Legal
Featured One-Minute Insights
Sept 2024
How are U.S. CISOs Addressing Liability Risk?
New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
Active Ambassadors in This Topic
Community Posts
What do you understand by workplace or office politics?
What are some important first steps for an IT leader that has been wrongfully terminated?
How do others conduct phishing tests ? Do you punish employees when they fail ?
https://www.scmagazine.com/home/security-news/phishing/insensitive-phishing-test-stirs-debate-over-ethics-of-security-training/
Unsure what technology is available16%
Unsure we could implement it31%
Resistance to change38%
It could negatively impact customers22%
People could lose jobs15%
Our AR process is too complicated20%
Cost17%
Nothing, we have already automated our accounts receivable14%
If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it. The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world. What do others think ? How could this impact your organization ?
Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge
None, we don't perform vendor security reviews6%
Very little, our vendor reviews are mostly a box-checking exercises36%
Sometimes vendor security reviews delay purchases but they don't change outcomes29%
Vendor security reviews break ties between equal vendors15%
Vendor reviews make security a key buying criteria12%
What do folks think about this ? https://www.cpomagazine.com/data-protection/hm-hit-with-e35-million-gdpr-fine-for-profiling-private-lives-of-employees/
So many useful things to learn from looking at this .... here are just a few obvious ones.
1) Rogue management team collecting employee information
2) Mismanaging the storage of that information so that it was vulnerable
3) A breach of the data that never should have been collected
4) A fine for GDPR violations and one for employee data not consumer ...
Finally - What about covid19 return to work processes, data collection, use, storage, security, ect ... if your not already on top of making sure your doing privacy and security right for this ... your WAY BEHIND !
Does your contract lifecycle management tool deliver on their AI/ML promises?
Yes66%
No33%