LEO

A Cyber Security Concern

Transition Period Ends for the NY State Cyber Security Law

Transition Period Ends for the NY State Cyber Security Law 640 426 SethJaffe
By Seth Jaffe. Today ends the 180-day transition period under New York’s Cyber Security Regulation 23 NYCRR Part 500. Covered entities are expected to be in compliance with roughly seven of the sixteen discrete sections.[1]  By August 28, 2017 covered entities must meet the following:   Cyber Security Program (§500.02): maintain a cyber security program [...]read more

Director Duties Related to Cyber Security

Director Duties Related to Cyber Security 640 240 SethJaffe
By Seth Jaffe. There is an interesting infographic circulating social media this summer from David McCandless over at Information is Beautiful.  It distills the largest data breaches into floating graphic bubbles, represented by the size of the breach.  This type of imagery, while interesting for those of us in cyber security, must be moderately terrifying [...]read more

Cyber Governance Corner – Overview

Cyber Governance Corner – Overview 640 240 SethJaffe
By Seth Jaffe. Gone are the days where data protection was left solely to the IT department.  Today, cyber risk is constantly on the minds of corporate leadership, and it is a board-level responsibility.   In this on-going, multi-part series, we will review director obligations related to cyber security risk management, methods to mitigate that risk, [...]read more

Colorado’s Financial Services Cyber Security Law Goes Into Effect

Colorado’s Financial Services Cyber Security Law Goes Into Effect 640 240 SethJaffe
By Seth Jaffe and Justin Silbert In the wake of the NY State Financial Law on cyber security, the Division of Securities of the Colorado Department of Regulatory Agencies has adopted amendments to its securities act that would impose cyber security requirements on both investment advisors and broker-dealers.  The new rules go into effect on [...]read more

The Extended Perimeter: Evaluating Third Party Risk

The Extended Perimeter: Evaluating Third Party Risk 640 240 JustinSilbert
By: Justin Silbert The days of self-contained organizations are obsolete. Through supply chain, distribution channels, service providers, facility maintenance, or outsourced services, we are all dependent on other businesses to keep our environments secure. That is, we are increasingly dependent on other people for our security. From the Target breach to the recent Petya outbreak, [...]read more

Petya Ransomware: What You Need to Know and Do

Petya Ransomware: What You Need to Know and Do 640 240 AndrewHay
By: Andrew Hay Unless you’ve been away from the Internet earlier this week, you’ve no doubt heard by now about the global ransomware outbreak that started in Ukraine and subsequently spread West across Western Europe, North America, and Australia yesterday. With similarities reminiscent to its predecessor WannaCry, this ransomware attack shut down organizations ranging from [...]read more

SEC Alert in the Wake of the WannaCry Attack

SEC Alert in the Wake of the WannaCry Attack 150 150 JustinSilbert
By: Justin Silbert and Seth Jaffe In the wake of the WannaCry ransomware attack, the SEC issued an alert last month revisiting findings from a 2015 report by the Office of Compliance and Examinations (“OCIE”). Upon examining a number of broker-dealers, investment advisors, and investment funds, the OCIE concluded that 26% of investment management firms [...]read more

Instrumenting the Enterprise, Part 1

Instrumenting the Enterprise, Part 1 150 150 BrianKellogg
By: Brian Kellogg Starting axioms: Order of priority should be; People, Process, and then Product. All prevention fails. Any preventative solution needs to augment detection mechanisms. Security monitoring and subsequent event investigation is often very difficult and requires a strong breadth and depth of experience. When starting a security monitoring program, how do you determine [...]read more

There’s a CISO for Every Company. Unless There Isn’t.

There’s a CISO for Every Company. Unless There Isn’t. 150 150 JustinSilbert
By: Justin Silbert Even though the internet is becoming the world’s newest battlefield, federal cyber security regulation is slow to be enacted and applicable to only a few industries such as healthcare and government itself. But some states are not waiting for Congress, stepping forward to pass legislation aimed at protecting their own economy. In [...]read more

Diving into the Issues: Observations from SOURCE and AtlSecCon

Diving into the Issues: Observations from SOURCE and AtlSecCon 150 150 AndrewHay
Last week I had the pleasure of presenting three times, at two conferences, in two different countries: SOURCE in Boston, MA and at the Atlantic Security Conference (AtlSecCon) in Halifax, NS, Canada. The first event of my week was SOURCE Boston. This year marked the tenth anniversary of SOURCE Conference and it continues to pride [...]read more

NIST Incident Management: A Condensed Version

NIST Incident Management: A Condensed Version 150 150 GlennSweeney
By: Glenn Sweeney Day by day within our cyber security world, we ask ourselves, “Will I own the day or will the day own me?” Well, if you have a proven incident response management plan, then the day should be yours. If not, we all know what can happen when that dreaded breach occurs -- [...]read more

“Plenty of Tools, Not Enough Talent: The Inspiration for LEO”

“Plenty of Tools, Not Enough Talent: The Inspiration for LEO” 150 150 MikhailSudakov
Today’s business landscape is at a crossroads from a technology standpoint. The advent of cloud, virtualized and hybrid platforms has created tremendous advantages and opportunities, for businesses across industries, but with these benefits come serious potential vulnerabilities. A new philosophy must be adopted from the boardroom to the data center to survive in this new [...]read more