Cybergovernance Journal Update – 3/17/17
Not all cybersecurity frameworks are equal. While some companies recognize they need to utilize the most comprehensive plans, others will only implement the bare minimum putting other institutions at risk.
Law360, Mar. 9
“I think the New York regulations will be looked at in the future as how not to engage in cybersecurity regulation,” Pillsbury Winthrop Shaw Pittman LLP partner Brian E. Finch said. He called the regulation “while surely well-intentioned … a mélange of basic security measures thrown together with no clear guidance on how they are supposed to work together or what would even constitute a sufficient or reasonable program for a covered entity to implement…”
Canada Free Press, Mar. 15
A legally binding international convention or treaty to prevent misuse of cyber technologies is highly unlikely to happen. Among other things, ideological differences over the degree of governmental regulation of the Internet in the name of “security,” including the circumstances in which imposing restrictions on access and content can ever be justified, have prevented international consensus.
HealthIT Security, Feb. 22
61 percent of respondents said they are using the NIST Cybersecurity Framework, while 36 percent said they utilize HITRUST. Approximately one-third – 36 percent – also reported that they use ITIL.
Oil & Gas Financial Journal, Feb. 20
The energy sector bears the risk that hackers could access company databases and control systems for the malicious purpose of causing mayhem, tangible business disruption, or destruction to people and property. We offer five tips on how energy companies can mitigate their legal liability from cyberattacks…
Veridian Credit Union alleges that credit unions, banks and other financial institutions have been left to to pick up the pieces after Eddie Bauer’s failure to employ adequate security measures opened the door to a security breach that compromised shoppers’ credit and debit card information from Jan. 2 to July 17 of 2016.
Tax-News, Mar. 15
The Australian National Audit Office (ANAO) has said that the tax office must improve its cybersecurity arrangements. The ANAO recommended that the organizations concerned periodically assess their cybersecurity activities to provide assurance that they are accurately aligned with the outcomes of the Government’s mitigation strategies, and their own IT security objectives…