Overview:

Join us as we embark on this journey to unlock the synergy of privacy and cybersecurity, paving the way for a business environment that is not just secure but respects and upholds the sanctity of privacy. It’s time to foster a business culture that is resilient, ethical, and prepared for the future, where privacy is not just a compliance requirement but a competitive advantage. Let’s build businesses that are trusted, respected, and ready for the future. 

Key Points:

In the digital age where data is the new currency, the convergence of privacy and cybersecurity stands as the fortress safeguarding the most valuable assets of your business. Yet, the depth of privacy remains an uncharted territory for many cybersecurity practitioners. It is a dynamic landscape, constantly evolving, and this session will highlight and discuss these key points:

• The ever-changing landscape of State privacy laws and what this means for your business.
• Commonalities among the most recent and trending privacy laws
• How to stay abreast and prepare for future laws and regulations even though we don’t know “exactly” what they will say yet
• The importance of these three items as you prepare for the future:
  • Privacy by Design
  • Data Governance
  • Artificial Intelligence (AI)

Join Carlin Dornbusch, a seasoned veteran in the realms of privacy and cybersecurity, as he delineates the roadmap to transforming privacy from a mere regulatory mandate to a potent competitive edge. Leveraging years of frontline experience, Carlin will unveil strategies that not only safeguard your business but foster a culture of trust and resilience, steering you towards a future where privacy equates to unparalleled business advantage. Carlin serves as the ISSA Denver Recording Secretary and is an active member of the Cloud Security Alliance (CSA), OWASP, and IAPP Denver. Carlin also holds a Certified Information Systems Security Professional (CISSP) certificate from ISC2 and is an ISSA Senior Member.

Resources:

To learn more about this event, the full schedule and register visit this site: https://summit.issala.org/

The detailed schedule is here: https://summit.issala.org/summit-xiii-2023-summit-schedule-2/

American Cyber Security Management is a data privacy, cybersecurity, and Compliance leader. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services focusing on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

(See proposed logos here: https://www.fcc.gov/cybersecurity-certification-mark)

Overview:

A new cybersecurity certification and labeling program was announced in July 2023, the “U.S. Cyber Trust Mark,” aimed at helping consumers choose smart devices that are less susceptible to cyberattacks. This initiative is part of a broader effort to protect American consumers and their privacy.

Key Points:

·         The U.S. Cyber Trust Mark” program is proposed by Federal Communications Commission (FCC) Chairwoman Jessica Rosenworcel. The program aims to enhance cybersecurity across common devices such as smart refrigerators, televisions, fitness trackers, and more.

·         Several major electronics, appliance, and consumer product manufacturers, retailers, and trade associations have voluntarily committed to enhancing cybersecurity for the products they sell. These include Amazon, Best Buy, Google, LG Electronics U.S.A., Logitech, and Samsung Electronics.

·         The “U.S. Cyber Trust Mark” will be a distinct shield logo applied to products that meet established cybersecurity criteria. This will provide consumers with tools to make informed decisions about the relative security of products they choose to bring into their homes.

·         The FCC is expected to seek public comment on the proposed voluntary cybersecurity labeling program, which is expected to be operational in 2024. The program will leverage stakeholder-led efforts to certify and label products based on specific cybersecurity criteria published by the National Institute of Standards and Technology (NIST).

·         The FCC plans to use a QR code linking to a national registry of certified devices to provide consumers with specific and comparable security information about these smart products. The Commission also plans to establish oversight and enforcement safeguards to maintain trust and confidence in the program.

·         NIST will undertake an effort to define cybersecurity requirements for consumer-grade routers, a high-risk type of product that, if compromised, can be used to eavesdrop, steal passwords, and attack other devices and high-value networks.

·         The U.S. Department of Energy announced a collaborative initiative with National Labs and industry partners to research and develop cybersecurity labeling requirements for smart meters and power inverters, essential components of the future smart grid.

·         Internationally, the U.S. Department of State is committed to supporting the FCC to engage allies and partners toward harmonizing standards and pursuing mutual recognition of similar labeling efforts.

Implications and Analysis:

From a cybersecurity and privacy perspective, this initiative is a significant step forward in enhancing the security of smart devices and protecting consumers. The labeling program will not only help consumers make informed decisions about the products they purchase but also incentivize manufacturers to prioritize cybersecurity in their product design and development.

The focus on consumer-grade routers is particularly noteworthy and an important vector to protect, given their critical role in home networks and their potential to be exploited for cyberattacks. The initiative by the Department of Energy to develop cybersecurity labeling for smart meters and power inverters also underscores the importance of securing the infrastructure of the future smart grid.

However, the success of this program will depend on the robustness of the cybersecurity criteria, the effectiveness of the enforcement mechanisms, and the level of consumer awareness and understanding of the labeling system. It will be crucial for the FCC and other stakeholders to engage in continuous dialogue and collaboration to ensure the program’s effectiveness and adapt to evolving cybersecurity threats.

Resources:

What the proposed mark will look like: https://www.fcc.gov/cybersecurity-certification-mark

The actual White-House announcement: https://www.whitehouse.gov/briefing-room/statements-releases/2023/07/18/biden-harris-administration-announces-cybersecurity-labeling-program-for-smart-devices-to-protect-american-consumers/

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

Overview:

In the rapidly evolving cybersecurity landscape, the North Texas ISSA boardroom roundtable discussions shed light on the pressing concerns and challenges industry leaders face. One highlighted topic is the “Leadership Update: New Risks Under New Privacy and Security Legal Requirements.” This discussion emphasizes the importance of understanding and adapting to the latest legal requirements in the realms of privacy and security. With the integration of advanced technologies and the increasing complexity of cyber threats, leaders must be proactive in ensuring compliance and safeguarding their organizations

Latest Privacy and Security Insights from Distinguished Industry Professionals: 

The roundtable discussion is illuminated by the expertise of Jenifer McIntosh, a Data Privacy and Security Attorney at Ferguson Braswell Fraser Kubasta PC; followed by Katie Butler, a Data Privacy and Security Attorney from Mullen Coughlin, LLC; Carlin Dornbusch, the President and CISO of American Cyber Security Management; and Yochai Greenberg, the Founder & CTO of Nano Cyber Solutions. Their collective wisdom provides a comprehensive view of the evolving challenges and intricacies of the new privacy and security legal mandates.

Holistic Approach to New Privacy and Cybersecurity Requirements: 

The discussions emphasize a holistic approach to cybersecurity, encompassing not just technical solutions but also legal, organizational, and strategic considerations which should be considered as the ever-changing landscape continues to evolve.  Learn what these experts will share about realistic and updated approaches you can apply today!

Resources:

Date: Friday, September 15th, 2023 

Time: 8:00 AM – 4:30 PM 

Venue: Collin College Frisco Campus, 9700 Wade Blvd., Main Conf. Center 

Get Tickets Via: https://lnkd.in/gUg3atZg 

We hope to see you at this informative event in Frisco Texas.

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services focusing on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com

As an IT or Cyber Executive, what area is most important for me to focus my time and money?  If you haven’t had a maturity assessment lately, you may not know.  Sure, lots of things might help, but what is the most important gap to fill, to take your security program to the next level?  Getting clarity, focus, and a clear understanding of where you should be focusing your team, your budget, and your time is an activity that is well worth completing.

Many CISOs and Executives are doing their best to put out fires and catch up on the latest threats, all while ensuring their teams are keeping everything secure. That is a tall order.  Rather than guessing what are the most important things, why not get a clear unbiased list of gaps with recommendations of what needs to be done to take your security to the next level?  

Benefits include:

• Gain knowledge and visibility to your security gaps
• Learn best security practices
• Gain insight into your security vulnerabilities and mitigation steps
• Prepare for security compliance
• Assess the impact of change on your security program
• Identify security training needs and skills

We already know that you are expected to be all things security to all of your stakeholders and handle all security with 100% effectiveness.  While that is not realistic, it is the world you experience.  Let us support you in determining the real needs of your business.  We are not about selling more solutions, in fact, we don’t sell solutions.  This allows us to give you an unbiased view and recommendations of where your gaps are, and how to best leverage your resources to maximize your security.  Needing additional compliance or privacy support – we can help there too.

ACSM has been helping businesses protect their assets and improve their security and privacy posture since 2006. Our skilled team can help your business understand its cyber weaknesses and potential threats as well as improve your security, privacy, and compliance postures. Our services include penetration testing, maturity assessments, cyber security and privacy implementation assistance, CISO-as-a-Service, and DPO-as-a-Service, to mention a few.

To learn more about how ACSM can help support your data privacy needs, please use our contact page https://www.americancsm.com/contact-us/ and schedule a free consultation call today.

In the rapidly evolving landscape of data privacy, staying abreast of new regulations is vital for businesses. The Colorado Privacy Act (CPA), a recent addition to this landscape, has significant implications for businesses, and it is now in effect as of July 1, 2023! Does this apply to your business?

The CPA has specific criteria for applicability. It pertains to legal entities (Companies) that:

• Conduct business or produce commercial products or services for Colorado residents.
• Control or process personal data of at least 100,000 consumers per calendar year or,
• Derive profit from the sale of personal information of 25,000 or more Colorado residents.

Failure to comply with the CPA can lead to civil penalties, emphasizing the importance of understanding and adhering to this law.  In the complex world of data privacy, ensuring your business is CPA-compliant is a crucial step.

This law specifies certain rights that Colorado citizens have and can use against these businesses. Colorado citizens can:

• Opt-out of data processing for targeted advertising, sale, or profiling
• Access their data that has been collected
• Correct their data if it is incorrect or out of date
• Request the deletion of their data
• Obtain a portable copy of the data, or have it transferred to another business

The Colorado AG’s Office will enforce this regulation and offending businesses will be given 60 days in which to comply, otherwise fines or criminal charges could be brought.

 Resources:

• Our Blog at https://www.americancsm.com/news/
• ISSA Denver Privacy Special Interest Group Events – https://www.denverissa.org/events
• IAPP KnowledgeNet Denver Events – https://www.linkedin.com/groups/12025846/
• ACSM CPA-Readiness Assessment – https://www.americancsm.com/cpa-readiness-offering/

American Cyber Security Management is a leader in data privacy, cybersecurity, and Compliance. Our mission is to help enterprises protect their data from internal and external threats. We offer on-demand assessment, implementation, and sustainability services that focus on Privacy and Cybersecurity readiness and compliance, risk reduction, and mitigation. https://www.americancsm.com