Prepare Now for New Cybersecurity Regulations
An array of new cybersecurity regulations is in the offing, reports Harvard Business Review. In the United States alone, “the Federal Trade Commission, Food and Drug Administration, Department of Transportation, Department of Energy, and Cybersecurity and Infrastructure Security Agency are all working on new rules,” says Stuart Madnick.
Globally, other initiatives include “China and Russia’s data localization requirements, India’s CERT-In incident reporting requirements, and the EU’s GDPR and its incident reporting,” Madnick says. Thus, organizations “need to be working now to understand the kinds of regulations that are presently being considered, ascertain the uncertainties and potential impacts, and prepare to act.”
The article looks at challenges of navigating the shifting rules and offers practical tips that can be implemented right away, including:
- Make sure your procedures can handle the task.
- Keep ransomware policies up to date.
- Prepare for the required Software Bill of Materials (SBOM).
At minimum, Madnick says, make sure you have someone who can evaluate the impact of these regulations on your organization.
Learn more at Harvard Business Review.
Related content
-
News for Admins
In the news: US Agencies Issue Quantum-Readiness Recommendations; Bitwarden Secrets Manager; IBM X-Force Releases Detection and Response Framework for Managed File Transfers; National Strategy to Expand US Cyber Workforce; SEC Adopts New Rules for Disclosure of Cybersecurity Incidents; Canonical Announces Real-Time Ubuntu for Intel Core; EU-US Data Privacy Framework Ensures Safe Data Transfers; IEEE Releases New Standard for LiFi Communications; EU Health Sector Security Risks; and JupyterLab 4.0.
- SEC’s New Cybersecurity Rules Now in Effect
-
Understanding Cybersecurity Maturity Model Certification
United States Cybersecurity Maturity Model Certification will be required by mid-2023 to handle controlled unclassified information and win federal contracts, but it can also help minimize business risk and keep information out of the hands of adversaries. -
Data Security vs. Data Protection
Data protection and data security are similar-sounding aspects of information security: one legal and one technical. - Malware Remains Top Cause of Cybersecurity Incidents