On Tuesday, October 27, the US Senate voted to pass the Cybersecurity Information Sharing Act.

This bill allows companies to share evidence of cyber-attacks to the US government even if it violates a person’s privacy. Supporters say this act will make it easier for the government to monitor threats and responses across companies. Others like Apple and other top tech companies argued that this bill could give government more liberty to spy on US citizens.

US Chamber of Commerce President and CEO Thomas Donohue said this legislation is a “positive step toward enhancing our nation’s cybersecurity.”

21 Senators voted against the act. Among them was Minnesota Democrat Al Franken who believes there is a need for “effective legislation that balances security and privacy” and “the CISA does not do that.”

Just last year, the CISA was first introduced and passed by the House but it did not go through the Senate. High profile cyberattacks on companies like Sony Pictures, United Airlines, and Ashley Madison may have prompted the Senate to approve it this time around.

The issue at hand is that personal identifiers such as text messages and e-mails may slip through when sending information to law enforcement and intelligence agencies, even though companies are supposed to delete that information.

US Department of Homeland Security acknowledged that the bill does raise “privacy and civil liberty concerns.”

CISA is now going to a Congressional Conference whose members must match the passed Senate and House bills before sending it to President Obama.

Article via CNET Security News , October 27, 2015

Photo: Washington DC – Capitol Hill: United States Capitol via Wally Gobetz [Creative Commons Attribution-NonCommercial-NoDerivs]

The international firm Shook, Hardy & Bacon has started using their new security certification to woo potential clients. The security certification, ISO 27001, took two years and multiple consultants and analysts to obtain, but Shook’s CIO, John Anderson, thinks the work was worth it. He started the process toward obtaining the certification  based on the opinions of Shook’s information governance committee because they wished to have “a methodology and a framework that ensures [they’re] using best practices for information security” and “third-party verification that proved [their] commitment to information security to external parties”, according to Anderson. Now, the hard work is paying off. Anderson states that the certification is a “differentiator” and a “competitive advantage” for the firm.

In a recent poll of 1, 322 CEOS, 61% of them listed cyberattacks as a key concern. With the average data breach costing approximately $3.8 million dollars, it’s no wonder that organizations are asking firms about how they implement cybersecurity. Some, according to John Murphy, Shook’s chair, even specifically ask if the law firm has the ISO 27001 certification. Their clients’ questions are unsurprising, considering that the firm handles highly confidential and regulated information on a regular basis, sometimes for organizations within the pharmaceutical industry.

Just having the ISO 27001 security certification isn’t necessarily enough, though. An analyst at Constellation research, Steve Wilson, explains that the certification is simply a “management process standard–it doesn’t tell you what to do exactly in security; it tells you how to go about managing the security function.” Shook’s executives point out, though, that the certification does require the firm to routinely evaluate and update their security standards, and if nothing else demonstrates their commitment to keeping their clients’ data secure. The firm, in addition to the spending required to obtain the certification, also has funds dedicated towards the other aspects of their security strategy. “We wanted to make sure we had the processes in place so [clients] had confidence that we were doing the best we could,” Murphy explains.

Article: CIOAugust 28, 2015

Photo: Security via Robert Wallace [Creative Commons Attribution-NonCommercial-NoDerivs]