A proposed rule requiring publicly traded companies to disclose a breach within four days of deeming it material will force CISOs to determine the consequences of breaches sooner. CISOs will need to have board-level conversations within a day or two of discovering an issue to assess materiality.
Hackers are exploiting third-party remote access. If you’re not taking third-party risk seriously, it’s just a matter of time until your company is the next headline.
The Food and Drug Administration on Thursday issued revamped draft guidance providing updated and detailed recommendations for how medical device makers should address cybersecurity risk in the premarket of their products, especially as the threat landscape continues to evolve.
In the latest "Proof of Concept," Lisa Sotto, partner and chair of the global privacy and cybersecurity practice at Hunton Andrews Kurth LLP and David Pollino, former CISO at PNC Bank, join Information Security Media Group editors to discuss U.S. regulatory trends and supply chain risk management.
Federal regulators are seeking public input about how they should consider the "recognized" security practices of organizations when taking potential HIPAA enforcement actions - and how to distribute a percentage of HIPAA fines to individuals harmed by violations.
The PCI Security Standards Council on Thursday released the Payment Card Industry Data Security Standard version 4.0. The latest version's improvements are intended to counter evolving threats and technologies, and the new version will enable innovative methods to combat new threats.
If an organization doesn’t know who is accessing what, how can they be trusted to make sure a bad actor isn’t gaining access to data, assets, or systems they shouldn’t?
As Finnish technology giant Nokia announces it is ceasing sales in Russia over the war with Ukraine, the company is facing tough questions over how it helped enable a mass surveillance program that supports President Vladimir Putin's autocratic regime.
The Russia-Ukraine war has altered the risks facing organizations that use Russian technology or services, including the increased threat of being directly targeted, as well as disruptions caused by any new sanctions, warns Britain's National Cyber Security Center.
In the latest "Troublemaker CISO" post, security director Ian Keller discusses killware - "a hack of critical services and or infrastructure that can lead to the loss of life" - and asks: "Why should the power grid - or hospitals, water treatment plants or your pacemaker - be internet-accessible?
A bipartisan Senate bill proposes closer collaboration between the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, with a goal of strengthening cybersecurity in the health and public health sectors. But would that make a major difference?
Life comes at you fast, especially when you're a breached business such as Okta, which may have exposed customer data or otherwise put the businesses paying for your product at risk. Here's how after detecting the breach, Okta fumbled its response, and what others should learn from this experience.
As President Joe Biden visits Europe this week, the U.S. and the European Commission announced they have agreed in principle to a new Trans-Atlantic Data Privacy Framework. Officials say it will foster cross-border data flows and address concerns raised by the EU Court of Justice in 2020.
The number of major health data breaches posted to the federal tally so far in 2022 - and the total number of individuals affected by those breaches - has surged in recent weeks as reports of large hacking incidents continue to flow in to regulators.
IT officials from Ukraine continue to call out alleged Russian cyberattacks. This comes as hacktivists have taken matters into their own hands in the digital underground. Also: NATO pledges additional cyber support, while President Joe Biden urges U.S. governors to bolster defenses.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.co.uk, you agree to our use of cookies.