A recent report by Trellix indicated that due to growing complexity, responsibility, and regulatory accountability, a majority of CISOs believe their role should be split into separate positions.
This finding struck me as a little odd. It seems counte
The National Public Data breach has been a nightmare, exposing names, addresses, birthdates, emails, phone numbers, and Social Security Numbers of countless individuals — including mine.
As a California resident, I have the legal right to demand that
The Supreme Court struck down the Chevron Doctrine, sharply cutting back the power of federal agencies to interpret the laws they oversee and ruled that courts should rely on their own interpretation of ambiguous laws. The ramifications will have rip
More SEC rules, this time mandating financial firms inform victims of data breaches within 30 days!
Why wasn't this already a requirement?
Last year, the SEC instituted requirements for publicly traded companies to inform investors of material cybersec
The SEC case against SolarWinds and their CISO continues to reverberate across the cybersecurity community. I talk with Edward Amoroso, the Founder and CEO of TAG Infosphere, to discuss different aspects of the case and recent SEC requirements for di
The White House just released an Executive Order intended to lay down some standards intended to manage the risks of Artificial Intelligence. I absolutely like the idea of establishing guardrails to make AI safe, secure, and trustworthy, but I am uns
I think the list of executives and board members genuinely interested in cybersecurity will increase greatly as regulations, such as the US SEC cybersecurity reporting requirements and the European Union's proposed Cyber Resilience Act (CRA), are est
I like the EU Cyber Resilience Act! There, I said it! Yes, this will make companies nervous in the short term, but this regulation is a watershed moment that will fundamentally shift how digital products are secured and maintained! This will FORCE th
I like the concept of ‘banning’ the sale of offensive cyber weapons to potential adversaries, but what defines technology as offensive versus defensive?
Israel just announced it will ban the sales of hacking and surveillance tools to 65 countries: htt
A new bill has been proposed to address Ransomware. Congressman Patrick McHenry recently introduced the Ransomware and Financial Stability Act of 2021.
I believe it is the right direction for undermining ransomware attac
Industries must either take security, privacy, and safety seriously or find themselves burdened under the crushing blanket of regulatory oversight.
A recent announcement by the European Commission that the Radio Equipment Directive will be updated to
In the absence of a federal privacy law, that would establish unified privacy rights of citizens, I applaud Colorado, to the be latest state to enact legislature that protects its residents. States are leading the charge to protect American’s privacy
Avast was recently caught selling user's web browsing data. Sensitive data like website destinations, search terms, and even what videos customers watched were collected by Avast software residing on customers' computers. The data was repackaged an
It simply makes no sense to call for IoT devices to be certified safe-and-secure. Before you get bent out of shape, hear me out.
Regulations are unwieldy blunt instruments, best left as a last resort. Cybersecurity regulations are not nimble, tend
