Windows TCO Leftovers
Silicon Angle ☛ New SEC cybersecurity incident disclosure requirements go into force in coming days
There are two components to the disclosure rules. The first is mandatory cybersecurity incident reporting of “material” incidents. The disclosure of incidents would be via an 8-K form and must be reported within four business days of the incident. The second component requires companies to disclose their policies to manage cybersecurity risk, including providing updates on previously reported material cybersecurity incidents.
The requirements include describing the nature and scope of the incident, the impact on the company’s operations and any remedial actions taken. Additionally, companies must disclose their cybersecurity risk management, strategy and governance in annual reports. Companies are required to describe their policies and procedures to identify and manage cybersecurity risks, the role of the board of directors in overseeing these risks and management’s role in implementing cybersecurity policies and strategies.
USDOJ ☛ Department Of Justice Material Cybersecurity Incident Delay Determinations
These departmental guidelines outline the process that companies subject to the reporting requirements in Section 13 or 15(d) of the Securities Exchange Act of 1934 (“registrants”), or U.S. Government agencies in coordination with registrants, may use to request that the Attorney General authorize delays of cyber incident disclosures required by the U.S. Securities and Exchange Commission (“Commission”) pursuant to Form 8-K Item 1.05.
Security Week ☛ Kansas Courts’ Computer Systems Are Starting to Come Back Online, 2 Months After Cyberattack
The court system in Kansas has started bringing its computer system for managing cases back online, two months after a foreign cyberattack forced officials to shut it down along with public access to documents and other systems, the judicial branch announced Thursday.
Security Week ☛ Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach
The incident was identified on November 20 and impacted the Oracle Human Capital Management (HCM) software that INL is using for certain human resources applications.
Idaho National Laboratory ☛ Data Breach Information
On Monday, Nov. 20, Idaho National Laboratory became aware of a cybersecurity data breach within Oracle HCM, a federally approved vendor system that resides outside the lab and supports certain INL Human Resources applications. Information was stolen for many current and previous employees of Battelle Energy Alliance (BEA), the contractor that manages Idaho National Laboratory (INL), and some Idaho Cleanup Project (ICP) employees.
The laboratory is working with DOE, the FBI, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, and other national labs to investigate the breach.
Impacted individuals will receive a joint notification letter from Experian and INL beginning Tuesday, Dec. 12. These letters will detail the information lost during the cyber data breach and provide instructions on how to enroll in a no-cost, comprehensive credit monitoring, identity theft and identity restoration service provided by Experian.
[Repeat] Silicon Angle ☛ Kraft Heinz launches investigation after ransomware gang claims to have stolen data
The attack came to light after the Snatch ransomware gang named Kraft Foods as a ransomware victim of their dark web leaks site on Dec. 14. The gang claimed that the attack took place in August, with the details only being revealed now. However, the gang did not provide proof of the hack.
[Repeat] Security Week ☛ Food Giant Kraft Heinz Targeted by Ransomware Group
The group typically encrypts files on the targeted organization’s systems, and also steals data that it threatens to leak in order to increase the chances of getting paid. Its leak website currently names more than 120 alleged victims.
[Repeat] Data Breaches ☛ Delta Dental says data breach exposed info of 7 million people
DataBreaches notes that the Delta Dental of California affiliates are not confined to California. According to a filing by their external counsel: [...]