DOJ Follows the SEC With Guidance on Breach Practices
Legal and Financial firms should be aware of and understand the guidance offered by the U.S. Department of Justice, Criminal Division, Cybersecurity Unit, titled “Best Practices for Victim Response and Reporting of Cyber Incidents” which was issued last Friday, April 29, 2015. We sit up and pay attention when Executive Departments [...]
SEC Offers Cybersecurity Guidance
The SEC has offered definitive guidance on Cybersecurity, tying failures or shortcomings in practices to specific Rules and Regulations and paving the way for potential enforcement. While we have been discussing the path the SEC was implying for some months in the wake of the Cybersecurity Sweep results of February 3, [...]
The SEC at RSA 2015: Focus on Breach and Disclosure
At the 2015 RSA conference, Commissioner Aguilar’s Chief of Staff, Smeta Ramarathnam, participated in a panel titled “Full Disclosure: What Companies Should Tell Investors About Cyber Incidents.” While Aguilar’s emissary reminded us of the importance of general cybersecurity risk disclosure, her message focused upon the disclosure of breach events, stating that [...]
Cybersecurity Guidance from the Insurance Industry Endorses NIST Framework
Evidence continues to mount for broad acceptance of NIST CSF Action Item: Executives, General Counsels, Compliance Officers, and Board Members, across industries, should consider these principles. Last week (April 17, 2015), the National Association of Insurance Commissioners (NAIC) adopted twelve basic principles to provide guidance to insurers, producers, and other regulated [...]
Incident Recovery: Getting Things Back To Normal
A cybersecurity event has occurred at your firm. Your team is deep into its incident response plan. Procedures that you put in place and have tested and improved over the years are flowing relatively smoothly to their conclusion. Forensics staff have been brought in to determine how the incident occurred, law [...]
Incident Response Planning – Are You Ready?
Most companies have a cybersecurity plan of sorts in place already. When we speak, in general terms, about the first three key functions in the NIST Cybersecurity Framework, “Identify”, “Detect”, and “Protect”, we are met with understanding. After all, these categories make sense to all of us. Identifying those assets that [...]