Education, Information Security, Insurance and Training

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Data Matters

FEBRUARY 10, 2021

2 announcing a Cyber Insurance Risk Framework (the Framework) that describes industry best practices for New York-regulated property/casualty insurers. According to NYDFS, the incorporation of these practices should be proportionate to each insurer’s size, resources, geographic distribution, and other factors. The Framework.

Insurance

Insurance Financial Services Cybersecurity Risk

Security Compliance & Data Privacy Regulations

eSecurity Planet

AUGUST 9, 2022

are subject to laws such as the Health Insurance Portability and Accountability Act (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (the HITECH Act), as well as regulations such as the Clinical Laboratory Improvements Amendments (CLIA). Automating IT Compliance with Security Compliance Tools.

Data Privacy

Data Privacy Compliance Privacy Security

How can organisations close the cyber security skills gap?

IT Governance

SEPTEMBER 15, 2021

In theory, this should be no different when it comes to cyber security. Whether it’s a top-level role, such as a CISO (chief information security officer), or a member of the IT team who takes on security-related tasks, there are plenty of job roles suited for varying levels of seniority and experience.

Security

Security Insurance Education Government

Webinars

Generative AI Deep Dive: Advancing from Proof of Concept to Production

MORE WEBINARS

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

Armstrong Archives

DECEMBER 19, 2023

No matter the size of a business, a well-defined record retention policy serves multiple purposes: ensuring compliance with legal and regulatory requirements, aiding in efficient document management, and securing sensitive information. This act mandates the retention of financial records and audits for a minimum of five years.

Compliance

Compliance Archiving Digital transformation Sales

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Data Matters

APRIL 20, 2021

DOL guidance provides a series of questions that should serve as a starting point for this review and includes topics such as the service provider’s information security standards, track record, cybersecurity insurance coverage, and cybersecurity validation techniques.

Cybersecurity

Cybersecurity Insurance Risk Compliance

Government survey reveals GDPR awareness is falling short

IT Governance

FEBRUARY 8, 2018

Of those surveyed: 36% of businesses and charities that were aware of the GDPR had created or changed policies and procedures; 21% of businesses and 10% of charities had provided additional staff training or communications; and. Just 6% of businesses and 12% of charities had installed, changed or updated anti-virus or anti-malware software.

GDPR

GDPR Government Education Compliance

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Hunton Privacy

JUNE 17, 2019

The settlement resolves a multistate litigation arising out of a May 2015 data breach in which hackers infiltrated WebChart, a web application run by MIE, and stole the electronic Protected Health Information (“ePHI”) of over 3.9 million individuals. Notably, the lawsuit was the first-ever multistate litigation alleging claims under HIPAA.

Data breaches

Data breaches IT Insurance Privacy

Catches of the Month: Phishing Scams for April 2023

IT Governance

APRIL 11, 2023

Commenting on the report, Cofense Vice President and Chief Information Security Officer Tonia Dudley highlighted the increase in cyber attacks conducted by nation states. You can help educate your staff with IT Governance’s Phishing Staff Awareness Training Programme.

Phishing

Phishing Passwords Ransomware Insurance

ICO issue fine of £4.4 to Interserve for security failings

DLA Piper Privacy Matters

OCTOBER 25, 2022

The databases also held special category personal data including ethnic origin; religion; details of disabilities; sexual orientation, and health information relevant to ill-heath retirement applications. On the face of it, this is a sizeable fine issued to a non household name controller for perceived failings in information security.

Security

Security GDPR Personal data Insurance

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Hunton Privacy

JULY 11, 2017

According to the Draft Regulations, this may include network facilities and information systems operated and managed by (1) government agencies and entities in the energy, finance, transportation, water conservation, health care, education, social insurance, environmental protection and public utilities sectors; (2) information networks, such as telecommunications (..)

Energy and Utilities

Energy and Utilities Security Cybersecurity Manufacturing

Learnings from ALM/Law.com Legalweek 2024: Six Key Takeaways

eDiscovery Daily

FEBRUARY 12, 2024

Take advantage of how technology is levelling the playing field Technology has broken barriers and created greater access to opportunities in other fields for years: education, healthcare, etc. “…present yourself as a gift…and put into energy solving someone’s problem,” he said.

CMS

CMS Phishing Communications Insurance

Learning from ALM/Law.com Legalweek 2024: Six Key Takeaways

eDiscovery Daily

FEBRUARY 11, 2024

Take advantage of how technology is levelling the playing field Technology has broken barriers and created greater access to opportunities in other fields for years: education, healthcare, etc. “…present yourself as a gift…and put into energy solving someone’s problem,” he said.

CMS

CMS Phishing Communications Insurance

Massachusetts Hospital Settles Data Breach Lawsuit

Hunton Privacy

JUNE 7, 2012

Attorney General Coakley filed a suit against South Shore Hospital based on violations of the Massachusetts Consumer Protection Act and the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).

Data breaches

Data breaches Privacy Insurance Education

Wake up to the reality of the GDPR: What you need to know about compliance

IT Governance

JANUARY 30, 2019

The GDPR considers personal data to be anything that identifies, or can be used to identify, a living person, such as your name, National Insurance number or email address (personal or work). Things get a little more complicated when you factor in that each piece of information doesn’t have to be taken on its own.

GDPR

GDPR Compliance Personal data Data breaches

Top GRC Tools & Software for 2021

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. LogicManager is lauded for its user experience and technical training and was named a Challenger in Gartner’s 2020 Magic Quadrant for IT risk management. LogicManager.

Compliance

Compliance Risk Government Retail

Top 10 Governance, Risk and Compliance (GRC) Vendors

eSecurity Planet

JANUARY 21, 2021

LogicManager’s GRC solution has specific use cases across financial services, education, government, healthcare, retail, and technology industries, among others. LogicManager is lauded for its user experience and technical training and was named a Challenger in Gartner’s 2020 Magic Quadrant for IT risk management. LogicManager.

Compliance

Compliance Risk Government Retail

Network Security Architecture: Best Practices & Tools

eSecurity Planet

APRIL 26, 2024

Penetration testing : Tests security controls to verify correct implementation, detect vulnerabilities, and confirm adequate security controls for risk reduction goals. Cybersecurity training : Educates employees regarding basic best practices to recognize attacks, avoid scams, and protect against breaches or data loss.

Security

Security Cloud Cybersecurity Risk

List of Data Breaches and Cyber Attacks in 2023

IT Governance

JUNE 1, 2023

Meanwhile, you can subscribe to our Weekly Round-up to receive the latest cyber security news and advice delivered straight to your inbox. IT Governance is dedicated to helping organisations tackle the threat of cyber crime and other information security weaknesses. With that out of the way, it’s time to move on to May 2023.

Data breaches

Data breaches Insurance Personal data Ransomware

Debut of the Texas State Records Retention Schedule (RRS): 5th Edition – 5/10/2020

The Texas Record

MAY 1, 2020

Training series have been clarified and expanded. 1.1.043 Training Materials now includes class rosters, sign-in sheets, etc. description explains that this series is only for training of non-personnel 3.3.030 Internal Training Administration Records now includes class rosters, sign-in sheets, etc. What’s missing?

Computer and Electronics

Computer and Electronics Insurance Sales Paper

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Data Matters

APRIL 23, 2018

Information security is not yet a science; outside of the handful of issues falling under the field of cryptography, there is no formalized system of classification. The most prepared cybersecurity programs of today will not attempt to implement a static, “out-of-the-box” solution to cyber risk. Principle 5.

Cybersecurity

Cybersecurity Risk Passwords Authentication

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

Hunton Privacy

NOVEMBER 25, 2014

The Attorney General alleged that the breach was a result of BIDMC’s failure to lawfully protect the personal and protected health information of its patients and employees in violation of the Massachusetts Consumer Protection Act, the Massachusetts Data Security Law, and the federal Health Insurance Portability and Accountability Act.

Security

Security Insurance Data breaches Education

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

KnowBe4

MAY 31, 2023

The next layer in your defense should be a user that's properly educated using security awareness training to easily identify financial fraud and other phishing-based threats, stopping them before they do actual damage. Get a look at THREE NEW FEATURES and see how easy it is to train and phish your users.

Phishing

Phishing File names Security awareness Risk

Final Draft of EU AI Act Leaked

Hunton Privacy

FEBRUARY 1, 2024

In addition to the above categories of AI systems, the AI Act will impose specific obligations on providers of generative AI models on which general purpose AI systems, like ChatGPT, are based ( e.g. , an obligation to make a summary of the content used to train the models publicly available). Education and Vocational Training.

Risk

Risk Education Artificial Intelligence Insurance

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

IT Governance

APRIL 29, 2024

Known data breached Discord (via Spy.pet) Source (New) IT services USA Yes 4,186,879,104 Baidu, Inc., Source (New) Finance USA Yes 1,955,385 BerryDunn and Reliable Networks Source (New) Finance and IT services USA Yes 1,107,354 VISAV Limited Source (New) IT services UK Yes >1,000,000 Designed Receivable Solutions, Inc.

Data Privacy

Data Privacy Privacy Manufacturing Security

The Hacker Mind Podcast: Tib3rius

ForAllSecure

JANUARY 11, 2023

Tib3rius from White Oak Security discusses his experience as a web application security pen tester, his OSCP certification, and how he’s giving back to the community with his Twitch , Youtube , and tools he's made available on GitHub. And, when you think about it, criminal hackers don’t have years of formal education.

IT

IT Security Access Education

Information Management Today

New York Department of Financial Services Issues First Guidance by a U.S. Regulator Concerning Cyber Insurance

Security Compliance & Data Privacy Regulations

Webinars

Trending Sources

How can organisations close the cyber security skills gap?

Webinars

Record Retention Policy for Businesses: A Strategic Guide to Compliance and Efficiency

DOL Puts Plan Sponsors and Other Fiduciaries on Notice: ERISA Requires Appropriate Precautions to Mitigate Cybersecurity Threats

Government survey reveals GDPR awareness is falling short

First-of-its-Kind Multistate Litigation Involving HIPAA-Related Data Breach Reaches 900,000 Dollar Settlement

Catches of the Month: Phishing Scams for April 2023

ICO issue fine of £4.4 to Interserve for security failings

China Publishes Draft Regulations on Protecting the Security of Key Information Infrastructure

Learnings from ALM/Law.com Legalweek 2024: Six Key Takeaways

Learning from ALM/Law.com Legalweek 2024: Six Key Takeaways

Massachusetts Hospital Settles Data Breach Lawsuit

Wake up to the reality of the GDPR: What you need to know about compliance

Top GRC Tools & Software for 2021

Top 10 Governance, Risk and Compliance (GRC) Vendors

Network Security Architecture: Best Practices & Tools

List of Data Breaches and Cyber Attacks in 2023

Debut of the Texas State Records Retention Schedule (RRS): 5th Edition – 5/10/2020

An Approach to Cybersecurity Risk Oversight for Corporate Directors

Massachusetts Attorney General Reaches Settlement with Boston Hospital Over Data Security Allegations

CyberheistNews Vol 13 #22 [Eye on Fraud] A Closer Look at the Massive 72% Spike in Financial Phishing Attacks

Final Draft of EU AI Act Leaked

The Week in Cyber Security and Data Privacy: 22 – 28 April 2024

The Hacker Mind Podcast: Tib3rius

Stay Connected