Cybersecurity Governance News – 3/4/16
The technological elements of cybersecurity remain the easiest to regulate and build. The human elements, on the other hand, require changes that many companies are too slow in adopting.
CSO, Mar. 1
A surprising 90% of corporate board members said that regulators should hold businesses liable for breaches if they were negligent with customer data or failed to have reasonable security in place.
DHHS Office for Civil Rights, Feb. 2016
Organizations that have already aligned their security programs to either the NIST Cybersecurity Framework or the HIPAA Security Rule may find this crosswalk helpful as a starting place to identify potential gaps in their programs. Addressing these gaps can bolster their compliance with the Security Rule…
WIRED, Feb. 26
The initial IRS report indicated that 114,000 accounts had been compromised. It revised that number last August, raising it to 334,000. On Friday, the IRS added another 390,000 accounts to the pile, for a total of well over 700,000 people…
Security Intelligence, Feb 17
54% acknowledged risks from organized crime groups. However, many tend to overemphasize the risks from opportunistic rogue actors and discount the dangers from other sources such as industry spies, domestic and foreign governments and inside personnel…
BusinessWire, Feb. 25
According to the survey, nearly one third of executives reported experiencing three or more cyberattacks on their company in 2015. Thirty-five% of respondents either do not know or are not sure what legally constitutes a data breach in their state, and nine percent of executives report that they are never briefed on cybersecurity matters.