Following the outstanding SecureWorld Boston event, my friends at SecureWorld shared Highlights and Insights from SecureWorld Boston 2023 and were kind enough to include a few quotes from my lunch keynote — let me know what you think and please offer your perspective on these ideas: For my friends in the Houston area, get ready,…
Category: Cybersecurity Law
Join me and #EnterpriseUniversity for Real-World Cyber Risk Management and Resilience Planning on March 28, 2023!
On Tuesday, March 28, 2023, I will be teaching a class on Real-World Cyber Risk Management and Resilience Planning as part of #EnterpriseUniversity Enterprise Bank & Trust’s education program for business leaders and professionals! Join me for this course, and take a look at all of the live, virtual courses available at no cost to…
HHS Releases HPH Sector Cybersecurity Framework Implementation Guide to Help Healthcare Organizations Leverage NIST Cybersecurity Framework
On March 8, 2023, the U.S. Department of Health and Human Services (HHS) released its HPH Sector Cybersecurity Framework Implementation Guide (the Guide) to help healthcare organizations leverage the NIST Cybersecurity Framework. This Guide is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for…
Boston Area Friends – Join me for the lunch keynote at SecureWorld Boston on March 23!
I am super excited to share that next week I will be headed to Boston to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Thursday, March 23, 2023, I will present the lunch keynote on Cybersecurity Really Is a Team Sport, since folks…
The White House Cybersecurity Plan – the Devil is in the Details
“The devil is in the details” — that about sums up my take on the White House Cybersecurity Plan. Many thanks to Lily Newman for including this and some other points from our discussion in her Wired article The High-Stakes Blame Game in the White House Cybersecurity Plan. I appreciate that the Administration is talking…
Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!
I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on…
SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be…
Dental Practice Responses to Online Reviews Cost $23,000 Settlement with OCR for Impermissible Disclosure of PHI
On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with…
Shawn Tuma Provided Texas Bar Journal 2022 Cybersecurity & Data Privacy Year in Review Update
Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws federal and state hacking laws former owner of company accessing company network attorney immunity for…
“Data is the hot potato!” — some data governance lessons from the Twitter Whistleblower Testimony
Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn’t, that’s ok, here’s another reminder. My…
You must be logged in to post a comment.