October 23, 2024 at 07:33PM Pennsylvania State University will pay $1.25 million to settle Justice Department claims of misleading cybersecurity compliance. Allegations stem from a whistleblower lawsuit, stating Penn State failed to implement required NIST security standards for sensitive data in contracts with the Pentagon and NASA. The settlement does not imply guilt. **Meeting Takeaways: … Read more
October 22, 2024 at 08:04AM The Council of the European Union has adopted the Cyber Resilience Act, ensuring connected devices meet new cybersecurity standards before market release. This law enhances existing regulations and provides consumers with clearer options for secure products, featuring a “CE” label for compliance. The act will take effect in 2027. **Meeting … Read more
October 7, 2024 at 10:10AM The US government’s move towards cyber regulation, a politically sensitive and intricate task, demands a strategic approach. To execute this, the Office of the National Cyber Director (ONCD) should establish a new office to oversee regulation, integrating harmonization, strategy development, and implementation. The US government faces a crucial opportunity to … Read more
July 26, 2024 at 10:01AM Cybersecurity compliance remains a priority for private organizations and government bodies, with new regulations being proposed. While regulations offer leverage for improving security processes, they also increase the burden on chief information security officers (CISOs) to navigate cost containment, trust-building, and compliance. It’s crucial to clarify security responsibilities beyond the … Read more
March 21, 2024 at 09:45AM The text emphasizes the growing significance of cybersecurity risk management and the implementation of regulations to improve cybersecurity standards. It highlights the accountability of senior leaders, the challenges in achieving compliance, and the role of threat intelligence in managing cyber risk. Ultimately, it encourages a positive mindset towards cybersecurity compliance … Read more
February 23, 2024 at 01:41PM Companies and CISOs face potential fines from the SEC if cybersecurity and data-breach disclosure processes don’t comply with new rules. The SEC can use various enforcement tools, including injunctions, disgorgement, penalties, and barring individuals from roles. CISOs are concerned about personal liability and executives and companies may face reputational damage … Read more