regulation on cybersecurity
dan at geer.org
dan at geer.org
Wed Apr 23 05:08:56 PDT 2014
The machinery is spinning up.
And the Cobbler's Children Have No Shoes ....
http://www.lawfareblog.com/2014/04/and-the-cobblers-children-have-no-shoes/
For those who prefer plaintext, lynx --dump yields the following
And the Cobbler's Children Have No Shoes ....
By [32]Paul Rosenzweig
Monday, April 21, 2014 at 7:00 AM
For quite some time, it has been apparent that the announcement of the
[33]NIST Cybersecurity Framework would be a seminal event. Though
couched as a voluntary program, many expected that [34]the Framework
would become the de facto ground for liability. After all, if the
National Institute for Standards and Technology has determined a
baseline framework for optimal security in the cyber domain, [35]what
could be more negligent than failing to meet that minimum standard?
Unsurprisingly, the penny has begun to drop. Not, as one might have
expected, in private sector tort suits, but in public sector regulatory
action. Last week, the Securities and Exchange Commission[36]
announced its intention to conduct an examination of the cybersecurity
of 50 broker-dealers and investment advisers subject to its
jurisdiction. The [37]questionnaire derives much of its content from
the NIST Framework--so now the Framework will be the likely potential
ground for regulatory action.
How ironic then, that in the same week, [38]the GAO issued a report
critical of the SEC for its own [39]lack of adequate cybersecurity and
oversight. Perhaps the cobbler's children don't have any shoes ....
32. http://www.lawfareblog.com/author/paul/
33. http://www.lawfareblog.com/2014/02/nist-cybersecurity-framework-issued/
34. http://safegov.org/2013/11/1/the-nist-cybersecurity-framework-and-incentives
35. http://www.newrepublic.com/article/115187/cybersecurity-liability-court-cases-are-changing-blame-game
36. http://www.digitalcrazytown.com/2014/04/sec-issues-nist-inspired-cybersecurity.html
37. http://www.sec.gov/ocie/announcement/Cybersecurity+Risk+Alert++%2526+Appendix+-+4.15.14.pdf
38. http://www.gao.gov/products/GAO-14-419
39. http://online.wsj.com/news/articles/SB10001424052702304626304579508100407450502
More information about the Testlist
mailing list