According to HaystackID’s Chief Innovation Officer and President of Global Investigations, Michael Sarlo, “With the prevalence of data breaches in today’s business world, it is only a matter of time before an organization faces the challenge of a post-data breach incident response. While there are many different solutions for specific incident response tasks, our new ReviewRight Protect service allows us to help companies address these tasks with an integrated service managed by a team of proven data and legal discovery and review experts. Leveraging HaystackID’s extensive data discovery and compliance reporting experience, the new service helps companies quickly identify sensitive data, promptly assess safe and at-risk data, and rapidly respond and report to mitigate data-breach associated risk.”
In this expert presentation, cybersecurity incident response, legal discovery, and privacy experts will share how organizations should be prepared to respond to a cyber-related incident, while also gaining insight into cutting-edge data discovery technologies and proven document review services to support the detection, identification, review, and notification processes required by law after sensitive data-related breaches and disclosure.
According to Karen Wetzel, Manager of the NICE Framework, “The NICE Framework building blocks (Tasks, Knowledge, and Skill statements) will unleash a variety of ways in which organizations can use and apply the NICE Framework within their unique context and in a manner that is consistent with the attributes of agility, flexibility, interoperability, and modularity. The introduction of Competencies, a mechanism for organizations to assess learners, is designed to increase alignment among employers, learners, and education and training providers and close the cybersecurity skills gap.”
The Cyber Law Toolkit is a dynamic interactive web-based resource for legal professionals who work with matters at the intersection of international law and cyber operations. At its heart, the Toolkit currently consists of 19 hypothetical scenarios. Each scenario contains a description of cyber incidents inspired by real-world examples, accompanied by detailed legal analysis. The aim of the analysis is to examine the applicability of international law to the scenarios and the issues they raise. The Toolkit was formally launched on 28 May 2019 in Tallinn, Estonia. Its first general annual update was published on October 2, 2020.
NIST has released NISTIR 8286, Integrating Cybersecurity and Enterprise Risk Management (ERM). This report promotes greater understanding of the relationship between cybersecurity risk management and ERM, and the benefits of integrating those approaches.
“Estonia is a cyber country of excellence with a robust cyber defensive system in terms of technology and people. Given their deep expertise, I believe they will have substantial lessons to share, which will be enormously helpful in finding efficiencies in our science and technology efforts while understanding how best to defend against cyber warfare,” said Robert Kimball, the C5ISR Center’s senior research scientist for cyber security. Kimball also noted Estonia is home to the NATO Cyber Defense Center and Cyber Range.
According to NIST in its recently published paper on forensic science challenges and the cloud, “Cloud computing has revolutionized the methods by which digital data is stored, processed, and transmitted.” The paper goes on to highlight that, “One of the most daunting new challenges is how to perform digital forensics in various types of cloud computing environments. The challenges associated with conducting forensics in different cloud deployment models, which may cross geographic or legal boundaries, have become an issue.” The complete paper, NIST Cloud Computing Forensic Science Challenges, published in August of 2020, aggregates, categorizes, and discusses the forensics challenges faced by experts when responding to incidents that have occurred in a cloud-computing ecosystem.
As highlighted in NIST Special Publication 800-207, no enterprise can eliminate cybersecurity risk. However, when complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cyber hygiene, a properly implemented and maintained Zero Trust Architecture (ZTA) can reduce overall risk and protect against common threats.
According to Wikipedia, malware analysis is the study or process of determining the functionality, origin, and potential impact of a given malware sample. In this new handbook from the NATO Cooperative Cyber Defence Centre of Excellence, the authors share concise insight and general techniques for analyzing the most common malware types for the Windows OS.
According to the European Securities and Market Authority (ESMA) Chair, Steven Maijoor, cloud outsourcing can bring benefits to firms and their customers, for example, reduced costs and enhanced operational efficiency and flexibility. Cloud outsourcing also raises important challenges and risks that need to be properly addressed, particularly in relation to data protection and information security. Financial markets participants should be careful that they do not become overly reliant on their cloud services providers. They also need to closely monitor the performance and the security measures of their cloud service provider and make sure that they are able to exit cloud outsourcing arrangements as and when necessary.