Governance

Looking Through the Different Filters of the CISO and the Board

Looking Through the Different Filters of the CISO and the Board 450 270 JustinSilbert
By Justin Silbert. Perhaps the most misunderstood challenge of the modern day CISO continues to be communication with the Board of Directors.  The task seems simple, but there is major disconnect between the CISO and the Board. According to the Cyentia Institute’s 2017 Cyber Balance Sheet report, “even basic questions on the value of cybersecurity [...]read more

The Virtual Future of the CISO

The Virtual Future of the CISO 2160 1440 JustinSilbert
By Justin Silbert, GCIH, GCFE, CISSP. Just last week, the city of Atlanta became known as the latest victim of cyber crime, a ransomware attack crippling the city for 5 days. As admitted by the Atlanta Mayor, cyber security was not made a priority and they suffered greatly because of it. And Atlanta is not [...]read more

Security Provisions Negotiation in the Wake of the OCC Risk Report

Security Provisions Negotiation in the Wake of the OCC Risk Report 640 426 SethJaffe
By Seth Jaffe. The “severity of cyber threats is increasing.” It’s something most of us inherently understand, but now we have the Department of the Treasury’s Office of the Comptroller of the Currency (“OCC”) weighing in with its Fall Risk Report for banks and savings associations.  The OCC has been sounding the alarm for years [...]read more

Proposed Data Breach Prevention and Compensation Act of 2018

Proposed Data Breach Prevention and Compensation Act of 2018 1280 480 SethJaffe
In what appears to be a direct response to last year’s Equifax Breach, Senators Elizabeth Warren and Mark Warner introduced, this week, the Data Breach Prevention and Compensation Act, directly targeting large Credit Reporting Agencies (“CRAs”) like Equifax, Experian, and TransUnion. The Act comes with quite a sting, allowing for fines of up to 75% [...]read more

SWIFT Security Controls Framework Advisory Controls

SWIFT Security Controls Framework Advisory Controls 640 240 SethJaffe
By Seth Jaffe. Our prior article on compliance with the SWIFT Security Controls Framework focused on those controls designated mandatory by the Society for Worldwide Interbank Financial Telecommunication. But SWIFT included, in its framework, eleven advisory controls that are worth mentioning. They are: Implement confidentiality, integrity, and mutual authentication mechanisms to protect back office data [...]read more

SWIFT Security Controls Framework Goes into Effect

SWIFT Security Controls Framework Goes into Effect 1920 720 SethJaffe
By Seth Jaffe. For banks and financial institutions using the Society for Worldwide Interbank Financial Telecommunication (“SWIFT”) network, the new year brought a requirement to self-attest compliance against new mandatory and, optionally, advisory controls promulgated by SWIFT through its Customer Security Controls Framework. Security professionals will recognize these controls as generally standard in the industry, [...]read more

Board of Director’s Obligations to Understand Cyber Risk

Board of Director’s Obligations to Understand Cyber Risk 1024 683 SethJaffe
By Seth Jaffe for the Cyber Governance Corner. It is no secret that, as an industry, information security suffers from a worker shortage. The Center for Cyber Safety and Education’s 2017 Global Information Security Workforce Study concluded that the most common reason is a lack of qualified personnel. But the next most common reason is [...]read more

Transition Period Ends for the NY State Cyber Security Law

Transition Period Ends for the NY State Cyber Security Law 640 426 SethJaffe
By Seth Jaffe. Today ends the 180-day transition period under New York’s Cyber Security Regulation 23 NYCRR Part 500. Covered entities are expected to be in compliance with roughly seven of the sixteen discrete sections.[1]  By August 28, 2017 covered entities must meet the following:   Cyber Security Program (§500.02): maintain a cyber security program [...]read more

Director Duties Related to Cyber Security

Director Duties Related to Cyber Security 640 240 SethJaffe
By Seth Jaffe. There is an interesting infographic circulating social media this summer from David McCandless over at Information is Beautiful.  It distills the largest data breaches into floating graphic bubbles, represented by the size of the breach.  This type of imagery, while interesting for those of us in cyber security, must be moderately terrifying [...]read more

Cyber Governance Corner – Overview

Cyber Governance Corner – Overview 640 240 SethJaffe
By Seth Jaffe. Gone are the days where data protection was left solely to the IT department.  Today, cyber risk is constantly on the minds of corporate leadership, and it is a board-level responsibility.   In this on-going, multi-part series, we will review director obligations related to cyber security risk management, methods to mitigate that risk, [...]read more