Risk News

Exchange body issues cyber security best practice guidelines
"The global trade association for exchanges has issued a set of cyber security best practice guidelines that proposes reducing bonuses for staff who fail tests and including awareness in performance indicators."
Annie's take:

Tying performance to bonuses will get their attention.
CISOs' No. 1 Concern in 2018: The Talent Gap
"The top concern among CISOs for 2018 falls outside the typical realm of attacks, employee negligence, or staffing shortages, according to findings released this week in a Ponemon Institute Survey."
Annie's take:

No surprises here. The UW information security/cyber Informatics and master's degree programs are helping to turn out qualified candidates.
Who should be responsible for cybersecurity?
"The news today is flush with salacious stories of cyber-security breaches, data held hostage in brazen ransomware attacks, and compromised records and consumer information."
Annie's take:

Good piece.
Think you are in control? Think again! New Data Protection Regulations Are Here
"If a stranger on the street asked me for my address and credit card details, I would be suspicious and would think about calling the police. However, multiple organizations are often collecting and saving this type of data all the time, usually without my consent. Unfair, don’t you think?"
Annie's take:

The new Global Data Protection Regulations should filter down to us Americans after August, when all the large tech companies have complied in order to do business in Europe.
Donald Trump's 'racist slur' provokes outrage
"US President Donald Trump has sparked outrage after he was reported to have used crude language to describe foreign countries in an Oval Office meeting."
Annie's take:

He can try to gloss over what he said in the meeting, but by now everyone (his supporters and the rest of us) know that is how he think and how he speaks. To friends and colleagues all over the world, I offer an apology on his behalf. And mine.
House Passes Bill Authorizing Array of Foreign Electronic Surveillance
"The House on Thursday approved an extension of an expiring surveillance law, reauthorizing the FISA Amendments Act through 2023."
Annie's take:

The bill was passed without any modifying amendments. If ever you needed a reason to get out and vote, this is it.
Can we really automate how security analysts think?
"In some conversations with security leaders, I inevitably run into a skeptic view that automation will never be able to replicate the decision making of security analysts. The truth is we can already automate a lot more of the decision making today than was possible just a couple of years ago."
Annie's take:

A good article.
Our Darkest Hour is Still Ahead
"Just like that, we are in a new year."
Annie's take:

My thoughts on the changes that have taken place this past year in our democracy
Cellphone and Computer Searches at U.S. Border Rise Under Trump
"Customs officers stationed at the American border and at airports searched an estimated 30,200 cellphones, computers and other electronic devices of people entering and leaving the United States last year — an almost 60 percent increase from 2016, according to Homeland Security Department data released on Friday."
Annie's take:

Here's another case or two for the Supremes.
Contractors Must Contend With New Cybersecurity Rule
"The April 2017 issue of National Defense reported on key aspects of the Defense Department rule on “Safeguarding Covered Defense Information and Cyber Incident Reporting” and actions that contractors could take to implement the rule."
Annie's take:

Now we're making progress!
“Meltdown” and “Spectre”: Every modern processor has unfixable security flaws
"Windows, Linux, and macOS have all received security patches that significantly alter how the operating systems handle virtual memory in order to protect against a hitherto undisclosed flaw."
Annie's take:

This is the clearest analysis I've read.
NAIC Adopts Model Law on Cybersecurity: Will States Adopt It?
"On Oct. 24, the National Association of Insurance Commissioners (NAIC) formally approved the Insurance Data Security Model Law (model law). The NAIC is a standard setting and regulatory support organization consisting of the top insurance regulators from the 50 states, District of Columbia, and five U.S. territories."
Annie's take:

I am very anxious to see where this goes.
The everyday attacks in modern cyber warfare
"The Department of Homeland Security has identified 16 critical parts of our infrastructure that are at risk for a cyber attack — energy, financial services, transportation, water, and defense, to name a few."
Annie's take:

Nibbled to death.