- Details
- Written by: Shaun Walsh
The American Data Privacy and Protection Act (ADPPA) represents a significant legislative effort to establish a comprehensive framework for protecting consumer data privacy in the United States. Introduced in 2022, the ADPPA aims to give individuals greater control over their personal information and increase transparency regarding data collection, usage, and sharing by businesses[1].
- Details
- Written by: Shaun Walsh
The CISA Reporting Draft Rules
This past week, CISA (Cybersecurity and Infrastructure Security Agency) published new rules requiring companies to report substantial attacks within 72 hours and ransom payments within 24 hours—the 447-page draft guideline. The Cybersecurity and Infrastructure Security Agency (CISA) recently unveiled a comprehensive draft detailing the enforcement of a new cyber incident reporting program mandated by Congress. This 447-page document marks a significant step forward in the United States' efforts to bolster its cybersecurity infrastructure. It clearly outlines the entities subject to these new regulations and the types of cyberattacks that must be reported.
- Details
- Written by: Shaun Walsh
Traditionally, cybersecurity risk analysis has focused heavily on financial losses and reputational damage to the company. While these are crucial, a growing need exists to consider the broader impact of security breaches. This is where Duty of Care Risk Analysis (DOCRA) comes in, offering a fresh perspective on managing cybersecurity risks.
- Details
- Written by: Shaun Walsh
Humans are visual creatures, one reason we created the Arbiter Threat Matrix. Suppose you look at most threat Intel or incident response reports. In that case, they tend to be long technical dissertations that take more work for executives, auditors, cyber insurers, and other non-SOC personnel to absorb and comprehend. This is one of the reasons why we invented the Arbitr Threat Matrix. At the end of the day, having a great report that no one understands doesn't really matter whether you're doing a threat hunt, responding to an incident, or educating a new team member. A picture is worth the proverbial thousand words, and that's why we think the Threat Matrix will help improve the understanding and actionable intelligence that come from mapping a cyber attack kill chain.
- Details
- Written by: Shaun Walsh
In a recent talk, Dmitri Alperovitch, co-founder and CTO of CrowdStrike, commented that if he spoke to a public company board, he would recommend the CISOs focus on three key metrics.