Cybersecurity Governance News – 3/4/16
The technological elements of cybersecurity remain the easiest to regulate and build. The human elements, on the other hand, require changes that many companies are too slow in adopting.
Firms Expect Greater Government Cybersecurity Oversight
CSO, Mar. 1
A surprising 90% of corporate board members said that regulators should hold businesses liable for breaches if they were negligent with customer data or failed to have reasonable security in place.
HHS Issues “Crosswalk” Between HIPAA and NIST Cyber Standards
DHHS Office for Civil Rights, Feb. 2016
Organizations that have already aligned their security programs to either the NIST Cybersecurity Framework or the HIPAA Security Rule may find this crosswalk helpful as a starting place to identify potential gaps in their programs. Addressing these gaps can bolster their compliance with the Security Rule…
Last Year’s IRS Hack Was Way Worse Than We Realized
WIRED, Feb. 26
The initial IRS report indicated that 114,000 accounts had been compromised. It revised that number last August, raising it to 334,000. On Friday, the IRS added another 390,000 accounts to the pile, for a total of well over 700,000 people…
The Weakest Link Will Always Be the Human Element
GovTech, Mar. 1
The weakest link will always be the human element. However, there are many new interesting technologies that could significantly impact cybersecurity in the near future…
C Suite Insights on Cybersecurity
Security Intelligence, Feb 17
54% acknowledged risks from organized crime groups. However, many tend to overemphasize the risks from opportunistic rogue actors and discount the dangers from other sources such as industry spies, domestic and foreign governments and inside personnel…
Survey Reveals Cybersecurity Education & Training Gaps Among Boards, C-Level Executives
BusinessWire, Feb. 25
According to the survey, nearly one third of executives reported experiencing three or more cyberattacks on their company in 2015. Thirty-five% of respondents either do not know or are not sure what legally constitutes a data breach in their state, and nine percent of executives report that they are never briefed on cybersecurity matters.