The Cyber Security Infrastructure and Assurance Agency (CISA) recently posted an updated alert on how water utilities can protect from cyber attacks. The Alert – called Securing Water Systems – is based on a new fact sheet from both the Environmental Protection Agency (EPA), and the Federal Bureau of Investigation (FBI). Changes in Cyber Security […]
Category Archives: Risk Assessment Policy
In February 2022 the Securities and Exchange Commission (SEC) voted to enhance the cyber security requirements for registered investment advisers (including registered investment companies and investment funds). The proposed SEC cyber risk management rules would require advisers and funds to adopt and implement a program with written cybersecurity policies and procedures designed to address cybersecurity […]
The completion of an information security risk assessment is a key requirement in all information security frameworks, including ISO 27002, NIST 800:53, HIPAA and PCI-DSS. A recent analysis of regulatory enforcement under HIPAA identifies risk assessment as a key area of weakness. While risk assessments are required, the specifics for how to perform a risk […]