Collaborate Disseminate
The Cybersecurity and Infrastructure Security Agency’s reporting requirements represent a sea change for when private entities will have to report cybersecurity incidents.
The post CISA faces resource challenge in implementing cyber reporting rules appeared first on CyberScoop.
Continue reading CISA faces resource challenge in implementing cyber reporting rules
The proposal describes when critical infrastructure organizations will be required to report cybersecurity incidents.
The post CISA releases draft rule for cyber incident reporting appeared first on CyberScoop.
Continue reading CISA releases draft rule for cyber incident reporting
The Biden administration is looking to simplify the dizzying reporting requirements faced by critical infrastructure entities.
The post DHS council seeks to simplify cyber incident reporting rules appeared first on CyberScoop.
Continue reading DHS council seeks to simplify cyber incident reporting rules
CISA Director Jen Easterly will meet with executives to craft a framework for cybersecurity incident reporting that doesn’t “burden industry.”
The post CISA to formally solicit industry feedback on cybersecurity incident reporting rules appeared first on CyberScoop.
The legislation eventually garnered widespread support on its way to becoming law, but much remains unresolved.
The post The long, bumpy road to cyber incident reporting legislation — and the one still ahead appeared first on CyberScoop.
The incident reporting legislation, long in the works, also comes with nearly $2.6 billion for the agency for fiscal 2022.
The post Major cyber incident reporting requirement, CISA budget hike on precipice of becoming law appeared first on CyberScoop.
The amendments follow a similar proposal the agency released last month aimed at tightening security for investment firms and advisers.
The post SEC weighs reporting requirements for publicly traded companies appeared first on CyberScoop.
Continue reading SEC weighs reporting requirements for publicly traded companies
The amendments follow a similar proposal the agency released last month aimed at tightening security for investment firms and advisers.
The post SEC weighs reporting requirements for publicly traded companies appeared first on CyberScoop.
Continue reading SEC weighs reporting requirements for publicly traded companies
The Senate passed legislation Tuesday evening requiring critical infrastructure owners to report to the feds when they suffer a major cyberattack or make a ransomware payment — shaking loose a bill that got stuck in the chamber last year. Under the measure, which now moves to the House for potential consideration, those critical infrastructure owners and operators as well as federal agencies would have to disclose a significant incident to the Department of Homeland Security’s Cybersecurity and Infrastructure Agency within 72 hours. The same owners and operators would have to report any ransomware payments to CISA, too, only within 24 hours. Its intent is to give CISA the information it needs to more widely share threat data to help curtail major cyberattacks rippling through key targets, such as what happened in late 2020 when federal contractor SolarWinds suffered a compromise that ended up spreading to federal agencies and major tech […]
The post Proposal for industries to report big cyberattacks, ransomware payments wins Senate approval appeared first on CyberScoop.
The Securities and Exchange Commission voted Wednesday 3-1 to approve a recommendation for tighter mandatory cybersecurity requirements for financial institutions. The proposed rule will now open to public comment before a final vote. “The proposed rules and amendments are designed to enhance cybersecurity preparedness and could improve investor confidence in the resiliency of advisers and funds against cybersecurity threats and attacks,” SEC Chairman Gary Gensler said at the agency’s open meeting. Most critically, the new rule would require confidential reports of any “significant” cybersecurity incidents to the SEC within 48 hours. The proposal also would require advisers and funds to adopt, at a minimum, cybersecurity protections including a risk assessment; user security and access controls; information protection and monitoring to protect systems from unauthorized use; and an annual written review of cybersecurity risks and policies. The report would require review by a board of directors. Commissioners said they want more […]
The post SEC’s breach notification proposal one step closer to a final vote appeared first on CyberScoop.
Continue reading SEC’s breach notification proposal one step closer to a final vote