Managing your security program is challenging, especially with compliance requirements evolving.
Here is a quick overview of the regulatory landscape for 2023. This reference provides links to the law or rules. It also includes references to help you make informed decisions on priorities, resources and technology to manage your risk.
Herff Jones has been in business for over a century, selling graduation products such as caps and gowns, class rings and yearbooks to students and their parents to help mark their educational accomplishments. On May 12, 2021, the company posted a red banner on the top of its homepage that read “HERFF JONES CYBER SECURITY INCIDENT UPDATE.” The company was the victim of a data breach that occurred between August 1, 2020, and April 30, 2021. The attackers managed to place malware on the company’s servers that was then used to capture customer payment card information. This event resulted in a litigation suit affecting thousands of students and parents from across the country.
(more…)
In Archive360’s Podcast Episode 29: What is “Reasonable Data Security”?, Bill Tolson and Chris Cronin, Partner, Governance and Engineering Practice at HALOCK Security Labs try and define “reasonable data security” – a term that continually appears in every states’ privacy law or proposed legislation. But what is “reasonable data security”? Today, there is no prescriptive definition for “reasonable data security”. Chris Cronin will share what he tells his clients and the best policies and procedures for staying compliant.
A review of recent developments and news on ‘reasonable security’ and the impact on the cybersecurity industry. Stay updated to see how they could affect your organization.
As regulations and privacy laws require ‘reasonable security’, we are seeing more organizations focusing on their duty of care to all interested parties. We are finding more references to ‘reasonableness’ in breach litigation and security programs. The goal is to have all relevant teams involved in analyzing the appropriate risk for your unique business environment. It is a positive sign that there are increased efforts to incorporate all perspectives to mitigate risk and manage cyber threats – and finding a common language to do so. And more importantly, developing a security program holistically.
Join us today Tuesday, June 21, 2022 at 1:00 PM ET for the CIS RAM v2.1 workshop. HALOCK partner Chris Cronin will be presenting the latest release which includes Implementation Group 3 (IG3).
Recent developments and news on ‘reasonable security’ Understand how these updates may impact your risk and security strategies.
As cyber threats continue to advance, we are seeing more regulatory changes to help safeguard data. We are also seeing more litigation as victims of breaches try to recoup their losses. The key question that impacts both developments is “Did the breached organization practice Duty of Care?”