Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2023

US data transfers: are they allowed?

US data transfers... are they allowed? Well. Yes. It depends....it’s complicated. Let’s get stuck in and I’ll explain all. In July this year, the EU Commission made an adequacy decision for the new EU-US Data Privacy Framework (DPF). This can be seen as Safe Harbor 3.0. Essentially, in most scenarios, data transfers from the EU to the US are now permitted without the need for other mechanisms such as Standard Contractual Clauses (SCCs).

SEC's Cybersecurity Regulations, Part III: The Relationship Between the CISO & The Board

Cybersecurity is a top risk for corporate directors to understand and navigate. The implications of cyber events for a company are many and growing: instantly damaged reputations that erode years of credibility and trust with customers and investors, impaired profitability from customer attrition and increased operating costs, lost intellectual property, fines and litigation, and harm to a company’s people and culture.

SOX VS SOC - Mapping the Differences

Let’s explore the critical differences between SOC and SOX compliance. In the realm of information security and financial reporting, compliance enables organizations to build trust and transparency with stakeholders. To accomplish this, companies must adhere to specific regulations and standards. SOC and SOX represent two pivotal compliance frameworks that help maintain financial reporting integrity and data security.

Navigating the SEC's New Cybersecurity Disclosure Rules: A Guide for Businesses

The landscape of cybersecurity is evolving rapidly, and with it, so are the regulations governing it. One such significant development is the Securities and Exchange Commission's (SEC) recently finalised cybersecurity disclosure rules. These new rules are poised to change how businesses handle and disclose their cyber risk management strategies.

Tackling the 2023 SEC Cybersecurity Rules

The new rules from the U.S. Securities and Exchange Commission (SEC) on reporting mark a significant shift in the requirements for disclosing cyber breaches, leaving many businesses wondering how their cybersecurity practices will be impacted in the long run. These new rules create significant new disclosure obligations for public companies, requiring timely and detailed disclosures of material cybersecurity incidents and periodic disclosures about cybersecurity risk management and governance.

SEC Cybersecurity Disclosure Rules: What You Need to Know

On July 2023, the Securities and Exchange Commission (SEC) implemented a final rule mandating public companies to furnish comprehensive and uniform disclosures pertaining to cybersecurity risk management, strategy, governance, and incidents. We’re going to discuss SEC Cybersecurity Disclosure Rules and What You Need to Know.

Navigating the Complex AI Regulatory Landscape - Transparency, Data, and Ethics

Ahead of the upcoming AI Safety Summit to be held at the UK’s famous Bletchley Park in November, I wanted to outline three areas that I would like to see the summit address, to help simplify the complex AI regulatory landscape. When we start any conversation about the risks and potential use cases for an artificial intelligence (AI) or machine learning (ML) technology, we must be able to answer three key questions.

Meeting the Third-Party Requirements of the Essential Eight

Today’s rapidly evolving digital world requires organizations to build a robust cybersecurity plan to safeguard internal infrastructures and oversee third-party vendors' cyber health. The Essential 8 is a cybersecurity framework developed by the Australian Signals Directorate designed to help organizations protect themselves against different cyber risks.

New from SEC: Cybersecurity Final Rule on Reporting Hits Third Party Risk

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity requirements for publicly traded companies, creating new obligations for reporting “material” cybersecurity incidents and requiring more detailed disclosure of cybersecurity risk management, expertise, and governance. Companies are required to disclose risks in their annual reports beginning on December 15, 2023.

DORA: A paradigm shift in cybersecurity and operational resilience

In the dynamic realm of governmental regulations, the Digital Operational Resilience Act (DORA) in the EU emerges as a game-changer. Slated for a detailed rollout by early 2024, the buzz surrounding DORA has resonated within the information and communication technology (ICT) and financial sectors for quite some time, and its distinction lies in its holistic and authoritative approach. DORA is heralded as the high-water mark for cybersecurity regulations tailored for the financial arena. Its mission?

Building a Cyber-Resilient Future Together

Last week in New York, I had the opportunity to attend a panel discussion hosted by SINET and moderated by Upendra Mardikar, the Chief Information Security Officer of TIAA. We discussed everything from security in DevOps, to AI’s pros and cons, and cybersecurity’s future. As long as the attack surface, API usage, and digital footprints increase, so will cyber risk.

Regulatory Compliance 101: What You Need To Know

To operate legally and ethically, every company, no matter the size or type of organization, must be aware of the laws, regulations, and industry standards that govern them. Though many businesses may view regulatory compliance as a burden, it does not have to be this way. The benefits of following these rules greatly outweigh the consequences. Organizations can ensure the safety and well-being of their employees, customers, and the general public by following these regulations.

Understanding the Cost of Legal Consultation

A case requiring resolution in court or by an experienced attorney presents its own difficulties. You can occasionally worry that your case is too pricey because hiring a lawyer might be too expensive. Most law firms will offer you an excellent guide on making the payment. You can always consult a professional law firm to assist with this information.

SEC Regulations: What is a "Material" Cybersecurity Incident?

In one of the most important cybersecurity regulatory developments in recent memory, the U.S. Securities and Exchange Commission (SEC) recently adopted new cybersecurity disclosure requirements for publicly traded companies, including a requirement to publicly disclose a “material” cybersecurity incident in Form 8-K within four business days of determining that it is material.

Understanding GDPR Vendor Management and Compliance for your Business

General Data Protection Regulation (GDPR) is a framework for data protection that gives strict obligations for organizations within the European Union. For many businesses, understanding and implementing GDPR vendor management is a daunting task. That’s why we are going to break down what GDPR vendor management is, who is involved in it, and what the requirements are.