From Security Weekly Wiki
Jump to navigationJump to search
2,471 bytes added ,  12:52, 22 October 2019
no edit summary
== Security & Compliance News 12:00-12:30PM ==
* [ PwC’s 2019 Annual Corporate Directors Survey]- What are some of the findings that impact security and compliance:# Crisis management comes into focus# Increasing the profile of cybersecurity in the boardroom # Directors lukewarm on a stakeholder model of governance# Who’s responsible for culture? Everyone…including the board # More work to be done on talent management* [ What is the Board’s Role in Effective Risk Management?]- Boards can take the following actions to assure effective risk management oversight:** Ensure that board members understand why and how robust risk monitoring is required to achieve organizational strategic goals and overall success.** Nominate board executive(s) with appropriate risk management background.** Establish a board risk committee or group that oversees all risk management activities enterprise-wide and advises the full board around risk-related decisions.** Designate a Chief Risk Officer (CRO) to represent the risk committee and oversee risk-related issues.** Regularly review all aspects of risk monitoring processes to ensure they are effectively and efficiently meeting organizational needs.* [ CEOs could get jail time for violating privacy bill]- The bill, known as the Mind Your Own Business Act will contain the most comprehensive protections for Americans’ private data and will go further than the EU General Data Protection Regulation (GDPR). The Mind Your Own Business Act will empower the Federal Trade Commission (FTC) by allowing them to establish minimum privacy and cybersecurity standards and issuing steep fines (up to 4% of annual revenue) on the first offense for companies. Senior executives who have knowingly lied to the FTC could face 20-20 year criminal penalties. * [ California Amends Breach Notification Law]- On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; and (2) biometric data generated from measurements or technical analysis of human body characteristics (e.g., fingerprint, retina, or iris image) used to authenticate a specific individual.* [ Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance]* [ a compliance framework that complements commercial objectives alongside the latest security and-what-privacy requirements is key to-expect-from-version-40 truly reap the benefits of PCI DSS: Credit card data and what to expect from version 4.0] But how do you start?** ** ** ** * [ 5 Updates from PCI SSC That You Need to Know]- As payment technologies evolve, so do the requirements for securing cardholder data.# # # # # A New Strategic Framework
== 2019 NACD Blue Ribbon Commission Initiative 12:30-1:00PM ==


Navigation menu