An organization’s board of directors assumes ultimate accountability for governing cybersecurity risk. Chief information security officers (CISOs) play an increasingly indispensable role in enabling board members and senior executives to engage in appropriate cyber risk management, communicate using cyber metrics with business objectives in mind, and facilitate proper oversight of the company’s cyber program. Among
Chief Information Security Officer (CISO)
US Federal Trade Commission Proposes Prescriptive Data Security Requirements and Other Updates to Its Gramm-Leach-Bliley Act Regulations
On March 5, 2019, the Federal Trade Commission (“FTC”) proposed a number of revisions to its Gramm-Leach-Bliley Act (“GLBA”) regulations, which would (i) change the Safeguards Rule to require financial institutions to implement specific information security controls (in a departure from the FTC’s current non-prescriptive approach to data security), (ii) update its GLBA Privacy Rule…
The New York State DFS Cybersecurity Regulation: Preparing for Compliance
Posted in Cybersecurity, Financial Services, United States, US State Laws
Bylined article by Financial Services Regulatory & Enforcement partner Jeffrey Taft (Washington DC), Corporate & Securities partner Larry Hamilton (Chicago), Cybersecurity & Data Privacy partner Stephen Lilley (Washington DC) and Financial Services Regulatory & Enforcement associate Matthew Bisanz (Washington DC).