NIST Releases New Guidance for Assessing Risk

On September 1, the National Institute of Standards and Technology (NIST) released a new report that outlines the need for determining risk priorities and outlines options for properly treating risk. NISTIR8286B; Prioritizing Cybersecurity Risk for Enterprise Risk Management describes how risk priority and response information should be added to a cybersecurity risk register (CSRR). The…
Read More
Privacy

Data Privacy Update Q3 2021

In our latest update of the data privacy landscape, we look at legislative developments in Virginia, Colorado, New York, and China, and we offer insights on current trends affecting how businesses approach data privacy readiness and governance. New and noteworthy Virginia’s VCDPA Virginia has become the second U.S. state (after California) to enact a broad, multiple-rights…
Read More

Why Data Security and Legal Should Be Friends

Within a corporation, teams jockey for resources and promote their roles within the enterprise. It sometimes seems like important parts of the company are working at cross-purposes. Marketing wants the freedom to make promises and compliance holds them back. Production needs a hiring spree and finance says “no.” IT finds the new systems demanded by…
Read More
Data Governance

The Ultimate Guide to Data Governance

The world of data management and analytics has come a long way since 1970, the year IBM mathematician Edgar F Codd introduced his “relational database” framework. A precursor to modern data lakes and other data management systems, it was the first to store information in a hierarchical format and make data easily accessible to anyone,…
Read More
NIST

Implementing the NIST Privacy Framework – Govern Function

The National Institute of Standards and Technology (NIST) Privacy Framework is a widely known control set used to assist organizations in identifying privacy risks within their business environment and allocating resources to mitigate these risks. Our team previously published an article outlining the best ways to leverage the NIST Privacy (NIST-P) Framework to assess data privacy posture,…
Read More
NIST

Implementing the NIST Privacy Framework – Identify Function

The National Institute of Standards and Technology (NIST) Privacy Framework, published in January 2020, is quickly becoming the mainstream control set for organizations to align with when assessing their data privacy posture, developing readiness roadmaps, and maturing their privacy program. We have previously written about how the controls in the NIST Privacy can be mapped to…
Read More
UK

UK Proposes Reforms to Data Protection Laws

On 10 September 2021, the UK Government’s Department for Digital, Culture, Media, and Sport (DCMS) published its long-awaited proposals for reform of the country’s data protection laws. The consultation paper includes a detailed and comprehensive set of suggested amendments to the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communications Regulations (PECR), with…
Read More
Data Privacy

New Data Protection Agencies are Forthcoming

When we think about data privacy legislation, we usually think about rules, regulations, guidelines and best practices. However, not every data privacy bill on the Senate floor is concerned with telling businesses how to handle their data. A handful of legislators are proposing internal structural changes within government to better-regulate the morphing issues of data…
Read More
Cybersecurity

The 3 Biggest Mistakes the Board can Make around Cybersecurity

Although the topic of cybersecurity is now definitely on the board’s agenda in most organizations, it is rarely a fixed item. More often than not, it makes appearances at the request of the Audit & Risk Committee or after a question from a non-executive director, or – worse – in response to a security incident…
Read More
Cybersecurity

Infrastructure Bill Allocates Nearly $2 Billion to Cybersecurity 

On Tuesday, the U.S. Senate approved a $1 trillion infrastructure package, which it has passed along to the House for approval. The package includes a variety of bills that allocate spending toward critical infrastructure, including roads, railways, bridges, electric vehicles, and telecom companies. The package also allocates more than $1.9 billion toward cybersecurity. The move…
Read More
Back To Top