Talking About the Global Impact of Cybersecurity, Law, and Business Risk
I am super excited to share that next week I will be headed to Charlotte, North Carolina to speak at one of my absolute favorite conferences each year — the United States’ preeminent cybersecurity conference — SecureWorld! On Wednesday, March 1, 2023, I will be leading a full day workshop for SecureWorld Plus registrants on …
Continue reading “Charlotte, NC Area Friends – Join me at SecureWorld Charlotte on March 1 & 2!”
“While this is an oversimplification of all of the requirements and nuances of the forthcoming SEC rules, the SEC’s objectives are to require companies to provide meaningful and actionable information to shareholders to better understand companies’ cyber risks and how companies are managing and responding to them. From a very high level, this can be …
Continue reading “SEC Continues to Emphasize Importance of Cybersecurity and Cyber Risk Governance”
On December 14, 2022, the U.S. Department of Health and Human Services Office of Civil Rights published a notice of a settlement with a dental practice over disclosures of patients’ protected health information over social media. Here is the full version reproduced below: Date: Wed, 14 Dec 2022Subject: HHS Civil Rights Office Enters Settlement with …
Shawn Tuma provided the Texas Bar Journal’s 2022: The Year In Review – Cybersecurity & Data Privacy Update which addressed the following issues: updated Texas cyber event notification requirements for Texas state banks Texas AG enforcement of data protection laws federal and state hacking laws former owner of company accessing company network attorney immunity for …
Hopefully you saw my recent post “Data is the hot potato!” and data minimization lessons from the FTC’s Drizly case and it reinforced in your mind just how important it is to focus on the data when we are talking about cyber and privacy risk management. If it didn’t, that’s ok, here’s another reminder. My …
On October 31, 2022, the U.S. Department of Health and Human Services Office of Civil Rights provided guidance titled OCR Releases New Recognized Security Practices Video. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for all organizations — healthcare and non-healthcare …
Thank you, Jamie Sorley!I have a few sayings about cybersecurity and data privacy but one of my favorites is “data is the hot potato!” When doing presentations, I love to have the attendees chant over and over in unison, “Data is the hot potato! Data is the hot potato! Data is the hot potato!” This …
On October 25, 2022, the U.S. Department of Health and Human Services Office of Civil Rights in its October 2022 OCR Cybersecurity Newsletter provided guidance titled HIPAA Security Rule Security Incident Procedures. This guidance is not only a must-read for all healthcare “covered entities,” especially small and midsize organizations, but it is excellent advice for …
“Data is the hot potato!” – Shawn Tuma It was great to be a guest on The Above Board Show hosted by my friends Gary Latham, Raf Los, and Grant Sewell where we discussed what “The Board” needs to know about security incidents and getting prepared for the worst day ever for the company. The …
Continue reading “Security Incidents and Your Board Pt.3 – The Above Board Show”
“Amateurs talk about strategy and tactics. Professionals study logistics.” – General Omar Bradley It was great to be a guest on The Above Board Show hosted by my friends Raf Los and Grant Sewell where we discussed what “The Board” needs to know about security incidents and getting prepared for the worst day ever for …
Continue reading “Cyber Incident Response Preparation and Your Board Pt.2 – The Above Board Show”
You must be logged in to post a comment.