April 10, 2020

This week's Weekly Debrief covers several interesting topics, including CISA/NCSC's joint cyber threat update, Zoom's cybersecurity practices, cyberattacks increasing amid COVID-19, law firm data security, and State's looking to CCPA for how to handle data privacy legislation. 

Cyber

April 8, 2020

Today, the U.S. Cybersecurity and Infrastructure Security Agency ("CISA") published a joint advisory with the UK’s National Cyber Security Centre ("NCSC") in light of cybercriminals exploiting the COVID-19 pandemic by targeting individuals and organizations with a range of ransomware and malware.

According to the joint advisory, some examples include scams with "emails containing malware which appear to have come from the Director-General of the World Health Organization (WHO), and others wh...

April 3, 2020

This week's Weekly Debrief includes articles on cybercriminals targeting Zoom, Google, and Teams, Marriott's second data breach, best practices to manage third-party risk, privacy settings on Zoom, and coronavirus-era surveillance and biometric systems posing privacy problems.

Cyber

March 27, 2020

This week's Weekly Debrief covers COVID-19 issues, Chinese cyber espionage, targeted attack with malicious USB dongles, facial recognition, and data transparency in the age of privacy.

Cyber

March 25, 2020

Yesterday, the GovConJudicata Podcast published an update on the Department of Defense's Cybersecurity Maturity Model Certification ("CMMC").  For an introduction to the CMMC, check out their inaugural podcast episode.

#3 – CMMC Update

You can also find the GovConJudicata Podcast on:

You can also listen right here:

Resources:

March 20, 2020

This week's Weekly Debrief covers COVID-19 and cybersecurity issues, quantifying cyber risk, cloud misconfigurations and the need for DevSecOps, the best/worst browsers for privacy, and privacy issues with sharing smartphone location data to help combat the spread of COVID-19.

Cyber

March 20, 2020

Today, the Department of Defense ("DoD") released Version 1.02 of its Cybersecurity Maturity Model Certification ("CMMC"), dated March 18, 2020.  According to the CMMC Errata, all fifteen changes were termed "Administrative" changes (as opposed to "Substantive" or "Critical" changes).  Some of the Administrative changes include, for example:

  • In practice AT.4.059, the references to NIST SP 800-53 Rev 4 AT-2(3), AT-2(4), AT-2(6), AT-2(7) were removed.

  • In practice C...

March 15, 2020

On March 13th, the Cyber Security and Infrastructure Security Agency ("CISA") issued an alert regarding the increased use of remote work for many businesses in the wake of Coronavirus Disease 2019 (COVID-19).  Particularly, as more organizations use virtual private networks ("VPN") for telework "more vulnerabilities are being found and targeted by malicious cyber actors."

Alert (AA20-073A) – Enterprise VPN Security

Mitigations

CISA encourages organizations to review the following rec...

March 13, 2020

This week's Weekly Debrief includes articles covering a number of topics, including NIST exploring DevSecOps framework for agencies, the Cyberspace Solarium Commission's warning, ransomware gangs targeting larger targets, and data privacy news in Washington and NJ.

Cyber

March 6, 2020

Today, the Department of Defense ("DoD") released DoD Instruction 5200.48, Controlled Unclassified Information ("CUI").  Notably, DoD Instruction 5200.48 cancels DoD Manual 5200.01, Volume 4, “DoD Information Security Program: Controlled Unclassified Information,” February 24, 2012, as amended.

Purpose: In accordance with the authority in DoD Directive (DoDD) 5143.01 and the December 22, 2010 Deputy Secretary of Defense Memorandum, this issuance:

  • Establishes policy, assigns responsib...

Please reload

About CyberJudicata

Welcome to CyberJudicata an informational blog/website focusing on cybersecurity and privacy issues, including cyber policy, data breach, incident response, data security, regulatory compliance, and cyber insurance.

CyberJudicata is published by Joshua Duvall, managing partner at Matross Edwards, a law firm providing government contracts and cybersecurity legal services to small and mid-sized businesses.

Contact Matross Edwards

www.MatrossEdwards.com

info@MatrossEdwards.com

202.854.9959

Search By Tags
Connect
  • Matross Edwards
  • LinkedIn
  • Twitter

Copyright © 2020 Joshua B. Duvall. All rights reserved.

CyberJudicata™ #cyberjudicata

LegalJudicata™ #legaljudicata

GovConJudicata™ #govconjudicata