Cybersecurity Governance News – 3/11/16

by | Mar 11, 2016

Personal and corporate liability for breaches is a hot topic and action is being taken by the financial industry. The medical industry is lagging with hospitals remaining easy targets for hackers; however, HIPAA compliance, however, is important as the Office of Civil Rights is performing random audits.

The Security Challenge of the Healthcare Industry

The State of Security, Mar. 3
Hackers spend days, maybe weeks figuring out ways to get onto a network or social engineer a way into a building so they can seed their malware. It would literally take them five minutes in most hospitals across the United States. All they would need to do is…

Read Article

Secure? Says Who?

Cybergovernance Journal, Feb. 29
Personal and corporate liability for breaches is a hot topic. The current buzzword in board discussions is “active engagement.” Terri Curran: “I’ve been in boardroom meetings where as soon as the CISO’s metrics presentation flashed on screen, eyes rolled heavenward and email was surreptitiously checked.”

Read Article

Marcus Ranum Chats with CGI Group’s Terri Curran

TechTarget, Mar. 3
Compliance metrics are pretty straightforward based on the external contractual and regulatory compliance requirements of the organization. PCI DSS, NIST 800-53—lots of requirements provide great metrics as part of execution.

Read Article

SEC Makes Cybersecurity Examination Priority for 2016

National Law Review, Feb 29
The 2016 examinations will be looking at structural risks and trends that may involve multiple firms or entire industries. The examinations will include the testing and assessment of the implementation of procedures and controls at target companies…

Read Article

NFA Members Must Have a Cybersecurity Program in Place – Now

JDSupra Business Advisor, Mar. 1
Starting March 1, all commodity pool operators, commodity trading advisors, futures commission merchants, retail foreign exchange dealers, investment brokers, major swap participants and swap dealers that are National Futures Association (NFA) member firms (together the Covered Parties) must have one…

Read Article

How to Be HIPAA Compliant

Cybergovernance, Mar. 3
HIPAA doesn’t actually define a threshold where you are suddenly compliant. While some third parties claim to certify you, the Office of Civil Rights (OCR) doesn’t recognize any certification and may still find you lacking…

Read Article

Be notified of new Journal entries in your email box or Follow us on Twitter.