20+ Federal Government Agencies’ Standards for Cyber Security

Data Breach

In light of the rulings in FTC v Wyndham and In Re TerraCom and YourTel, it is evident that government agencies are taking the position that they can pursue “common law” cyber security negligence claims rather than relying on standards set by regulation or statute.  At least some of these standards seem to be created by the government agencies in the form of statements, rulings, and various publications/guidelines.

In prior posts, we’ve been trying to identify the relevant agency publications on cyber security standards.

Here’s a cumulative collection:

Department of Defense (DOD)

Interim Rule amending Defense Federal Acquisition Regulation Supplement (contractors and subs of govt).  Here’s prior post.

Department of Homeland Security (DHS)

CyberSecurity 101.

CyberSecurity: Getting Started for Small and Midsize Businesses (US Computer Emergency Readiness Team).

CyberSecurity Questions for CEOs.

CyberSecurity Small Business Resources.

Department of Justice (DOJ)

Best Practices for Victim Response and Reporting of Cyber Incidents (April 2015).

Prosecuting Computer Crimes (2015).

Searching and Seizing Computers and Obtaining Evidence in Criminal Investigations (2015).

Federal Communications Commission (FCC)

CyberSecurity for Small Businesses.

Small Biz Cyber Planner 2.0.

CyberSecurity Tip Sheet.

CyberSecurity Planning Guide.

Federal Trade Commission (FTC)

Protecting Personal Information A Guide for Business.

Start With Security A Guide for Business: Lessons Learned from FTC Cases.  Tutorial  is here.

Office of National Coordinator for Health Information Technology

Guide to Privacy and Security of Electronic Health Information (April 2015).

National Institute for Standards and Technology (NIST)

Computer Security Incident Handling Guide (2012).

Executive Order 13636: CyberSecurity Framework.

Framework for Improving Critical Infrastructure Cybersecurity.

Practice Guide Securing Electronic Health Records on Mobile Devices.  Here is our prior post.

National Security Agency (NSA)

Best Practices for Keeping Your Home Network Secure.

Securities Exchange Commission (SEC)

Cybersecurity Guidance Update (April 2015) – proposes a three step (assessment, strategy, policies) process for financial advisers.

Division of Corporate Finance Disclosure Guidance Topic No. 2 – Cybersecurity (2011).

Small Business Administration (SBA) 

Cybersecurity for Small Businesses.

 

Data Breach
Florida Court Finds Data Breach Not Covered by Travelers / St. Paul CGL Insurance Policy

A federal court in Florida has ruled that the “personal injury” provisions of a Travelers / St. Paul commercial general liability (CGL) policy does not cover a data breach caused by third party hackers.  The court left unresolved the question whether the “property damage” or the costs of compliance with …

Data Breach
Christopher Hopkins Speaks to ASIS International (Broward / Fort Lauderdale) Regarding Anatomy of a Data Breach Lawsuit

Special thanks to ASIS International (Broward County, Florida chapter) for inviting me to speak to them about data breach and cyber security litigation. You can review my powerpoint, here, which explains data breaches in general and then discusses how claims / litigation arises.  Most importantly, we discussed how companies can …

Data Breach
Want to Try Anonymity on the Internet or the Dark Web? New Tor Browser 8 is here… and free

The Tor browser, which helps anonymize your internetting, has been updated to version 8.  It’s free and worth having on your desktop. First, these steps simple install a secondary browser on your computer.  No spyware.  It’s not illegal.  It’s just a simple browser. Download it here.  It will ask you …