Cybersecurity, Government and Risk - Information Management Today

UK Government Publishes AI Cybersecurity Guidance

Data Breach Today

MAY 16, 2024

government released voluntary guidance intended to help artificial intelligence developers and vendors protect models from hacking and potential sabotage. Companies should strengthen supply chain security and decrease risks from vulnerable AI systems to customers, such as data loss.

Government

Government Artificial Intelligence Cybersecurity Risk

NIST Unveils Second Iteration of Cybersecurity Framework

Data Breach Today

FEBRUARY 26, 2024

New CSF Adds 'Governance' to Core Functions Cybersecurity guidance for the private sector published by the U.S. The revised Cybersecurity Framework focuses on governance and says cybersecurity threats are a major source of enterprise risk.

Cybersecurity

Cybersecurity Government Risk IT

EU Enhances Cybersecurity Requirements for Agencies

Data Breach Today

JANUARY 10, 2024

Cyber Regulation Requires EU Agencies to Assess Risks and Report Incidents The European Union adopted regulations on cyber hygiene intended to beef up cybersecurity at EU government agencies amid concerns that trading bloc institutions have failed to keep pace with mounting digital threats.

Cybersecurity

Cybersecurity Risk Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

UK Government Publishes Draft Code of Practice on Cybersecurity Governance

Hunton Privacy

JANUARY 23, 2024

On January 23, 2024, the UK government announced that it published a draft Code of Practice on cybersecurity governance (the “Code”). While it is acknowledged that “there is no one size fits all approach to governing. cyber risk”, there are certain “common fundamental actions” that may be taken.

Government

Government Cybersecurity Risk Security

Report Urges NASA to Improve Cybersecurity Risk Management

Data Breach Today

JUNE 29, 2021

GAO Offers Recommendations to Improve Space Agency's Cyber Protections A government watchdog is urging NASA to make multiple improvements to its cybersecurity and risk management policies to counter threats to the space agency's network, infrastructure and data.

Risk

Risk Cybersecurity Government Security

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

MARCH 25, 2024

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. It seeks to establish and monitor your company’s cybersecurity risk management strategy, expectations, and policy.

Cybersecurity

Cybersecurity Artificial Intelligence Risk Government

What is Cybersecurity Risk Management?

eSecurity Planet

FEBRUARY 11, 2022

Risk management is a concept that has been around as long as companies have had assets to protect. Risk management also extends to physical devices, such as doors and locks to protect homes and vehicles, vaults to protect money and precious jewels, and police, fire, and CCTV to protect against other physical risks.

Risk

Risk Cybersecurity Encryption Access

How State Governments Can Regulate AI and Protect Privacy

Data Breach Today

NOVEMBER 16, 2023

Regulating AI is "like regulating Jell-O," said Massachusetts risk counsel Jenny Hedderman, but states are looking at regulating "areas of harm" rather than AI as a whole. In this episode of "Cybersecurity Insights," Hedderman discusses privacy, third-party vendor risk, and lawyers' use of AI.

Privacy

Privacy Government Risk Cybersecurity

NIST Cybersecurity Framework 2.0

Schneier on Security

MARCH 1, 2024

of the Cybersecurity Framework: The CSF 2.0, which supports implementation of the National Cybersecurity Strategy , has an expanded scope that goes beyond protecting critical infrastructure, such as hospitals and power plants, to all organizations in any sector. ’s newly added Govern function. This is a big deal.

Cybersecurity

Cybersecurity Risk Government Security

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Data Protection Report

NOVEMBER 28, 2023

In a world where generative AI is driving innovation and technology is outpacing legislation, there’s a lot for companies to consider to maintain operational effectiveness and minimize risk. To help provide some guidance, Norton Rose Fulbright Canada hosted its 2023 technology, privacy and cybersecurity virtual summit.

Cybersecurity

Cybersecurity Risk Artificial Intelligence Privacy

Quantum Computing: Assessing the Risks

Data Breach Today

MAY 26, 2021

William Dixon of World Economic Forum on Improving Infrastructure To unlock the value of quantum computing, two systemic risks - tech governance and cybersecurity - need to be overcome, says William Dixon of the World Economic Forum.

Risk

Risk Cybersecurity Government

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Data Matters

MARCH 11, 2022

Securities and Exchange Commission (SEC) proposed new cybersecurity rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies. Reporting material cybersecurity incidents within four days.

Cybersecurity

Cybersecurity Risk Government e-Discovery

Government Shutdown: Experts Fear Deep Cybersecurity Impact

Data Breach Today

JANUARY 11, 2019

Readiness, Morale, Investigations and Recruitment at Risk as Standoff Persists The U.S.

Cybersecurity

Cybersecurity Government Risk IT

OT-IT Integration Raises Risk for Water Providers, Experts Say

Data Breach Today

APRIL 5, 2022

Witnesses at Hearing Also Discuss Role of Government in Security Incident Response A water trade association, at a congressional hearing Tuesday, urged the federal government to institute minimum cybersecurity standards for water systems.

Risk

Risk IT Government Cybersecurity

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

The Last Watchdog

AUGUST 29, 2023

Here’s what you should know about the risks, what aviation is doing to address those risks, and how to overcome them. It is difficult to deny that cyberthreats are a risk to planes. Risks delineated Still, there have been many other incidents since. Fortunately, there are ways to address the risks.

Risk

Risk Artificial Intelligence Cybersecurity Compliance

How the U.S. Government Views the Bright, Dark Sides of AI

Data Breach Today

SEPTEMBER 14, 2023

agencies to address hard problems like quickly writing secure code but comes with risks around nation-states generating attacks more efficiently. The cybersecurity element is a great example of the bright and the dark side of AI technology," said White House Director Arati Prabhakar.

Artificial Intelligence

Artificial Intelligence Government Cybersecurity Risk

OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks

Data Breach Today

JANUARY 29, 2021

Report on Canceled VA Project Offers Governance Lessons for Others The Department of Veterans Affairs’ watchdog agency alleges that two VA employees “concealed” and “mispresented” the cybersecurity and privacy risks of an ambitious "big data" project that would have analyzed 22 million veterans’ health records dating back two decades.

Big data

Big data Risk Privacy Security

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

The Last Watchdog

DECEMBER 14, 2023

Here’s the final installment of leading technologists sharing their observations about cybersecurity developments in the year that’s coming to a close — and the year to come. Last Watchdog posed two questions: •What should be my biggest takeaway from 2023, with respect to mitigating cyber risks at my organization?

Cybersecurity

Cybersecurity Encryption Marketing Risk

Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure

Data Matters

OCTOBER 28, 2022

Recently, several developments have been proposed or announced to help identify and mitigate cyber risk for United States critical infrastructure operators and software in an effort to further bolster the cybersecurity posture of the federal government.

Cybersecurity

Cybersecurity Government Privacy Risk

FTX Collapse Highlights the Cybersecurity Risks of Crypto

eSecurity Planet

NOVEMBER 18, 2022

Ray has wasted little time in assembling a top-notch team, which includes an unnamed cybersecurity forensics firm. He has “worked around the clock” to secure assets, identify crypto on the blockchain , find records, and work with regulators and government authorities. Crypto can also be a way to leverage cybersecurity breaches.

Cybersecurity

Cybersecurity Risk Blockchain Mining

Cyber Mavens Slam Europe's Cyber Resilience Act

Data Breach Today

OCTOBER 4, 2023

Experts Warn Vulnerability Disclosure to Government Agencies Increases Hacking Risks More than four dozen cybersecurity mavens say a proposed European Union mandate for software publishers to inform the trading bloc's cybersecurity agency of zero day exploits within 24 hours of their discovery risks harming cybersecurity efforts.

Cybersecurity

Cybersecurity Risk Government

Despite Cybersecurity Improvements in UK Organizations, Attacks Still Persist

KnowBe4

APRIL 1, 2024

The UK government's third phase of research shows how well UK organizations have been improving their cybersecurity efforts but indicates that the risk from certain attacks have only been reduced marginally.

Cybersecurity

Cybersecurity Risk Government Security awareness

What Is Integrated Risk Management? Definition & Implementation

eSecurity Planet

APRIL 29, 2024

Integrated risk management (IRM) is a discipline designed to embed risk considerations for the use of technology throughout an organization. In other words, it links technology spending directly to the value of the resource protected and the associated risks controlled by that technology.

Risk

Risk Compliance Communications Insurance

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

The Last Watchdog

SEPTEMBER 25, 2023

If you’re a small business looking for the secret sauce to cybersecurity, the secret is out: start with a cybersecurity policy and make the commitment to security a business-wide priority. The average cost of a cybersecurity breach was $4.45 The average cost of a cybersecurity breach was $4.45 Stay proactive.

Cybersecurity

Cybersecurity Data breaches Compliance Phishing

Security Risks of AI

Schneier on Security

APRIL 27, 2023

Stanford and Georgetown have a new report on the security risks of AI—particularly adversarial machine learning—based on a workshop they held on the topic. Many AI products are deployed without institutions fully understanding the security risks they pose.

Risk

Risk Security Cybersecurity Government

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Data Breach Today

SEPTEMBER 25, 2023

Securities and Exchange Commission rules, companies must disclose material cybersecurity incidents and annually report on cybersecurity risk management, strategy and governance. TrustedSec's Alex Hamerstone on New US Securities and Exchange Commission Rules Under new U.S.

Cybersecurity

Cybersecurity Risk Government Security

Screening Your Supply Chain: How Far Will You Go For Cybersecurity?

The Security Ledger

MAY 15, 2024

Cybersecurity is crucial in supply chains, where risks can affect all connected parties. With significant consequences and substantial government contracts at stake, effective risk management and rigorous. Read the whole entry. »

Cybersecurity

Cybersecurity Passwords Compliance Risk

New York Increases Cybersecurity Rules for Financial Companies

Schneier on Security

NOVEMBER 3, 2023

Another example of a large and influential state doing things the federal government won’t: Boards of directors, or other senior committees, are charged with overseeing cybersecurity risk management, and must retain an appropriate level of expertise to understand cyber issues, the rules say.

Cybersecurity

Cybersecurity Risk Government Security

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

Data Protection Report

NOVEMBER 8, 2023

On November 1, 2023, the New York Department of Financial Services (“NYDFS”) released the finalized amendments of Part 500 of its cybersecurity regulations. This notice requirement explicitly applies to cybersecurity incidents occurring to the covered entity itself, its affiliates, or a third-party service provider.

Financial Services

Financial Services Cybersecurity Compliance Government

What VCs See Happening in Cybersecurity in 2023

eSecurity Planet

DECEMBER 7, 2022

Despite all this, there is one tech category that has held up fairly well: Cybersecurity. Just look at a report from M&A advisory firm Houlihan Lokey , which found that private cybersecurity company funding grew by 9.4% There have been a number of impressive funding rounds this year for cybersecurity startups.

Cybersecurity

Cybersecurity Compliance Risk Ransomware

How to use foundation models and trusted governance to manage AI workflow risk

IBM Big Data Hub

OCTOBER 16, 2023

As more businesses use AI systems and the technology continues to mature and change, improper use could expose a company to significant financial, operational, regulatory and reputational risks. This is where AI governance comes into play: addressing these potential and inevitable problems of adoption.

Government

Government Risk Artificial Intelligence Metadata

NYDFS finalizes cybersecurity rule amendments

Data Protection Report

NOVEMBER 2, 2023

On November 1, 2023, the New York Department of Financial Services (NYDFS) finalized the second amendment to its cybersecurity regulations, which are available here. NYDFS retained the broader term “cybersecurity event” that it uses in several sections of the regulation, but, with respect to notifications to NYDFS (§ 500.17(a)),

Cybersecurity

Cybersecurity Compliance Financial Services Government

New SEC Rules around Cybersecurity Incident Disclosures

Schneier on Security

AUGUST 2, 2023

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk.

Cybersecurity

Cybersecurity Risk Privacy Information Security

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

The Last Watchdog

SEPTEMBER 7, 2022

Finally, Uncle Sam is compelling companies to take cybersecurity seriously. Cybersecurity Maturity Model Certification version 2.0 could take effect as early as May 2023 mandating detailed audits of the cybersecurity practices of any company that hopes to do business with the Department of Defense. Raising the bar.

Cybersecurity

Cybersecurity Digital transformation Compliance Risk

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

Data Protection Report

AUGUST 29, 2022

On July 13, 2022, the Office of the Superintendent of Financial Institutions (OSFI) released its final Guideline B-13 (the Guideline), setting out technology and cyber risk management expectations for all federally regulated financial institutions (FRFIs), such as banks, insurance and trust companies. Read the full update here.

Risk

Risk Insurance Cybersecurity Government

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

Hunton Privacy

JULY 5, 2023

On June 28, 2023, the New York Department of Financial Services (“NYDFS”) published an updated proposed Second Amendment (“Amendment”) to its Cybersecurity Regulation, 23 NYCRR Part 500. As described below, senior governing bodies would have new oversight responsibilities under the amendments.

Cybersecurity

Cybersecurity IT Compliance Financial Services

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

The Last Watchdog

APRIL 13, 2022

These Russian cyber actors are government organizations and include other parties who take their orders from the Russian military or intelligence organizations – while not technically under government control. Cybersecurity and Infrastructure Security Agency (CISA) has started a campaign to increase awareness of these risks to U.S.

Cybersecurity

Cybersecurity Military Passwords Education

CISA Order Highlights Persistent Risk at Network Edge

Krebs on Security

JUNE 15, 2023

government agency in charge of improving the nation’s cybersecurity posture is ordering all federal agencies to take new measures to restrict access to Internet-exposed networking equipment. The directive comes amid a surge in attacks targeting previously unknown vulnerabilities in widely used security and networking appliances.

Risk

Risk Ransomware Cybersecurity Access

US Government to Study Cyber Insurance Backstop

Data Breach Today

SEPTEMBER 29, 2022

Cyber Insurers Limit Financial Exposure While Risk Grows The Department of Treasury and the Cybersecurity and Infrastructure Agency are soliciting comments on whether risks to critical infrastructure from a catastrophic cyber attack - and the concurrent potential for ruinous financial exposure by insurers - should lead to a new federal approach.

Insurance

Insurance Government Risk Cybersecurity

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

eSecurity Planet

FEBRUARY 26, 2024

To secure sensitive data, cybersecurity specialists, software vendors, and end users should encourage collaborative efforts against malicious activities. Users are strongly recommended to quickly upgrade their Bricks Builder Theme installations to this current version to reduce the risk of exploitation.

Risk

Risk Authentication Systems administration Ransomware

The Risks of Delaying CMMC 2.0 Compliance

Daymark

SEPTEMBER 29, 2022

The Cybersecurity Maturity Model Certification (CMMC) 2.0 is the DoD framework designed to enhance cybersecurity and protect against compromise of sensitive defense information on contractors’ systems. requirements. requirements. Here’s why:

Compliance

Compliance Risk Cybersecurity Government

News alert: Kiteworks forecast lays out risk predictions, strategies for sensitive content in 2024

The Last Watchdog

NOVEMBER 29, 2023

The report outlines 12 predictions and strategies to help IT, security, risk management, and compliance leaders tackle data privacy and cyber-risk challenges for the coming year. About Kiteworks: Kiteworks’ mission is to empower organizations to effectively manage risk in every send, share, receive, and save of sensitive content.

Risk

Risk Data Privacy Compliance Communications

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger

MAY 16, 2024

In this Spotlight Podcast, host Paul Roberts talks with Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT) and how organizations that manage OT - including critical infrastructure owners can best manage increased cyber risks to OT environments. Read the whole entry. »

Risk

Risk Energy and Utilities Cybersecurity Systems administration

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

The Last Watchdog

APRIL 1, 2020

Related: What we’ve learned from the massive breach of Capitol At RSA 2020 , I learned about how one of the routine daily chores all large organizations perform — data governance — has started to emerge as something of a cybersecurity multiplier. A robust data archiving strategy puts data into tiers, Lahiri says.

Government

Government Cybersecurity Archiving Access

UK Government Publishes AI Cybersecurity Guidance

NIST Unveils Second Iteration of Cybersecurity Framework

Webinars

Trending Sources

EU Enhances Cybersecurity Requirements for Agencies

Webinars

UK Government Publishes Draft Code of Practice on Cybersecurity Governance

Report Urges NASA to Improve Cybersecurity Risk Management

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

What is Cybersecurity Risk Management?

How State Governments Can Regulate AI and Protect Privacy

NIST Cybersecurity Framework 2.0

Managing AI risks and legal implications, effective cybersecurity, ensuring privacy and the integrity of organizational records

Quantum Computing: Assessing the Risks

Newly Proposed SEC Cybersecurity Risk Management and Governance Rules and Amendments for Public Companies

Government Shutdown: Experts Fear Deep Cybersecurity Impact

OT-IT Integration Raises Risk for Water Providers, Experts Say

GUEST ESSAY: Where we stand on mitigating software risks associated with fly-by-wire jetliners

How the U.S. Government Views the Bright, Dark Sides of AI

OIG: VA Workers Hid ‘Big Data’ Project Privacy, Security Risks

LW ROUNDTABLE: Cybersecurity takeaways of 2023 — and what’s ahead in 2024 ( part 3)

Developments to Improve the Cybersecurity of Federal Government Agencies, Critical Infrastructure

FTX Collapse Highlights the Cybersecurity Risks of Crypto

Cyber Mavens Slam Europe's Cyber Resilience Act

Despite Cybersecurity Improvements in UK Organizations, Attacks Still Persist

What Is Integrated Risk Management? Definition & Implementation

GUEST ESSAY: A roadmap for the finance teams at small businesses to improve cybersecurity

Security Risks of AI

How Will SEC Rules Affect Reporting, Tracking of Incidents?

Screening Your Supply Chain: How Far Will You Go For Cybersecurity?

New York Increases Cybersecurity Rules for Financial Companies

NYDFS releases major update to Part 500 cybersecurity requirements for financial services companies

What VCs See Happening in Cybersecurity in 2023

How to use foundation models and trusted governance to manage AI workflow risk

NYDFS finalizes cybersecurity rule amendments

New SEC Rules around Cybersecurity Incident Disclosures

SHARED INTEL: The cybersecurity sea change coming with the implementation of ‘CMMC’

OSFI’s Technology and Cyber Risk Management Guideline: Part 1

NYDFS Proposes Updated Second Amendment to Its Cybersecurity Regulation

GUEST ESSAY: Preparing for the dire cybersecurity consequences of Russia’s invasion of Ukraine

CISA Order Highlights Persistent Risk at Network Edge

US Government to Study Cyber Insurance Backstop

VulnRecap 2/26/24 – VMWare, Apple, ScreenConnect Face Risks

The Risks of Delaying CMMC 2.0 Compliance

News alert: Kiteworks forecast lays out risk predictions, strategies for sensitive content in 2024

Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

BEST PRACTICES: Why pursuing sound ‘data governance’ can be a cybersecurity multiplier

Stay Connected