3 Legal Points for InfoSec Teams to Consider Before an Incident

As a teaser to my presentation at SecureWorld - Dallas last week, I did a brief interview with SecureWorld and talked about three of the points I would make in my lunch keynote, The Legal Case for Cybersecurity. If you're going to SecureWorld - Denver next week, join me for the lunch keynote on Thursday (11/2) [...]

Does blasting the SEC for failing to act on warnings help cybersecurity?

On the heels of the Equifax breach, the United States Securities and Exchange Commission (SEC) disclosed on September 20, 2017, that it had been hacked way back in 2016. It further disclosed that about a month ago it learned the hackers may have used their access for illegal online trading. With the SEC's regulatory enforcement [...]

Uber’s Settlement With FTC Emphasizes Companies’ Need for Cyber Risk Management Programs

The FTC and Uber have settled the enforcement action the FTC brought against the company. This action stems from Uber's data breach of more than 100,000 individuals' PII despite its promises that their data was "securely stored within our databases." The FTC found this promise was misleading when compared with the actions the company was [...]