IT Governance

NOVEMBER 6, 2023

When MOVEit was hacked by the Russian Cl0p ransomware gang in May, email addresses and links to government employee surveys were compromised. According to Forbes , Defense Department employees affected included “officials from the Air Force, the Army, the Army Corps of Engineers, the Office of the Secretary of Defense and the Joint Staff”.

Data Privacy 97

Data Privacy Privacy Libraries Security 97

Hunton Privacy

AUGUST 15, 2022

As part of the “risk assessment” requirements under Section 500.9 of the Proposed Amendments, Class A Companies must use external experts to conduct a risk assessment at least once every three years. A covered entity’s CISO must have adequate independence and authority to ensure cyber risks are appropriately managed.

Financial Services 55

Financial Services Cybersecurity Risk Passwords 55

Data Protection Report

AUGUST 11, 2022

The proposed changes mark a turn by NYDFS toward more specific, granular and prescriptive requirements notably with respect to governance, risk assessments and asset inventories (detailed below). Cybersecurity Risk Assessments. The draft amendments would also require that relevant employees be trained for their implementation.

Cybersecurity 59

Cybersecurity Risk Passwords Compliance 59