Posts Tagged ‘security’

Cyber-Insurance: Assess Risk, Policy & Obligations

Cyber-Insurance: Assess Risk, Policy & Obligations

The Ponemon Institute’s 2016 [Data Protection Benchmark] study pegs the average cost of a data breach at $4 million, with per-record costs rising slightly to $158 each.


Tanium CEO Admits Using Real Hospital Data in Sales Demos

Tanium CEO Admits Using Real Hospital Data in Sales Demos

Following a report by The Wall Street Journal that the security vendor Tanium used a hospital’s live network as a demonstration platform on sales calls and even revealed private hospital data in a publicly posted demonstration video, Tanium CEO Orion Hindawi has admitted that mistakes were made in handling data from El Camino Hospital’s network.


A New Paradigm in Mobile Device Preservation

A New Paradigm in Mobile Device Preservation

Today, if you fail to advise clients to preserve relevant and unique mobile data when under a preservation duty, you’re committing malpractice.


Data Flows from China Could Be Significantly Restricted

Data Flows from China Could Be Significantly Restricted

Proposed Chinese regulations (open in Google Chrome for English translation) could substantially limit the ability of companies in China from sending data outside of that country. If implemented, the regulations would potentially affect almost any type of business or data flow.


95% of Organizations Have Employees Seeking to Bypass Security Controls

95% of Organizations Have Employees Seeking to Bypass Security Controls

Employees using private VPNs and Tor on an enterprise network are typically trying to hide their actions and do something that will not be detected by the organization’s security controls, he says. “Security bypass is the first step towards data theft or other destructive behavior,” Koo says.


Swiss-U.S. Privacy Shield FAQs

Swiss-U.S. Privacy Shield FAQs

When can an organization self-certify to the Swiss-U.S. Privacy Shield? Starting April 12, 2017, organizations can self-certify to the Swiss – U.S. Privacy Shield Framework.


Phishing – Why We Keep Getting Netted

Phishing - Why We Keep Getting Netted

Phishing can unlock a considerable amount of resources to a hacker. Businesses must have a complete and automated view of everything in their system, or they could be gutted before they’ve had time to think.


First EU-US Privacy Shield Annual Review to Take Place in September 2017

First EU-US Privacy Shield Annual Review to Take Place in September 2017

The inaugural annual review into the operation of the EU-US Privacy Shield is to take place in September this year. EU justice commissioner Věra Jourová confirmed the timing of the review in a speech in Washington late last week.


The Laziest, Cheapest Way to Circumvent Your Snooping ISP

The Laziest, Cheapest Way to Circumvent Your Snooping ISP

Congress decided that your ISP should be allowed to sell off your private browsing data, but the solutions to get around this are a bit complicated, costly, or just a pain.


FBI Warns of Cybersecurity Risk from FTPs

FBI Warns of Cybersecurity Risk from FTPs

The FBI recommends medical and dental healthcare entities request their respective IT services personnel to check networks for FTP servers running in anonymous mode.


How AI Is Transforming the Workplace

How AI Is Transforming the Workplace

AI is also beginning to help managers peer into personal aspects of job performance that used to be left up to managers’ instincts and observations.


The Cloud Controls Matrix Working Group – Cloud Security Alliance®

The Cloud Controls Matrix Working Group - Cloud Security Alliance®

The Cloud Security Alliance Cloud Controls Matrix (CCM) is specifically designed to provide fundamental security principles to guide cloud vendors and to assist prospective cloud customers in assessing the overall security risk of a cloud provider.


The Lucrative Days of Document Review are Over

The Lucrative Days of Document Review are Over

Document review was just the beginning. In the past few years, corporate clients have shot dead another law-firm cash cow: the due diligence phase of a merger or acquisition.


From EDRM – Duke Law: Security Audit Questionnaire

From EDRM - Duke Law: Security Audit Questionnaire

The Security Audit Questionnaire from the EDRM was designed primarily to help evaluate the security capabilities of cloud providers and third parties offering electronic discovery or managed services.


10 Recommendations to Reduce Cyber Risk in the Cloud

10 Recommendations to Reduce Cyber Risk in the Cloud

When choosing a cloud service provider, it’s vital that the datacenter physically reside in a region or country in which data handling and storing legislation is favorable to your company’s business interests.


JPMorgan Software Does in Seconds What Took Lawyers 360,000 Hours

JPMorgan Software Does in Seconds What Took Lawyers 360,000 Hours

At JPMorgan Chase & Co., a learning machine is parsing financial deals that once kept legal teams busy for thousands of hours.


Are Cyber Lawyers Poised to Play Bigger Role in M&A?

Are Cyber Lawyers Poised to Play Bigger Role in M&A?

Kornbacher thinks privacy lawyers are poised to take on a bigger role in M&A deals, particularly during the due diligence phase.


The SHA1 Hash Function is Now Completely Unsafe

The SHA1 Hash Function is Now Completely Unsafe

Security researchers have achieved the first real-world collision attack against the SHA-1 hash function, producing two different PDF files with the same SHA-1 signature. This shows that the algorithm’s use for security-sensitive functions should be discontinued as soon as possible.


Why US Companies Must Prepare for the EU’s New Data Security Laws

Why US Companies Must Prepare for the EU’s New Data Security Laws

Many US companies may not realize that they might also have to comply with this new EU data security regulation. That’s because the GDPR applies to any business that holds data about, or which markets to individuals within the EU.


Microsoft E-Mail Fight With U.S. May Be Headed to Top Court

Microsoft E-Mail Fight With U.S. May Be Headed to Top Court

The Electronic Communications Privacy Act of 1986, a law passed before the widespread use of e-mail, instant messages and Internet-based social networks, doesn’t permit courts to require U.S.-based Internet service providers to turn over customer e-mails stored on servers outside the country.


Lawyers’ Job Security in a Near Future World of AI

Lawyers’ Job Security in a Near Future World of AI

Does the inevitable triumph of AI robots over human reason and logic mean that the legal profession is doomed? Will Watson be the next generation’s lawyer of choice? Ralph Losey does not think so and shares his thoughts on this important topic.


Swiss-U.S. Privacy Shield Finalized

Swiss-U.S. Privacy Shield Finalized

On January 11, U.S. and Swiss authorities announced final agreement on the Swiss-U.S. Privacy Shield Framework. The Framework defines standards for handling personal data exported from Switzerland to the U.S. and enables U.S. companies to meet Swiss legal requirements to protect personal data transferred from Switzerland.


2016 Year-End E-Discovery Update

2016 Year-End E-Discovery Update

On the e-discovery vendor front, the pace of consolidation of large service providers in 2016 was unprecedented compared to prior years.


Public Cloud Has The Greatest Security Implications Say Execs

Public Cloud Has The Greatest Security Implications Say Execs

A new survey reveals that 65 percent of senior IT and security executives think that the biggest security risks for business come from public clouds.