners, suppliers and customers are using their smartphones to gain access. Companies need a reliable way to know at all times where sensitive data is sitting, and who might be accessing it, in order to keep it out of the hands of threat actors, he said. Users re-defined. Most often, a user is a human being.

Digital transformation

Digital transformation Insurance Compliance Healthcare

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

Data Matters

MARCH 28, 2022

OCR concludes most cyber-attacks could be prevented or substantially mitigated if HIPAA covered entities and business associates implemented HIPAA Security Rule requirements to address the most common types of attacks. implement a security awareness and training program for all workforce members pursuant to the HIPAA Security Rule.

Cybersecurity

Cybersecurity Privacy Insurance Risk

New York’s Breach Law Amendments and New Security Requirements

Data Protection Report

OCTOBER 1, 2019

Although California has recently captured the lion’s share of attention with respect to privacy and security, on October 23, 2019, New York’s amended security breach law goes into effect, and on March 1, 2020, new security safeguards go live (N.Y. Readers may recall that New York’s security breach notification law (N.Y.

Security

Security Financial Services Passwords Risk

FTC amendment to Safeguards Rule

Data Protection Report

NOVEMBER 1, 2023

Under the Federal Trade Commission’s (“FTC”) new amendment to the Safeguards Rule (the “Amended Rule”), non-banking financial institutions will have to report certain data breaches and other security events to the agency. Notice is required as soon as possible, and not later than 30 days after discovery of the security breach.

Encryption

Encryption Cybersecurity Data breaches Financial Services

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

Data Matters

MARCH 12, 2019

Over the last few years, States have enacted increasingly aggressive legislation concerning data privacy and security, raising concerns that companies will be subject to a patchwork of different standards. Aligning the Safeguards Rule with State Regimes.

Privacy

Privacy IT Information Security Insurance

New York Updates Cybersecurity Regulation for Financial Institutions

Hunton Privacy

JANUARY 3, 2017

On December 28, 2016, the New York State Department of Financial Services (“DFS”) announced an updated version of its cybersecurity regulation for financial institutions (the “Updated Regulation”). The Updated Regulation will become effective on March 1, 2017.

Cybersecurity

Cybersecurity Financial Services Authentication Information Security

New York Enacts Stricter Data Cybersecurity Laws

Data Matters

AUGUST 5, 2019

Together, the new laws require the implementation of reasonable data security safeguards, expand breach reporting obligations for certain types of information, and require that a “consumer credit reporting agency” that suffers a data breach provide five years of identity theft prevention services for impacted residents.

Cybersecurity

Cybersecurity Data breaches Privacy Risk

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

Data Protection Report

MARCH 7, 2024

The proposed definition of “listed identifier” is Full or truncated government identification or account number (such as a Social Security Number, driver’s license or state identification number, passport number, or Alien Registration Number) [Note that this definition apparently includes truncated Social Security Numbers.]

Access

Access Military Compliance Personal data

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

DLA Piper Privacy Matters

AUGUST 23, 2021

Definition of Personal information and Sensitive Personal information “Personal information” means any kind of information relating to an identified or identifiable natural person, either electronically or otherwise recorded, but excluding information that has been de-identified or anonymised.

Data Privacy

Data Privacy Privacy Compliance Analytics

US: Surviving the service provider data breach

DLA Piper Privacy Matters

JULY 30, 2019

Effective cybersecurity requires organizations to move beyond perimeter defense of their own network to protecting sensitive data in the hands of service providers. From a security and legal perspective, service provider cybersecurity requires significant attention and coordination by all parties both before and after hitting the breach.

Data breaches

Data breaches Cybersecurity Financial Services Risk

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

HL Chronicle of Data Protection

DECEMBER 7, 2018

In such situations, a financial institution must comply with a wide array of CCPA obligations, including requirements to make certain disclosures to consumers and to provide certain rights to consumers, such as the right to stop “sales” of their personal information and the right to access data that a business has collected about them.

Privacy

Privacy Financial Services Compliance Data breaches

The Privacy Officers’ New Year’s Resolutions

Data Protection Report

JANUARY 6, 2020

Although the AG’s view was that the SCCs are valid, he suggested that those using them would need to examine the national security laws of the data importer’s jurisdiction to determine whether they can in fact comply with the terms of the SCCs. GDPR wasn’t the beginning and it’s definitely not the end. In the U.S., Conquer the world!

Privacy

Privacy GDPR Data breaches Risk

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

Preservica

NOVEMBER 6, 2017

I recently spoke with the IG director for a global financial services firm about progress in addressing long-term digital information. Leadership is aware that secure, authenticated access to digital information is vital for decision making, meeting compliance and legal requirements, and sustaining client relationships.

Digital preservation

Digital preservation Information governance Government Archiving

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

HL Chronicle of Data Protection

MARCH 14, 2019

The proposed changes to the Safeguards Rule add a number of more detailed security requirements, whereas the proposed changes to the Privacy Rule are more focused on technical changes to align the Rule with changes in law over the past decade. It includes general, high level elements of a security program, but lacks detailed security steps.

Privacy

Privacy Risk Cybersecurity Information Security

CIPL Publishes Discussion Paper on Digital Assets and Privacy

Hunton Privacy

JANUARY 20, 2023

As financial services authorities move to regulate digital assets in jurisdictions worldwide, the paper highlights the need to bring privacy regulators into the discussion so that data privacy issues affecting blockchain are addressed in tandem. Data security. Confidentiality and government access. Accountability.

Paper

Paper Blockchain Privacy Financial Services

CISA issues proposed rules for cyber incident reporting in critical infrastructure

Data Protection Report

APRIL 9, 2024

On March 27, 2024, the Cybersecurity and Infrastructure Security Agency (“CISA”) published a Notice of Proposed Rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (“CIRCIA”), which imposes new reporting requirements for entities operating in critical infrastructure sectors.

Ransomware

Ransomware Agriculture Cybersecurity Government

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. During the pandemic sales of the Home Fitness cycle peloton grew massively, given its popularity, it's natural that security researchers would want to take a look. And we've had our fair share of security concerns with those.

Authentication

Authentication Communications IoT Security

The Hacker Mind Podcast: Hacking APIs

ForAllSecure

JUNE 16, 2021

APIs are vital in our mobile digital world, but the consequences of API security flaws have yet to be seen. During the pandemic sales of the Home Fitness cycle peloton grew massively, given its popularity, it's natural that security researchers would want to take a look. And we've had our fair share of security concerns with those.

Authentication

Authentication Communications IoT Security

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

IBM Big Data Hub

NOVEMBER 29, 2023

Financial Services clients are increasingly looking to modernize their applications. Moreover, many of these financial services applications support regulated workloads, which require strict levels of security and compliance, including Zero Trust protection of the workloads. initiative.

Cloud

Cloud Financial Services Security Compliance

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

DLA Piper Privacy Matters

MARCH 3, 2023

Author: Sarah Birkett Cyber Security Strategy discussion paper launched This week saw the launch of a discussion paper for the Australian Government’s 2023-2030 Australian Cyber Security Strategy. The discussion paper refers to the lofty aim of making Australia the most cyber secure nation by 2030.

Data breaches

Data breaches Security Paper Financial Services

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

Data Matters

DECEMBER 23, 2020

Federal Deposit Insurance Corporation (FDIC) approved and the federal banking agencies jointly announced on December 18 a notice of proposed rulemaking, Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers (NPR). Definition of Subject Entities: .

Security

Security Cybersecurity Insurance Communications

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Security Affairs

SEPTEMBER 1, 2023

EternalBlue is a Windows exploit created by the US National Security Agency (NSA) and used in the 2017 WannaCry ransomware attack. Within this network, there is a vulnerable Windows system that has not been patched with the necessary security updates to protect against EternalBlue. What is the EternalBlue vulnerability?

Phishing

Phishing Ransomware Search queries Access

Singapore Parliament Passes Personal Data Protection Act

Hunton Privacy

OCTOBER 17, 2012

For example, the bill does not contain a definition of “sensitive personal information,” and does not impose any special requirements for the handling of “sensitive personal information.” In addition, the bill does not impose a generally applicable data breach notification requirement.

Personal data

Personal data Financial Services Data Privacy Data breaches

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

IT Governance

DECEMBER 11, 2023

Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Researchers from the German cyber security company Aplite discovered 3,806 servers from 111 countries accessible on the Internet. Only 3 definitely haven’t had data breached. Akumin Inc.

Data Privacy

Data Privacy Energy and Utilities Privacy Manufacturing

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

IT Governance

JANUARY 16, 2024

Only 4 definitely haven’t had data breached. Securities and Exchange Commission Source 1 ; source 2 (New) Public USA No 0 NETGEAR Source (New) Telecoms USA No 0 Note 1: ‘New’/‘Update’ in the first column refers to whether this breach was first publicly disclosed this week, or whether a significant update was released this week.

Data Privacy

Data Privacy Privacy Manufacturing Retail

The Hacker Mind Podcast: Going Passwordless

ForAllSecure

JANUARY 19, 2022

Is there something more secure? Simon Moffatt from CyberHut joins The Hacker Mind to discuss how identity and access management (IAM) is fundamental to everything we do online today, and why even multi-factor access, while an improvement, needs to yield to more effortless and more secure passwordless technology that’s coming soon.

Passwords

Passwords Authentication Access Data breaches

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

Data Matters

MARCH 21, 2022

Congress has passed a significant new cybersecurity law that will require critical infrastructure entities to report material cybersecurity incidents and ransomware payments to the Cybersecurity and Infrastructure Security Agency (CISA) within 72 and 24 hours, respectively. 651, et seq. Section 2240(4).

Ransomware

Ransomware Cybersecurity Agriculture Communications

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

IT Governance

JANUARY 23, 2024

Publicly disclosed data breaches and cyber attacks: in the spotlight More than 70 million email addresses added to Have I Been Pwned The security researcher Troy Hunt has added more than 70 million email addresses from the Naz.API data set to his Have I Been Pwned data breach notification service. VF Corporation confirms 35.5

Data Privacy

Data Privacy Privacy Manufacturing Retail

Massive Losses Define Epidemic of ‘Pig Butchering’

Krebs on Security

JULY 21, 2022

. “There are just horrifying stories that run the gamut in terms of victims, from young women early in their careers, to senior citizens and even to people working in the financial services industry.” “There are definitely some psychological mechanisms at work to encourage people to invest more.”

Marketing

Marketing Communications Mining Financial Services

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

DLA Piper Privacy Matters

APRIL 26, 2021

Definition of AI system. The definition of an AI system is intended to be technology-neutral and future-proof, while providing legal certainty. a) The definition of a high-risk AI system. Security : A high level of accuracy, robustness and security must consistently be ensured throughout the high-risk AI system’s lifecycle.

Artificial Intelligence

Artificial Intelligence Risk Marketing GDPR

Living in a data sovereign world

IBM Big Data Hub

OCTOBER 16, 2023

Digital sovereignty revolves around a value-driven, ordered, regulated and secure digital destination for all data, hardware and software, infrastructure components and application operations. Data sovereignty addresses legal, privacy, security and governance concerns associated with the storage, processing and transfer of data.

Cloud

Cloud Compliance Data Privacy Privacy

Why you should keep data observability separate from data cleansing

Collibra

MAY 16, 2022

This want to commingle the solutions likely stems from the Gartner definition published in the Magic Quadrant for Data Quality Solutions, which rightfully states that data quality needs “identification, understanding[,] and correcting flaws in data.”. For financial services, data governance found its roots in risk.

Risk

Risk Government Financial Services Access

NYDFS proposes significant cybersecurity regulation amendments

Data Protection Report

AUGUST 11, 2022

On July 29, 2022, the New York Department of Financial Services (NYDFS) announced a “pre-proposed outreach” of material proposed changes to almost every section of its cybersecurity regulations, and would affect each entity covered by the current regulations of 23 NYCRR Part 500. Asset inventories and Access Controls.

Cybersecurity

Cybersecurity Risk Passwords Compliance

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

Data Protection Report

MARCH 16, 2022

The Act will require a “covered entity” to report any “substantial cyber incident” to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours after the covered entity reasonably believes the incident has occurred. Reporting Requirements.

Ransomware

Ransomware FOIA Agriculture Cybersecurity

CPRA Becomes the New Standard. Are You Ready?

Thales Cloud Protection & Licensing

NOVEMBER 30, 2020

Two aspects of this new law that are critical for enterprises doing business in California to understand now are: CPRA’s new definition of “Sensitive Personal Information” (SPI). Social Security number, driver’s license number, etc.), By this definition, much more data is sensitive and needs to be protected.

Privacy

Privacy GDPR Compliance Data breaches

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

ForAllSecure

APRIL 19, 2023

It manages all the resources that are needed, such as Random Access Memory or RAM, and hard or solid state drives. CODEN: Basically, the fundamental issue is look at that early Unix and Linux operating systems that were providing these very basic services that are still the the only things we really need from the operating system today.

Analytics

Analytics Communications Computer and Electronics Cybersecurity

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Data Protection Report

DECEMBER 17, 2020

In December 2020 the EC is due to publish two important legislative proposals, the Digital Services Act and the Digital Markets Act ( DMA ). The Data Strategy proposed the establishment of nine common European data spaces for data sharing and pooling, including health, mobility, manufacturing, financial services, energy, and agriculture.

Government

Government Personal data Marketing Artificial Intelligence

DORA: 1 year to go! Key recommendations for Financial Services to improve cybersecurity and resilience in multi-clouds

NYDFS Amends Cybersecurity Rules for Financial Services Companies

Trending Sources

Security Compliance & Data Privacy Regulations

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Scary Fraud Ensues When ID Theft & Usury Collide

The Many Challenges of a Multi-Cloud Business Environment

BEST PRACTICES: Rising complexities of provisioning identities has pushed ‘IGA’ to the fore

Developments in Health Privacy and Cybersecurity Policy and Regulation: OCR Issues Cybersecurity Warnings and New Health Data Legislation Is Introduced

New York’s Breach Law Amendments and New Security Requirements

FTC amendment to Safeguards Rule

FTC Seeks Comment on Proposed Changes to its GLBA Safeguards and Privacy Rules

New York Updates Cybersecurity Regulation for Financial Institutions

New York Enacts Stricter Data Cybersecurity Laws

Executive Order on access to Americans’ bulk sensitive data and Attorney General proposed regulations – Part 2

The Privacy Officers’ New Year’s Resolutions

China’s PIPL has finally arrived, and brings helpful clarification (rather than substantial change) to China’s data privacy framework

US: Surviving the service provider data breach

California Consumer Privacy Act: The Challenge Ahead – The Interplay Between the CCPA and Financial Institutions

The Privacy Officers’ New Year’s Resolutions

Integrating Long-Term Digital Preservation into Your Information Governance Program: First Steps

FTC Seeks Comment on Proposed Changes to GLBA Implementing Rules

CIPL Publishes Discussion Paper on Digital Assets and Privacy

CISA issues proposed rules for cyber incident reporting in critical infrastructure

The Hacker Mind Podcast: Hacking APIs

The Hacker Mind Podcast: Hacking APIs

Best practices for hybrid cloud banking applications secure and compliant deployment across IBM Cloud and Satellite

Australia: Cyber security round-up – new Cyber Security Strategy, data breach stats and more

Comments Sought on Proposed Rulemaking: Computer-Security Incident Notification Requirements for Banking Organizations and Their Bank Service Providers

UNRAVELING EternalBlue: inside the WannaCry’s enabler

Singapore Parliament Passes Personal Data Protection Act

The Week in Cyber Security and Data Privacy: 4 – 10 December 2023

The Week in Cyber Security and Data Privacy: 8 – 14 January 2024

The Hacker Mind Podcast: Going Passwordless

Congress Passes Cyber Incident Reporting for Critical Infrastructure Act of 2022

The Week in Cyber Security and Data Privacy: 15 – 21 January 2024

Massive Losses Define Epidemic of ‘Pig Butchering’

European Commission publishes long-awaited draft Regulation on Artificial Intelligence

Living in a data sovereign world

Why you should keep data observability separate from data cleansing

NYDFS proposes significant cybersecurity regulation amendments

Congress Agrees – 72 Hour Cyber Incident Reporting Requirement to Take Effect

CPRA Becomes the New Standard. Are You Ready?

The Hacker Mind Podcast: EP 69 Self-Healing Operating Systems

EU data governance regulation – a wave of digital, regulatory and antitrust reform begins – Part 1

Stay Connected