Joel Van Dyk, CISSP, CISM’s Post

📊 Uncover the intricacies of cybersecurity vulnerabilities through Senator Wyden's eye-opening correspondence to the FTC and the SEC regarding UnitedHealth Group. 📈 Explore the insights shared by Digital Directors Network in their recent video - the key to understanding lies within the top echelons of the organization. Kudos to Senator Wyden for shedding light on crucial control weaknesses. #CyberRescue #Corpgov #QTE

Check out the latest episode of the Business of Cyber Series featuring Teodosio Gutiérrez and Jess Nall! In this timely discussion, they delve into the current state of individual regulatory and criminal liability for Chief Information Security Officers (CISOs) and other information security professionals, along with strategies for addressing these challenges. The conversation includes insights from key legal cases and highlights the SEC's new regulations, which create potential risks for unwary CISOs. Jess and Ted offer practical guidance for CISOs and information security professionals on how to avoid ending up in the "hot seat." They discuss how to identify red flags, secure protection, and implement best practices to minimize the risk of legal and career repercussions following a major incident. Watch Now: YouTube - https://lnkd.in/gcGwgctd Spotify - https://lnkd.in/gYMnk6ph #CISO #InfoSec #Cybersecurity #CyberDefense #Podcast #RiskManagement #SecurityLeadership

🎉 Big news from #RSAC, as Semperis CISO James W. Doggett sat down with Adrian Sanabria to discuss the evolving role of today’s CISO and the business of cyber. More and more CISOs are focusing less on the cyber aspects of the job and more on supporting business strategies. This change in focus can leave companies at risk because relaxing #cybersecurity diligence creates unnecessary risk to the health of businesses. Watch here: https://lnkd.in/g_ZgpkWi

This is something that is long overdue. Virtually everyone who has worked in cybersecurity in the public sector could relate stories where cyber-incidents have been unreported or downplayed in a misguided belief that disclosure is worse than dealing with the consequences of unexplained interruptions of service. We need to change that mindset, and it begins with requiring reporting to a central team that can help us better understand the situational landscape and propose ways to fight this ongoing cyberwar (and a war it is). With #CIRCIA entering the public inspection phase, the day when reporting must occur is finally getting closer. #cybersecurity #cyberincidents #publicinfrastructure

You’ve gotta report your cybersecurity incidents people, you just have to do it. This is how we get resources to help fight this crime that is NOT going away. I know you’re embarrassed but it’s time to put your pride in your pocket and do the right thing for the greater good of our country and our data. Have a plan and know what to do when compromise happens, it’s the best way to hold your head high.

The proposed rulemaking by the Cybersecurity and Infrastructure Security Agency (CISA) on the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) aims to establish new requirements for critical infrastructure sectors, including the defense industrial base, to report certain cyber incidents and ransomware payments to CISA. This move is intended to enhance the nation's cybersecurity through improved information sharing and incident reporting. For DoD contractors, already subject to the Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012, the impact of CIRCIA may involve additional reporting obligations, particularly concerning cyber incidents and ransomware. DFARS 252.204-7012 mandates defense contractors to safeguard covered defense information and report cyber incidents to the DoD. The CIRCIA legislation could supplement existing DFARS requirements by establishing a broader and more immediate reporting mandate to CISA, potentially including a wider range of cyber incidents beyond those currently mandated under DFARS. This means that DoD contractors might have to navigate and comply with both sets of requirements, ensuring that they report relevant cyber incidents promptly and accurately to both the DoD under DFARS and to CISA under CIRCIA. The specifics of how CIRCIA will integrate with existing DFARS obligations are still unfolding, and it will be crucial for DoD contractors to stay informed of the final rulemaking by CISA to understand the full scope of their reporting responsibilities.   📢 Public Comment Period Open Until June 3rd! 📢

Next week: Join NeoSystems, the Native Hawaiian Organizations Association (NHOA) and Holland & Knight LLP for a webinar to prepare for new government-wide cyber regulations affecting contract eligibility. NeoSystems Sr. Vice President, Stuart Itkin, Eric Crusius, partner at Holland & Knight, and Shannon Edie, Executive Director at NHOA, will share what needs to be done and by when. You will take away key strategies to meet upcoming CMMC compliance deadlines and learn how to address potential legal ramifications for organizations serving the DoD and other government agencies. Register today! #cmmc #dfars #smallbusiness #defensecontractors #cloudsecurity #cybersecurity

“ Everyone must choose one of two pains: The pain of discipline or the pain of regret.” - Jim Rohn When it comes to the realm of Cyber Governance, discipline is the guiding force that ensures we build efficiency and avoid cutting corners to meet our commitments and protect our digital landscape. Without it, we risk living in an ad-hoc manner, facing unforeseen challenges, and ultimately, the pain of regret. Let’s embrace discipline and foresight to secure our cyber future. #CyberGovernance #corporateresilience

𝗢𝗻𝗲 𝘄𝗲𝗲𝗸 𝘁𝗼 𝗴𝗼! Speakers from OpenAI, Jacobs Solutions, MorganFranklin Consulting, and more will soon share their keys to success in a complex cyber risk landscape. Don’t miss this free CPE event: https://lnkd.in/gzFD9rAJ #ITRiskNow #AuditBoardEvents #CyberRisk #ITRisk #RIskManagement

Get ready for reporting changes. Here is the chance to respond with your thoughts the proposed changes!