Uber's Chief Information Security Officer (CISO), John Flynn, made a case for a uniform national data breach notification law in his testimony to members of Congress (see penultimate paragraph of full written testimony): I would like to conclude by stating that we strongly support a unified, national approach to data security and breach standards. We are … Continue reading Uber’s CISO Makes Case for Uniform National Data Breach Notification Law
As bits of information about the Uber data breach have trickled out, including the purported payment through a bug bounty program, I have been concerned about the implications on legitimate corporate bug bounty programs. My concerns grew when I read the New York Times article, Inside Uber’s $100,000 Payment to a Hacker, and the Fallout. … Continue reading Uber CISO’s Testimony Clarifies Payment to Hackers was Not Legitimate Use of Bug Bounty Program
The following testimony excerpts are very similar to what the #CyberAvengers have been preaching, and for good reason, it is the truth. Checkout the #CyberAvengers Tools for where to begin. Richard Driggers, DHS deputy assistant secretary for the cybersecurity and communications, said that basic computer hygiene, such as regular software updates, could keep small businesses … Continue reading House panel to DHS, FBI: help small biz with cybersecurity – start with good cyber hygiene
Fresenius Medical Care North America (FMCNA) has agreed to pay $3.5 million to the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), and to adopt a comprehensive corrective action plan, in order to settle potential violations of the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. FMCNA … Continue reading FMCNA to Pay $3.5 Million for Non-Compliance with HIPAA’s Risk Analysis and Risk Management Rules
The push for a single uniform national data breach notification law gained strength in the wake of the Equifax breach. Now proposed legislation in North Carolina would amend its law in a way that would add momentum to this push. And, now South Dakota is tired of being one of only two states without a … Continue reading State data breach notification law mishmash would get worse with proposed NC and SD legislation — is instant notification by clairvoyant next?