Cybergovernance Journal Update – 1/29/2016
As security breaches, especially from state actors like China, increase risk, technological, legislative and framework strategies are evolving to counter them.
The Hill, Jan. 27
A bill known as the Cybersecurity Disclosure Act would require public companies to tell the federal government whether their boards include someone with knowledge of network security. The measure would require publicly traded companies to disclose to the SEC whether any member of the board of directors is a cybersecurity expert. If there are no experts, the company would have to explain what alternate steps it is taking to protect its systems from cyberattacks.
Cybergovernance Journal, Jan. 25
The cybersecurity attack surface represents a significant liability for boards of directors. The best protection is assurance that all who operate within the organization are pursuing best practices to manage cyber risk. Boards must strive for policy implementation that is observable and measurable. An integrated approach that blends functional teams and demands support from managers will add depth to cyber capabilities.
Bank Info Security, Jan. 25
Banking institutions and associations, in their extensive comments, have asked the FFIEC to issue a second version of the tool, after closer collaboration with cybersecurity representatives from the banking industry, that includes recommendations and assessments that meet banking-specific needs; and ensure that the tool’s assessment recommendations more closely resemble those outlined in the National Institute of Standards and Technology Cybersecurity Framework.
KornFerry Institute, Jan. 01
“A CISO-CIO reporting relationship could potentially make the enterprise less secure,” says Melissa Hathaway, private sector expert and former cybersecurity “czar” under Presidents George W. Bush and Barack Obama, “The CISO is responsible for keeping the enterprise safe and the CIO is responsible for keeping the enterprise running 24/7, so there can be an inherent conflict. It should be a shared decision in the C-suite with the CEO playing a key role.”
ZDNet, Jan. 26
A security flaw in Con Edison’s website can allow an attacker to hijack customer accounts and steal personal information. A successful attacker would be able to log in as the customer, allowing them to see personal information — including home address, phone numbers, account numbers, billing history and copies of mailed correspondence.
CB Insights, Jan. 14
If blockchain tech is more widely adopted, the probability of hacking could go down, as blockchain is believed to be more robust than many legacy systems. One way it reduces conventional cybersecurity risk is simply by removing the need for virtually all human intermediaries.