blur of audience in crowded auditorium

“Gone are the Days of Rigid Lines of Defense”

Posted by - July 17, 2018
Key Insights and Trends from the MetricStream GRC Summit 2018 MetricStream’s 2018 Summit in Baltimore saw several hundred business executives, government leaders, GRC practitioners and industry analysts gather to talk GDPR, strategies and solutions for building better governed, more compliant organizations and more. Gaurav Kapoor, MetricStream’s Chief Operating Officer, shines…
businessman pressing digital, illuminated padlock

How Legacy MSSPs Increase Cybersecurity Risks

Posted by - July 16, 2018
Why an Evolved Security Strategy is Critical Jordan Mauriello, Chief Technology Officer of Critical Start, discusses how the operational model of legacy managed security service providers (MSSPs) can actually leave organizations more vulnerable to cyberattacks, increasing the risk of security breaches and potential compliance issues. Today’s Security Landscape Today, the…
doctor working on tablet

Are Health Care Organizations Protecting Data as Well as They Think?

Posted by - July 10, 2018
8 Tips to Strengthen Your Data Security Practices The more often data is handled, the greater the risk of a compliance failure, and some of the most sensitive data is entrusted to an industry that struggles to protect it sufficiently. In this article, Gretel Egan of Wombat Security, a division…
rubber "fail" stamp

90 Percent GDPR-Audit Failure Rates Ahead

Posted by - June 29, 2018
(And That’s OK) The penalties for GDPR violations can be ruinous. But do organizations need to worry? Terry Ray suggests that while compliance is necessary, most companies can rest easy. May 25 has come and gone. The European Union’s General Data Protection Regulation (GDPR) has gone into effect. The first…
cloud icon between tablet and laptop

Update Your WAN Strategy and Secure Your Company Network

Posted by - June 26, 2018
Key Considerations When Choosing a Solution Security embedded in an SD-WAN-enabled appliance cannot simply be downgraded to perfunctory specs and held hostage to SD-WAN’s greater mission of pushing packets through pipes as seamlessly as possible. In today’s cyber-threat environment, SD-WAN-plus-security offerings need to be assessed more carefully in order to…

Governing Cybersecurity: Cybersecurity committees on the rise

Posted by - June 11, 2018
Independent Oversight Meets the SEC Ron Kral discusses the the emerging trend of cybersecurity committees that are being created as companies recognize the need to create independent oversight of cyber risks. Cybersecurity risks pose grave threats to investors, our capital markets, and our country.[1] This is the opening sentence of…

Yahoo Settlement Reflects Important Role of Cybersecurity Whistleblowers

Posted by - May 22, 2018
Reflecting Pressure on Companies to Address Cybersecurity Deficiencies Yahoo recently agreed to pay the Securities and Exchange Commission $35 million to resolve claims that the company misled investors by failing to disclose a massive cybersecurity breach.  Cybersecurity whistleblowers should feel empowered by this news, which follows other efforts by the SEC…
illuminated padlock on laptop screen

The SEC’s Latest on Disclosures

Posted by - April 17, 2018
New Guidance Mandates Greater Attention to Cybersecurity Planning The SEC’s recently issued guidance is just the latest indication that government regulators want companies to improve both their overall cybersecurity and incident response and notification procedures. Businesses must adopt and maintain the types of systems and procedures described in the guidance…
file folders connected by a server

Why Organizations Need an Information Asset Register

Posted by - April 11, 2018
Guidance for Information Governance Guardians Every business relies on information assets to assist with daily functions. Today’s increased cybersecurity risks call for organizations to monitor their data closely in an effort to classify and protect it. While this is a difficult task to undertake, companies can to utilize an Information…
biometric screening of a thumbprint

New SEC Guidance Prioritizes Cybersecurity Disclosures for Public Companies

Posted by - April 6, 2018
The Case for a Risk-Based Approach New SEC rulings on cybersecurity disclosures for public companies went into effect just a month ago, acknowledging the rapidly evolving nature of cybersecurity threats and the increasing sophistication of attacks, including the use of stolen credentials, malware, ransomware and phishing. The overwhelming number of corporate breaches…
hacker behind multiple computer screens

Who Is Watching The Watchmen?

Posted by - March 29, 2018
CFTC Penalizes Registrant for Outsourced IT Security Lapses Last month, the CFTC settled charges against an organization for its failure to ensure the security of its’ customers’ records and information. The registrant’s third-party vendor gained unauthorized access to more than 90,000 records, and the CFTC’s charges make clear the risks…
venn diagram illustrating overlapping interests

SEC & FINRA: 4 Shared Regulatory Priorities

Posted by - March 19, 2018
Where Firms Should Concentrate Compliance Efforts In the past few months, both the SEC and FINRA issued guidance concerning their regulatory priorities for the coming year. Both of the agency’s annual priorities letters address a large number of diverse topics. Experts from Baker Donelson discuss where the SEC’s and FINRA’s concerns…