From Security Weekly WikiJump to navigationJump to search
'Recorded on October 22, 2019, @G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Security & Compliance News 12:00-12:30PM
- PwC’s 2019 Annual Corporate Directors Survey - What are some of the findings that impact security and compliance:
- Crisis management comes into focus
- Increasing the profile of cybersecurity in the boardroom
- Directors lukewarm on a stakeholder model of governance
- Who’s responsible for culture? Everyone…including the board
- More work to be done on talent management
- What is the Board’s Role in Effective Risk Management? - Boards can take the following actions to assure effective risk management oversight:
- Ensure that board members understand why and how robust risk monitoring is required to achieve organizational strategic goals and overall success.
- Nominate board executive(s) with appropriate risk management background.
- Establish a board risk committee or group that oversees all risk management activities enterprise-wide and advises the full board around risk-related decisions.
- Designate a Chief Risk Officer (CRO) to represent the risk committee and oversee risk-related issues.
- Regularly review all aspects of risk monitoring processes to ensure they are effectively and efficiently meeting organizational needs.
- CEOs could get jail time for violating privacy bill - The bill, known as the Mind Your Own Business Act will contain the most comprehensive protections for Americans’ private data and will go further than the EU General Data Protection Regulation (GDPR). The Mind Your Own Business Act will empower the Federal Trade Commission (FTC) by allowing them to establish minimum privacy and cybersecurity standards and issuing steep fines (up to 4% of annual revenue) on the first offense for companies. Senior executives who have knowingly lied to the FTC could face 20-20 year criminal penalties.
- California Amends Breach Notification Law - On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; and (2) biometric data generated from measurements or technical analysis of human body characteristics (e.g., fingerprint, retina, or iris image) used to authenticate a specific individual.
- Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance - Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. But how do you start?
- Define the scope
- If it isn’t broken, make it better!
- Deliver added value
- Looking to the Future
- 5 Updates from PCI SSC That You Need to Know - As payment technologies evolve, so do the requirements for securing cardholder data.
- Programs Open for Software Security Framework Assessors in October
- New Standard for Contactless Payments by the End of the Year
- Requests for Comments for PCI DSS Version 4.0 to Open in October
- New Version of P2PE Standard and Program in December
- A New Strategic Framework