Guide for Cybersecurity Incident Recovery

From: NIST Information Technology Laboratory Bulletin for February  2017


Recovery Metrics

Throughout the process of planning, exercising, and executing recovery activities, the collection of specific metrics may help to improve recovery and inform continuous improvement. Determining these metrics in advance may be beneficial, both to understand what should be measured and to implement data collection processes. This process requires the ability to determine where those identified metrics can be most beneficial to the recovery activity and to identify which activities cannot be measured in an accurate and repeatable way. It is important to note that restoring business functions remains the primary task at hand; the collection of recovery metrics can be designed in a way such that data is a natural output of recovery activities. Metrics can be detrimental if they hinder the recovery process, cause a rushed/incomplete investigation, or create additional obstacles for recovery team efficiency. It is critical to ensure that metrics provide useful information that supports actionable improvement without being harmful to recovery.

The Overlooked Corporate Data Breach


When a company is hit with a data breach that leads to the leak of consumer information, the event will make headlines. Not so much, however, when a breach results in the compromise of sensitive corporate data, like information on M&A plans or intellectual property.

But according to a new report from KPMG and Forbes Insights, about a third of all data breaches result in the leak of corporate data.

Read Complete Article


Release of Cybersecurity Executive Order May Have Notable Impact in Communications, Energy, and Defense Industrial Base Critical Infrastructure Sectors

From: The National Law Review

Article By Jennifer R. Martin, Moriah Daugherty | Covington & Burling LLP

The Trump Administration appears likely to release an Executive Order on Cybersecurity.  The most recent draft suggests this Executive Order may have notable impact in the Communications, Energy, and Defense Industrial Base sectors.  However, it remains unclear if and when the current draft will be signed.

Bermuda Minister of Economic Development Outlines Satellite Meetings

From: The Royal Gazette


“The Nist Cybersecurity Framework is of particular interest to the Government, since it has been adopted to be used as the basis for assessing and managing the Government’s own cybersecurity risks. It is also under consideration by a Government sponsored public/private sector working group investigating the cyber-risks across Bermuda’s critical infrastructure industries.

“Dr May and Ms Dodson provided valuable insight into the development of the framework and also offered their vision into its future direction, which included the expansion of their private sector and international outreach programmes and an offer to conduct workshops in Bermuda. My ministry is currently following up on this offer and I anticipate being able to announce a series of private and public sector cybersecurity risk management workshops in the near future.

SIFMA, ABA and IIB Submit Comments to Multiple Agencies on Enhanced Cyber Risk Management Standards


SIFMA, American Bankers Association (ABA) and Institute of International Bankers (IIB) provided comments to the Board of Governors of the Federal Reserve System (Fed), the Office of the Comptroller of the Currency (OCC), and the Federal Deposit Insurance Corporation (FDIC) on enhanced cyber risk management standards. SIFMA commends the Agencies in their efforts to strengthen and improve cybersecurity in the financial sector and appreciate the efforts to coordinate so that regulated entities are not subject to potentially conflicting or redundant obligations that could diffuse resources and focus.

Read, SIFMA, ABA and IIB Submit Comments to Multiple Agencies on Enhanced Cyber Risk Management Standards