The SEC at RSA 2015: Focus on Breach and Disclosure

At the 2015 RSA conference, Commissioner Aguilar’s Chief of Staff, Smeta Ramarathnam, participated in a panel titled “Full Disclosure: What Companies Should Tell Investors About Cyber Incidents.”  While Aguilar’s emissary reminded us of the importance of general cybersecurity risk disclosure, her message focused upon the disclosure of breach events, stating that the [...]

By |2018-01-25T21:47:42-04:00April 28th, 2015|Cyber Security, SEC|0 Comments

Cybersecurity Guidance from the Insurance Industry Endorses NIST Framework

Evidence continues to mount for broad acceptance of NIST CSF Action Item: Executives, General Counsels, Compliance Officers, and Board Members, across industries, should consider these principles. Last week (April 17, 2015), the National Association of Insurance Commissioners (NAIC) adopted twelve basic principles to provide guidance to insurers, producers, and other regulated entities. [...]

By |2018-01-25T21:49:36-04:00April 22nd, 2015|Data Protection, Information Security|0 Comments

Incident Response Planning – Are You Ready?

Most companies have a cybersecurity plan of sorts in place already. When we speak, in general terms, about the first three key functions in the NIST Cybersecurity Framework, “Identify”, “Detect”, and “Protect”, we are met with understanding. After all, these categories make sense to all of us. Identifying those assets that need [...]

By |2018-01-26T17:36:56-04:00April 14th, 2015|Best Practices, Cyber Security|0 Comments

Flash Point For Law Firms: Time to Act on Cybersecurity Practices

On March 26th, two days after our “Current State of Affairs” post for the Legal Industry, the New York Times reported on an internal Citigroup memo discussing specific breach and security shortcomings at Law Firms.[1] Further, an April 8th Dealbook piece is again discussing Law Firms as vendors to major banks and Wall St. Firms who must [...]

By |2018-01-26T17:39:06-04:00April 9th, 2015|Best Practices, Cyber Security|0 Comments