Biden administration officials push Congress to shape breach reporting mandates

U.S. cybersecurity officials are seeking to put their stamp on cyber incident reporting legislation, wading into debates on Capitol Hill about questions like how swiftly companies must report attacks to federal agencies — and what happens if they don’t. The head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency testified at a Senate hearing Thursday in favor of requiring critical infrastructure owners and operators, federal contractors and agencies to report attacks to CISA within 24 hours of detection. There are three leading proposals in Congress, each with a different timeframe for reporting attacks. The leaders of the Senate Intelligence Committee favor a 24-hour deadline. A draft bill from leaders of the Senate Homeland Security and Governmental Affairs Committee would set the range at between 72 hours and seven days, as determined by CISA. And a draft from leading members of the House Homeland Security Committee proposes leaving […]

The post Biden administration officials push Congress to shape breach reporting mandates appeared first on CyberScoop.

Continue reading Biden administration officials push Congress to shape breach reporting mandates

Key Compliance Concepts for Financial Services

The Sarbanes-Oxley Act (SOX) was introduced following a number of financial scandals involving huge conglomerates and obliges companies to establish internal controls to prevent fraud and abuse, holding senior managers accountable for the accuracy of f… Continue reading Key Compliance Concepts for Financial Services

White House releases 2016 agency cyberattack stats, claiming progress

The White House Office of Management and Budget released fiscal 2016 statistics on cybersecurity measures and incidents at U.S. agencies Friday, using new methodologies that make comparison with prior years essentially impossible, but nonetheless saying the government had made progress. For the first time, agencies were required to report only incidents that affected their operations, and to break those incidents down based on the attack vector used. “This is a shift from the previous reporting methodology,” wrote Grant Schneider, the acting federal chief information security officer, in a blog post unveiling the findings. He added that the shift meant “that the FY 2016 incident data is not comparable to prior years’ incident data.” But he stressed the new reporting requirement OMB, the Department of Homeland Security and other agencies “to focus on incidents that may impact operations.” Of the 30,899 incidents that agencies reported, only 16 were determined by agency heads to be “major […]

The post White House releases 2016 agency cyberattack stats, claiming progress appeared first on Cyberscoop.

Continue reading White House releases 2016 agency cyberattack stats, claiming progress