According to the National Security Agency, managing risk in the cloud requires that customers fully consider exposure to threats and vulnerabilities, not only during procurement but also as an on-going process. Clouds can provide a number of security advantages over traditional, on-premises technology, such as the ability to thoroughly automate security-relevant processes, including threat and incident response. With careful implementation and management, cloud capabilities can minimize risks associated with cloud adoption, and empower customers to take advantage of cloud security enhancements.
The NIST Privacy Framework is a voluntary tool intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy.
“The goal is to develop an automized cyber threat intelligence system between the US and Estonian defense forces, tailored to the specific needs of the two nations to enhance the cyber defense capabilities of the two parties. Regular exchange of threat intelligence between actors is one of the core principles of cyber defense today,” said Kusti Salm, Director General of the Estonian Centre for Defence Investment.
The security of data is fast becoming one of the most prominent and visible areas of concern in the selection of eDiscovery software solutions. With public examples of data security failures increasing in regularity and impact, it behooves any discovery solution decision-maker to carefully consider how they manage this important risk factor as they make on and off-premise enterprise software selection decisions.
As shared by Steve McNew, an MIT trained blockchain/cryptocurrency expert and senior managing director at FTI Consulting, “Online videos are exploding as a mainstream source of information. Imagine social media and news outlets frantically and perhaps unknowingly sharing altered clips — of police bodycam video, politicians in unsavory situations or world leaders delivering inflammatory speeches — to create an alternate truth. The possibilities for deepfakes to create malicious propaganda and other forms of fraud are significant.”
On December 19, 2019, the European Court of Justice (ECJ) Advocate General, Henrik Saugmandsgaard ØE, provided his opinion on the validity of Standard Contractual Clauses (SCCs) adopted by the European Commission for the transfer of personal data from controllers to processors. The rendered opinion confirms that companies relying upon SCCs do not need to consider changing their approach at this time.
In her recent article, “Fighting Fake News with Blockchain,” e-Estonia Briefing Centre Communication Manager Mari Krusten highlights how the innovative use of blockchain can help in ensuring data integrity and serve as a trustworthy tool for addressing challenges ranging from alternative facts to deepfakes.
“It’s now recognized that systems aren’t unbiased. They can actually amplify existing bias because of the historical data the systems train on,” said Ellen Voorhees, a NIST computer scientist. “The systems are going to learn that bias and recommend you take an action that reflects it.”
In this recently published information note (October 2019), the Data Protection Commission (DPC) Ireland shares country-specific statistics and trends related to data breach notifications during the first year of GDPR.
Due to the increasing pressures from external and internal threats, organizations responsible for critical infrastructure need to have a consistent and iterative approach to identifying, assessing, and managing cybersecurity risk. This approach is necessary regardless of an organization’s size, threat exposure, or cybersecurity sophistication today. NIST’s Framework for Improving Critical Infrastructure Cybersecurity may be helpful for organizations seeking to apply the principles and best practices of risk management to improve security and resilience.