Cybersecurity Governance News – 3/11/16
Personal and corporate liability for breaches is a hot topic and action is being taken by the financial industry. The medical industry is lagging with hospitals remaining easy targets for hackers; however, HIPAA compliance, however, is important as the Office of Civil Rights is performing random audits.
The Security Challenge of the Healthcare Industry
The State of Security, Mar. 3
Hackers spend days, maybe weeks figuring out ways to get onto a network or social engineer a way into a building so they can seed their malware. It would literally take them five minutes in most hospitals across the United States. All they would need to do is…
Secure? Says Who?
Cybergovernance Journal, Feb. 29
Personal and corporate liability for breaches is a hot topic. The current buzzword in board discussions is “active engagement.” Terri Curran: “I’ve been in boardroom meetings where as soon as the CISO’s metrics presentation flashed on screen, eyes rolled heavenward and email was surreptitiously checked.”
Marcus Ranum Chats with CGI Group’s Terri Curran
TechTarget, Mar. 3
Compliance metrics are pretty straightforward based on the external contractual and regulatory compliance requirements of the organization. PCI DSS, NIST 800-53—lots of requirements provide great metrics as part of execution.
SEC Makes Cybersecurity Examination Priority for 2016
National Law Review, Feb 29
The 2016 examinations will be looking at structural risks and trends that may involve multiple firms or entire industries. The examinations will include the testing and assessment of the implementation of procedures and controls at target companies…
NFA Members Must Have a Cybersecurity Program in Place – Now
JDSupra Business Advisor, Mar. 1
Starting March 1, all commodity pool operators, commodity trading advisors, futures commission merchants, retail foreign exchange dealers, investment brokers, major swap participants and swap dealers that are National Futures Association (NFA) member firms (together the Covered Parties) must have one…
How to Be HIPAA Compliant
Cybergovernance, Mar. 3
HIPAA doesn’t actually define a threshold where you are suddenly compliant. While some third parties claim to certify you, the Office of Civil Rights (OCR) doesn’t recognize any certification and may still find you lacking…