Oct 28th
From: FedScoop
By Whitney Blair Wyckoff
The National Institute of Standards and Technology announced Tuesday it awarded a three-year grant to the IT trade group CompTIA to create a “heat map” of cybersecurity jobs.
Oct 27th
From: GCN
By Troy K. Schneider
At the recent National Association of State CIOs conference in Salt Lake City, Colorado Secretary of Technology and CIO Suma Nallapati spoke with GCN Editor-in-Chief Troy K. Schneider about her state’s efforts to weave better IT into every citizen interaction — and to convince IT talent that government work is worth exploring. The answers below have been edited for length and clarity.
What’s the focal point for your team right now? What should we be looking for from Colorado?
Oct 26th
From: Federal Times
Some might say that Splunk is undergoing an identity crisis.
The company is widely regarded as a security company, particularly among federal customers. And there’s a strong case to be made for that, when you consider that one customer in the Pentagon managed to fence off a Trojan horse before it infiltrated systems, thanks to a discovery of the malware — the same malware that took down the network of the rest of the office for a couple weeks
Oct 23rd
From: Privacy and Security Matters | Mintz Levin
As all of our readers know by now, as of October 6, the US-EU Safe Harbor Framework is no more. Safe Harbor was the mechanism on which thousands of US companies (and thousands of companies based in the European Union) legitimized their data transfers from the EU to the US. All the background, including links to a recording of our “emergency” Privacy webinar on the issue, can be found here, here, and here.
Two more dominos outside the European Union have toppled.
Oct 22nd
From: ComputerWeekly.com
Daniel Hedley
The process of reforming European data protection law has been protracted, to say the least. However, the target for a final text of the EU General Data Protection Regulation (GDPR) is now firmly set for the end of 2015, and it is expected to come into force some time in 2017.
For datacentre and cloud service operators, this means big legislative changes are probably just over a year away and the time to start work on compliance with those changes is now.
Oct 21st
From: Lexology | Virginia Construction Law Blog
Vandeventer Black LLP – Neil S. Lowenstein
In 2007, a preeminent American defense contractor first reported cyber attacks emanating from China. Four years later, upon a visit by then Secretary of Defense Robert Gates, the Chinese Air Force revealed a fighter jet unnervingly similar to the one manufactured by the hacked American contractor. More recently, the FBI reported in July 2015 that hackers accessed the personnel files and security clearances of over 22 million federal employees and contractors.
Oct 19th
From: Security, Privacy and the Law | Foley & Hoag
What makes data privacy law interesting for academics, challenging for lawyers, and frustrating for businesses its shape-shifting structure in the face of rapidly changing technology. The recent change in the invalidation of US-EU “safe harbor” system is a useful reminder of the differences between the way the Europe Union and the U.S. handle questions of data privacy: whereas, generally speaking, in the EU data privacy standards are relatively uniform, in the U.S. there are as many different sets of regulations as there are states, with various federal laws and regulations filling in various gaps or providing additional compliance issues. I have elsewhere referred to this as a “patchwork” system (although some might prefer the term “crazy quilt”).
Oct 16th
From: Oregon Live
By
***
Against a backdrop of at least two brazen security breaches, Nike also took significant steps this year to better protect its product designs and other proprietary information. It launched a “Keep It Tight” education program for employees, making them aware of security threats, particularly cybersecurity breaches.
“Companies are now dealing with sophisticated levels of digital crime,” said Gus Malezeis, president of Tripwire, a Portland online security software company. “They’re finding that these (bad) guys have been here and they scoped out the data and they’re walking away with it.”
Oct 15th
From: Out-Law.com
Businesses relying on European Commission-approved model contract clauses to transfer personal data from the EU to the US should terminate or suspend those arrangements, a German data protection watchdog has said.
The Independent Centre for Privacy Protection in the state of Schleswig-Holstein said (5-page / 56KB PDF) it was its view that EU-US data transfers facilitated by the use of model clauses fail to comply with EU law.
It outlined its opinion in a new position paper published in light of the ruling last week by the Court of Justice of the EU (CJEU) that the ‘safe harbour’ framework for enabling EU-US data transfers is “invalid”.
Oct 14th
From: GovLoop
Just a few years ago, the only security metric that mattered was whether your organization had been hacked or not.
This all-or-nothing definition of security success is now outdated. There are new, more complex metrics that measure the strength of your security posture. They include:
