Richard Santalesa addressed the Connecticut Association of Paralegals today, June 12, 2013, discussing how technological developments have effected the practice of law, from the way we now conduct legal research and present evidence at a trial to the way law firms are managed and the changing expectations attorneys have of paralegals in today’s digital world. In […]
NIST Releases Cloud Computing “Security Reference Architecture” (SP 500-299) for Public Comment
The National Institute of Standards and Technology (“NIST”) loves its “Special Publications” the way IRS agents love new tax forms. NIST’s SP’s, however, are much more useful, and its latest Special Publication release in draft form for public comment, SP 500-299 “Cloud Computing Security Reference Architecture” introduces NIST’s Cloud Computing Security Reference Architecture (“SRA”) as […]
Lessons From When Cyber Security Meets Physical Security
Data security and what qualifies as “reasonable” security is on everyone’s mind these days – at least if you’re involved in IT, or responsible for addressing any aspect of the “GRC” troika of governance, risk management and compliance issues. Sometimes overlooked on the cyber side, however, is the interaction of cyber with real world, physical […]
2013 Verizon Data Breach Report Is Out – Risks Increase
Verizon’s annual “Data Breach Investigations Report” (“DBIR”) is a must read for data and information security professionals and we eagerly await each release. The 2013 DBIR is now out and being carefully read by information security professionals. Now in its sixth year, each DBIR provides a broad overview of the changing information security and data […]
Upcoming Webinar on FFIEC Social Media Compliance
Richard Santalesa, will be conducting an upcoming webinar in connection with MetricStream, discussing the Federal Financial Institutions Examination Council’s (“FFIEC”) proposed recent social media guidance (see FFIEC Social Media Guidance Public Comment Revelations). Date to be announced in the near future.
FFIEC Social Media Guidance Public Comment Revelations
Earlier this year on January 22, the Federal Financial Institutions Examination Council (“FFIEC”), released for public comment proposed social media-related recommendations for financial institutions entitled, Social Media: Consumer Compliance Risk Management Guidance (the “Guidance”) which, according to the FFIEC, was designed to set the foundation for, in final form, “supervisory guidance” to the institutions the […]
FTC Report Issues Recommendation on Mobile Payments
This year, 2013, is definitely shaping up to be the “Year of Mobile” at the FTC, as predicted last month. Just last week the FTC’s latest Staff Report, Paper, Plastic,… Mobile – An FTC Workshop on Mobile Payments (“Staff Report,” PDF) serves to kick the ball further downfield in the FTC’s mobile push and begins […]
NIST Issues Final Draft of Security Controls for Comment
Over three previous drafts of its Security and Privacy Controls for Federal Information Systems and Organizations, Special Publication 800-53, the National Institute of Standards and Technology (“NIST”) has honed focus while expanding the reach of infosec controls, all culminating in this latest 455-page “Revision 4″ released for public comment last week. Dubbed the “Final Public […]
FTC Releases Recommendations for Mobile Privacy Disclosures
This weekend’s excellent Superbowl game, which was delayed by a power outage that prompted several announcers in passing to mention the “extra power” used by tablets and smartphones, highlighted that the mobile arena continues to take center stage everywhere. We’ve covered the growing attention on mobile privacy policies and data gathering in recent posts (see, […]
2013 Data Privacy, Information Security and Cyber Insurance Trends Report
On Data Privacy Day, recognized annually on Jan. 28th, Richard Santalesa, is quoted in the 2013 Data Privacy, Information Security and Cyber Insurance Trends Report, released each January by Cyber Data Risk Managers LLC. The Report surveys well-known industry experts and respected thought leaders, including Rick Kam, Bruce Schneier, Dr. Larry Ponemon and others, for […]
Ponemon Study on Patient Privacy Highlights Security Failings
Released today, the Ponemon Institute‘s Third Annual Benchmark Study on Patient Privacy & Data Security (available at, http://www2.idexpertscorp.com/ponemon2012/) starkly highlights the continued serious challenges faced by healthcare organizations in adequately safeguarding protected health information (“PHI”). As the study notes straight out of the gate “the threats to healthcare organizations have become increasingly more difficult to […]
FTC Recommends Best Practices for Facial Recognition Technologies
Regardless of your view of government, you have to on some level hand it to the Federal Trade Commission (“FTC”). It is doggedly persistent, like perhaps few other federal agencies, in working to stay ahead of the ever breaking digital security and privacy wave. At the end of 2011 the FTC hosted a unique workshop […]
Whitepaper – Local & State Govt Data Security and Cyber Risks
Richard Santalesa introduced a whitepaper on legal risks and cyber insurance at this past week’s fall meeting of the New York State Association of Counties – dubbed the think tank for NY’s counties since 1923. The white paper was released at a breakout session on the meeting agenda addressing “Cyber Security and Cyber Risks in Your County” where Mr. Santalesa’s […]
Federal CIO Council Releases BYOD Toolkit
Bring Your Own Device (“BYOD”) is the latest overnight IT sensation. But like most “overnight sensations” the foundational work took years before now familiar names “suddenly” hit the bright lights. In broader response to the ongoing Consumerization of Information Technology trend (“COIT”), no less than the Federal government has jumped on the BYOD bandwagon. Last week […]
Two Northeast States Update Breach Notification Statutes – CT & VT
While well known in information security circles that today 46 states, D.C., Puerto Rico and the Virgin Islands have enacted data breach notification statutes these statutory regimes aren’t fixed in granite. Last year, to name a few, California, Illinois and Texas amended their respective breach notification statutes (with Texas purporting to extend its notification law […]
