Blog Posts Tagged with "Mandatory Reporting"


Utility Breach Prompts Enforcement and Industry-Wide Security Review

September 06, 2012 Added by:David Navetta

Expect an uptick in privacy enforcement by state utility regulators. Utilities across the country are advised to review their information security programs (including vendor management requirements) and breach response processes to address their regulators' concerns...

Comments  (0)


Notifying Customers About a Data Breach: Five Rules

July 17, 2012 Added by:Megan Berry

Legal fees, clean-up costs, lost business and damage to an organization’s reputation: consequences of a business being hit with a data breach. Cost can be significant, which is why it is critical to properly respond after a data breach...

Comments  (0)


Study Finds Minimal Transparency in Breach Reports

July 17, 2012 Added by:Headlines

"Other than breaches reported by the media and a few progressive state websites, there continues to be little or no information available on many data breach events. The public has no way of knowing just how minor or serious the data exposure was for any given incident," ITRC states...

Comments  (0)


Netherlands to Establish Mandatory Breach Notification

July 11, 2012 Added by:Matthijs R. Koot

In 2012, Netherlands will establish mandatory breach notification for vital sectors, giving the government increasing sectoral intervention possibilities. This includes the authority to obtain information, administrative enforcement of designations and the authority to appoint an officer on behalf of the government...

Comments  (0)


Two Northeast States Updated Breach Notification Statutes

June 27, 2012 Added by:David Navetta

Much time and ink has been spent on the steady stream of data security and breach-related bills that spring up in Congress like mushrooms after a rain. But recently Vermont and Connecticut updated their existing breach notification statutes, highlighting the need to monitor state legislatures...

Comments  (0)


Tip of the Iceberg: 107,655 Cybersecurity Incidents in 2011

June 19, 2012 Added by:Joel Harding

Only a small percentage of companies will voluntarily share security information, and we can not see systemic trends. What is needed is a level playing field for all. All corporations need to disclose cybersecurity incident data so we can get a comprehensive picture a systemic defense is possible...

Comments  (0)


KPN Hack: Why was Customer Notification Delayed?

February 13, 2012 Added by:Plagiarist Paganini

The login credentials were stored in plain text in the repository that had been exposed, and that is absurd. This is a failure of the basic security procedures that should be recognized internationally, and is an offense for which there should be heavy penalties...

Comments  (0)


A Failed Attempt at Optimizing an Infosec Risk Assessment

January 28, 2012 Added by:Bozidar Spirovski

Having a standardized method for risk assessment in infosec based on hard numbers would be great. But since the factors included in any incident are complex and varying, and consistent incident reporting is impossible, we will be sticking to the current qualitative methods...

Comments  (3)


SEC Calls for Cohesive Incident Response and Reporting

December 09, 2011 Added by:Steven Fox, CISSP, QSA

This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...

Comments  (0)


SEC to Enterprises: Account for Cybersecurity

October 14, 2011 Added by:Chris Blask

On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...

Comments  (0)


Network Security and Mandatory Disclosure

October 10, 2011 Added by:Craig S Wright

Security disclosures can have an impact on a company’s share price. Some organisations actually have no economic impact from a breach. For others, the effect is catastrophic. But, security through obscurity is simply false security and leaves us vulnerable with no way to measure the true risk...

Comments  (2)


Hackers Targeting Small Businesses

September 16, 2011 Added by:Robert Siciliano

Big companies and big government get big press when their data is breached. When a big company is hit, those whose accounts have been compromised are often notified. With smaller businesses, however, victims are often in the dark, regardless of the state laws requiring notification...

Comments  (0)


California Amends Data Breach Law - For Real This Time

September 07, 2011 Added by:David Navetta

SB 24 requires the inclusion of certain content in data breach notifications, including a description of the incident, the type of information breached, the time of the breach, and toll-free telephone numbers and addresses of the major credit reporting agencies in California...

Comments  (0)


Legislation to Require Mandatory Breach Reporting

June 14, 2011 Added by:Headlines

“You shouldn’t have to cross your fingers and whisper a prayer when you type in a credit card number on your computer and hit ‘enter.’ E-commerce is a vital and growing part of our economy. We should take steps to embrace and protect it – and that starts with robust cyber security..."

Comments  (0)


Essentials for an FCPA Compliance Program

June 10, 2011 Added by:Thomas Fox

Ongoing monitoring, auditing and assessments need to go down to the individual employee level. There should be both a ‘carrot and stick’ approach so that employees are disciplined for compliance failures, but also rewarded for doing business through appropriate compliance avenues...

Comments  (1)


To Disclose or NOT to Disclose...

June 09, 2011 Added by:Andrew Baker

The issue of disclosure is a sensitive one, and it is important not to feed more bad guys with more information that will allow them to have greater success, but it is abundantly clear that two months of saying essentially nothing is at least just as bad as saying too much, if not worse...

Comments  (0)

Page « < 1 - 2 > »