The White House recently released a comprehensive national cybersecurity strategy that is sure to have a major impact on government agencies as well as private businesses.
The Biden-Harris administration has been percolating a comprehensive cybersecurity strategy for some time and in early March released the aptly named “National Cybersecurity Strategy.” The 35-page document was created to help strengthen cybersecurity on a national level and address the lessons learned from the advanced cyberattacks that have taken place over the last few years.
ISO 27001:2022 — Key Changes and Approaches to Transition
This article will address the changes and updates to the ISO 27001 standard published on October 25, 2022, and the approaches organizations can take to implement the changes introduced. There have been significant advancements in technology, as well as an increase in the complexity of security threats, since the last iteration of ISO 27001 was published on September 25, 2013. The changes introduced in the ISO 27001 and the Annex A controls aim to provide guidance on improving the governance around the implemented security controls and addressing risks introduced by emerging security threats. As organizations begin the transition process to ISO 27001:2022, they should factor in changes that may be needed across their security processes and updates to their policies, procedures and standard. Transition to the new version should be completed by October 31, 2025, and will require planning, education, staff and budget to accomplish.
Disclosing the Business, Operational and Financial Impacts of Cyber Risk
In March 2022, the U.S. Securities and Exchange Commission (SEC) proposed a new rule on cyber risk management, strategy, governance and incident disclosure. It is as multifaceted as it sounds, and it would require certain SEC registrants to report material incidents within four business days and to make a number of disclosures pertaining to cybersecurity incidents, protocols and risk management strategies. The proposed rule is a response to the ongoing risk cyber threats pose to public companies and their stakeholders. In January 2023, it entered the SEC’s final rule stage.
The Real Date of the Quantum Computing Apocalypse and What the White House Says We’ll Do About It
Will quantum computers be able to crack RSA this decade? Maybe. But figuring out that exact date is not what you and your organization should be worried about. A memorandum issued by the White House reveals when the quantum computing apocalypse will begin as far as information security boots on the ground are concerned. Join The Post-Quantum World podcast host Konstantinos Karagiannis for a deep dive into the NSM-10 memo and its near-term ramifications for the private sector.
Don't Miss This One! (Or Watch on Replay)
Thursday, March 16, 1 p.m. EST — Protect and Govern Your Sensitive Data With Microsoft Purview
Data protection is top of mind for every organization. However, it’s never been harder to understand and govern an organization’s sensitive information and safeguard all your data across platforms, apps and clouds. Microsoft Purview brings together trusted products for governance and compliance under one umbrella so it’s easier to manage all of your data, even if it’s not stored on Microsoft platforms. Help keep your organization’s data safe with a range of solutions for unified data governance, information protection, risk management and compliance. Microsoft Purview secures your most important asset: your data. If you miss the live webinar, use the registration link below to watch on replay.
By Amanda Downs and Alina Zamorskaya
Technical debt is no longer just a “technical” problem. As recent, widely publicized events have shown, it is a business problem that can have serious consequences for organizations. The government and Congress are taking notice of unfair consumer experiences, and it is crucial for businesses to address their technical debt and minimize the risk of negative press, government fines and damaged reputations.
By Gulsen Saul
Every cybersecurity organization, through its program maturity journey, grapples with the challenge of choosing and aligning with a security framework. Frameworks provide structure, but also allow the organizations to evaluate their program internally, as well as against industry peers. Let’s take a closer look at some of the most common security frameworks used within the industry, including key considerations when selecting one and pitfalls to avoid.