Blog and News
Don’t call it an incident – yet
This is a post that I wrote for Claroty and is available on their website at: Don’t Call it an Incident–Yet: Managing Liability in a New Era of Incident Reporting and Compliance | Nexus (nexusconnect.io) When a cyber crisis strikes, a call comes in about a potential cybersecurity issue to a company’s incident response (IR)
December 18, 2023 is SEC Reporting Day and the FBI is ready!
For those of us who have been tracking the SEC’s Cybersecurity reporting requirements that were issued this summer, they go into effect for all large publicly traded companies on Monday, December 18. In anticipation of that deadline, the FBI released a Policy Notice on Friday, December 8 that sets forth the steps that companies will
SEC and NYDFS for the Win
This fall has been extremely active in cybersecurity, with new benchmarks in both regulation and in enforcement. The SEC’s Cybersecurity Final Rule – a 186-page behemoth – had been released over the summer and in September we saw the first SEC filing when Clorox filed the first 8K announcing it had been the victim of
Cyber Policy Turns 25
Today is the 25th anniversary of the modern era of cybersecurity policy as we know it. On May 22, 1998, President Clinton released Presidential Decision Directive 63, which set in place some important priorities we’re still chasing today. In my opinion, it is the foundation of critical infrastructure protection, a government commitment to reduce vulnerabilities,
Sharing thoughts on cybersecurity
Hi everyone – I’m starting to dip my toe into writing about what I’m thinking and seeing in cybersecurity. It’s not something that I have done beyond flagging articles or items of interest on Twitter. I want to write more, and so this is a way for me to ease into this space. I’ll be
