From Paul's Security Weekly
'Recorded on October 22, 2019, @G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020 and click the register button to register with our discount code!
- Attend RSA Conference 2020, February 24-28 and join thousands of security professionals, forward-thinking innovators and solution providers for five days of actionable learning, inspiring conversation and breakthrough ideas. Register before January 24 and save $900 on a Full Conference Pass. Save an extra $150 by going to securityweekly.com/rsac2020 and use our code to register!
- Our next webcast is February 13th with Sri Sundaralingam, Vice President, Product and Solutions Marketing at ExtraHop where we will discuss Cloud Native Network Detection and Response! Register for our upcoming webcasts by visiting securityweekly.com, selecting the webcast drop down from the top menu bar and clicking registration.
Security & Compliance News 12:00-12:30PM
- PwC’s 2019 Annual Corporate Directors Survey - What are some of the findings that impact security and compliance:
- Crisis management comes into focus
- Increasing the profile of cybersecurity in the boardroom
- Directors lukewarm on a stakeholder model of governance
- Who’s responsible for culture? Everyone…including the board
- More work to be done on talent management
- What is the Board’s Role in Effective Risk Management? - Boards can take the following actions to assure effective risk management oversight:
- Ensure that board members understand why and how robust risk monitoring is required to achieve organizational strategic goals and overall success.
- Nominate board executive(s) with appropriate risk management background.
- Establish a board risk committee or group that oversees all risk management activities enterprise-wide and advises the full board around risk-related decisions.
- Designate a Chief Risk Officer (CRO) to represent the risk committee and oversee risk-related issues.
- Regularly review all aspects of risk monitoring processes to ensure they are effectively and efficiently meeting organizational needs.
- CEOs could get jail time for violating privacy bill - The bill, known as the Mind Your Own Business Act will contain the most comprehensive protections for Americans’ private data and will go further than the EU General Data Protection Regulation (GDPR). The Mind Your Own Business Act will empower the Federal Trade Commission (FTC) by allowing them to establish minimum privacy and cybersecurity standards and issuing steep fines (up to 4% of annual revenue) on the first offense for companies. Senior executives who have knowingly lied to the FTC could face 20-20 year criminal penalties.
- California Amends Breach Notification Law - On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; and (2) biometric data generated from measurements or technical analysis of human body characteristics (e.g., fingerprint, retina, or iris image) used to authenticate a specific individual.
- Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance - Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. But how do you start?
- Define the scope
- If it isn’t broken, make it better!
- Deliver added value
- Looking to the Future
- 5 Updates from PCI SSC That You Need to Know - As payment technologies evolve, so do the requirements for securing cardholder data.
- Programs Open for Software Security Framework Assessors in October
- New Standard for Contactless Payments by the End of the Year
- Requests for Comments for PCI DSS Version 4.0 to Open in October
- New Version of P2PE Standard and Program in December
- A New Strategic Framework