Tuesday, December 24, 2024

CYBERSECURITY

Definition of ‘Cybersecurity’

In the April 16, 2018, Ver 1.1 draft report of the Framework for Improving Critical Infrastructure Cybersecurity, The National Institute for Standards and Technology defined ‘cybersecurity’ as, “The process of protecting information by preventing, detecting, and responding to attacks.”

Cybersecurity vs Data Security

Cybersecurity should be thought of separately from information or data security. Prior to the interconnectivity of the internet, data security was primarily concerned with personnel errors, the physical plant protecting the data, and natural disasters. Cybersecurity, on the other hand, has to provide a secure environment for the data as it is processed, stored and transmitted around the internet.  The classic considerations for cybersecurity in cyberspace are availability, confidentiality and integrity of the data. (ISO 27032 ¶4.8) Users want the data to be available on demand without interruption, kept confidential without unauthorized access, and be unaltered without unauthorized modification.

What is Cyberspace?

‘Cyberspace’ is defined as the complex environment resulting from the interaction of people, software and services on the internet by means of technology devices and networks connected to it. (ISO 27032 ¶4.21) The International Organization for Standardization in Switzerland has published well respected guidelines for Information Security Management Systems (ISO 27000 et al) and more specifically for Cybersecurity (ISO 27032).

What is Cybersafety?

Disciplines associated with data security and cybersecurity include cybersafety and cybercrime. The ISO 27032 defines ‘cybersafety’ generally as being protected in the cyberspace against physical, social, spiritual, financial, political, emotional, occupational, psychological, educational or other types or consequences of failure, damage, error, accidents, harm or other event.

What is Cybercrime?

Cybercrime is defined as criminal activity where services or applications in the cyberspace are used for or are the target of a crime, or where the cyberspace is the source, tool, target or place of a crime. (ISO 27032 ¶4.8)

Recent Posts - Cybersecurity

8 Best Practices for Remote Work and Cybersecurity

The Covid-19 epidemic has forced legions of internet connected workers outside their company defenses presenting a juicy soft target for cyber criminals to steal poorly protected data and technology. We present a cornucopia of best practices to quickly harden their Shadow IT defenses.

9 Best Practices for the SaaS Agreement

This article is part of the Action Cyber Times™ Series on Agreements for Information Technology and Transactions. The SaaS (Software as a Service) is a services agreement, not a software license, by third-party vendors to provide their particular proprietary software functionality from a remote server to a client via a data connection. As with most [...]

8 Best Practices for a Master Services Agreement in Information Technology

MSA and SaaS / IaaS / PaaS / TaaS / XaaS Agreements This article is part of the Action Cyber Times™ Series on Agreements for Information Technology and Transactions. 8 Best Practices for a Master Services Agreement cover the terms and conditions for the services from a SaaS (Software as a Service) provider, with a [...]

10 Metrics the CISO Needs to SUCCEED

  chrome   Not Logged in chrome

SEC Regulations for Data Security and Disclosures

This article is part of an Action Cyber Times™ series on Cybersecurity Risk Management. The series reviews relevant issues regarding cybersecurity compliance and enforcement.   SEC Statement and Guidance on Public Company Cybersecurity Disclosures Rules and Regulations in the SEC arsenal.  See SEC Release Nos. 33-10459 and 34-82746, published at 83 Federal Register 38 pp 8166-8172 [...]

SEC Enforcement of ICOs 2018-2019

2019 for ICOs and Cybersecurity were addressed in the December 6, 2018, speech by Chairman Jay Clayton, "SEC Rulemaking Over the Past Year, the Road Ahead and Challenges Posed by Brexit, LIBOR Transition and Cybersecurity Risks": Chairman Clayton first reviewed the extensive 2018-2019 SEC regulatory agenda and projects presented in Appendices A and B, including [...]

DOJ Indictment for the $36M SamSam Ransomware CyberAttacks

Dept of Justice, US Attorney’s Office for the District of New Jersey, Newark, NJ United States District Court for the District of New Jersey (Newark, NJ) USA v Faramarz Shari Savandi and Mohammad Mehdi Shah Mansouri, 3:18-cr-00704-BRM   Cyberattack Criminal Action: On November 28, 2018, Deputy Attorney General Rod Rosenstein, on behalf of the DOJ [...]

NASDAQ Patent for Disseminating Information Using a Blockchain

United States Patent No. 10,108,812 granted on 23 October 2018. Systems and Methods for Securing and Disseminating Time Sensitive Information Using a Blockchain Applicant and Assignee: Nasdaq, Inc. Priority Date: 28 January 2016 Abstract: An information computer system is provided for securely releasing time-sensitive information to recipients via a blockchain. A submitter submits a document [...]

KB Financial Group Blockchain Patent Publication WIPO WO2018/164408 A1

Application Security Method and System for Performing Same   NOT A Patent … at least not yet It has been widely repeated in the Blockchain and Cryptocurrency press that a South Korean news provider, The Digital Times, reported on October 15, 2018, that KB Financial Group, Inc., a South Korean company, had been awarded a [...]

Crypto Criminal Indictment – USA v Maksim Zaslavskiy, USDC EDNY, 17 CR 647

Dept of Justice, US Attorney’s Office for the Eastern District of New York, Brooklyn, NY United States District Court for the Eastern District of New York (Brooklyn) USA v Zaslavskiy, 1:17-cr-00647-RJD-RER   Synopsis of Crypto Criminal Action by the DOJ: Note: As a precedent to this action, on September 29, 2017, the SEC filed an [...]