The FISMA Focus IPD

From: AEIdeas

Shane Tews

***

The role of government

When businesses are obligated by regulations (and punitive fines) to publicly disclose when information is lost or stolen, they are incentivized to improve the controls and procedures in place to ensure the safety of the data residing on their networks. For firms in industries handling highly sensitive data such as banking and health care — which are already subject to specific cyber-risk regulations to show accountability for the data they retain on customers — this is a major benefit.

From: Government Technology

A series of proposals in the state Legislature could bring new transparency and privacy rules for residents, but many states have been slow to embrace similar limits on how companies use and share customer data.

by Joseph O’Sullivan, The Seattle Times

***

“America, you know, is behind the rest of the world in terms of privacy protections for consumers,” said Alex Alben, the state’s chief privacy officer. “It’s not a secret that people are really upset when they see their data used in ways they didn’t intend.”

Editor’s Note: Cross-posted from OIRA Watch.

From: The National Law Review

Emerging Technologies Update

Article By R. Scott Nuzum, Eric C. Wagner | Van Ness Feldman LLP

***

BIS Contemplating Export Controls for Certain Emerging Technologies

On November 19, 2018, the Bureau of Industry and Security (BIS)—an agency within the Department of Commerce—published an ANPR seeking public comment on criteria for identifying emerging technologies that are essential to U.S. national security. The BIS ANPR comes at a time of heightened scrutiny over global technology transfers. The past year alone has been dominated by headlines of (i) potential national security concerns related to the import of Chinese telecommunications technologies; (ii) potential supply chain attacks on U.S. technology manufacturers; and (iii) escalating trade tensions between the United States and China precipitated at least in part by U.S. objections over Chinese theft of intellectual property.

From: GCN

By Mark Rockwell

A recent survey by cybersecurity provider Gemalto found that only about half of businesses can tell if any of their internet-of-things devices has suffered a breach. Given that risk, and the exploding number of IoT devices coming online, 95 percent of the 950 respondents supported some IoT security regulation.

Among those supporting more regulation, 59 percent said rules should include identifying who is responsible for securing data in different parts of the ecosystem, and 53 percent said there should be consequences for lapses.

Read Complete Article

From: CSO

Security regulations and frameworks are good and necessary, but they can be inflexible and draw focus away from the most significant security risks.

By Roger A. Grimes

***

That concept continues as you scale past a single company. You can secure a single organization with written policies and procedures, but it takes industry or government regulations and frameworks to secure everyone. Good, long-term security for the entire macrocosm will not happen without regulations and frameworks that companies are forced to follow. Voluntary participation does not work for computer security.

***