According to HaystackID’s Chief Innovation Officer and President of Global Investigations, Michael Sarlo, “With the prevalence of data breaches in today’s business world, it is only a matter of time before an organization faces the challenge of a post-data breach incident response. While there are many different solutions for specific incident response tasks, our new ReviewRight Protect service allows us to help companies address these tasks with an integrated service managed by a team of proven data and legal discovery and review experts. Leveraging HaystackID’s extensive data discovery and compliance reporting experience, the new service helps companies quickly identify sensitive data, promptly assess safe and at-risk data, and rapidly respond and report to mitigate data-breach associated risk.”
Playing NICE? A Workforce Framework for Cybersecurity from NIST
According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”
New Rules? The European Regulation on Data Governance
According to the European Commission, the proposed Regulation on Data Governance (Data Protection Act) will create the basis for a new European way of data governance that is in line with EU values and principles, such as personal data protection (GDPR), consumer protection and competition rules. It offers an alternative model to the data-handling practices of the big tech platforms, which can acquire a high degree of market power because of their business models that imply control of large amounts of data.
[Annual Update] The Intersection of International Law and Cyber Operations: An Interactive Cyber Law Toolkit
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 19 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia. Its first general annual update was published on October 2, 2020.
From Proactive Detection to Data Breach Reviews: Sensitive Data Discovery and Extraction with Ascema
A steady rise in the number of sensitive data discovery requirements driven by events ranging from Data Subject Access Requests (DSARs) to data breaches are adding to the current ‘where’s my data’ problem; a problem increasingly complicated by enormous amounts of unstructured data widely spread across organizational systems. The ability to rapidly locate information across an organization’s digital estate and to easily review, collate, and extract that data into one central repository, is essential when faced with regulatory time constraints. Ascema, a sensitive data discovery and extraction platform from UK-based cybersecurity provider GeoLang, may be able to help eDiscovery professionals as they consider proactive detection and reactive data breach review of data.
New from NIST: Integrating Cybersecurity and Enterprise Risk Management (ERM)
NIST has released NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
From Metadata to Mass Surveillance? European Data Retention Revisited
This new report, “Data Retention Revisited,” published by the EDRi, critically revisits the question of data retention and concludes that the ongoing aspirations to reintroduce a data retention obligation in the EU remain in violation of EU law as long as the strict necessity of data retention is unproved and no genuinely targeted retention obligation is considered.
Collaborative Cyber Defense: The U.S. Army and Estonia Sign Historic Agreement
“Estonia is a cyber country of excellence with a robust cyber defensive system in terms of technology and people. Given their deep expertise, I believe they will have substantial lessons to share, which will be enormously helpful in finding efficiencies in our science and technology efforts while understanding how best to defend against cyber warfare,” said Robert Kimball, the C5ISR Center’s senior research scientist for cyber security. Kimball also noted Estonia is home to the NATO Cyber Defense Center and Cyber Range.
Socially Acceptable? EDBP Guidelines on the Targeting of Social Media Users
According to the recently published EDPB guidelines on the targeting of social media users, the term “targeter” is used to designate natural or legal persons that use social media services in order to direct specific messages at a set of social media users on the basis of specific parameters or criteria. What sets targeters apart from other social media users is that they select their messages and/or their intended audience according to the perceived characteristics, interests, or preferences of the individuals concerned, a practice which is sometimes also referred to as “micro-targeting.” Targeters can engage in targeting to advance commercial, political, or other interests.
Considering the Challenge of Cloud Forensics? A New Publication from NIST
According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.