InfoSecSherpa Newsletter — 18 May 2021
2 min readMay 18, 2021
- Social security numbers, names exposed in Orthopedic Associates of Dutchess breach
(Poughkeepsie Journal, 18 May 2021)
Sensitive patient information was compromised in a security breach at Orthopedic Associates of Dutchess County. - Understanding and meeting DISP information and cyber-security requirements
(Defence Connect, 18 May 2021)
Defence Industry Security Program (DISP — Australia) ready information security strategies to quickly increase compliance and cyber resiliency. - Our cybersecurity ‘industry best practices’ keep allowing breaches
(The Hill, 17 May 2021)
Reports surface daily about new incidents involving prominent health care providers, government agencies or retailers hit by hackers — thus releasing millions or billions of pieces of sensitive information all over the dark web. - Managed Security Services Provider (MSSP) News
(MSSP Alert, 18 May 2021)
Each business day, MSSP Alert broadcasts a quick lineup of news, analysis and chatter from across the managed security services provider ecosystem.[This is a publication that updates daily. Sign up with them directly for updates.] - #RSAC: Netflix Exec Explains Where Infosec Pros are Going Wrong
(InfoSecurity Magazine, 17 May 2021)
Jimmy Sanders, information security, Netflix DVD, and Angela Weinman, head of global governance, risk and compliance, VMware, set out three “hard truths” about the sector, and how these negative practices can be addressed. - The Cyberlaw Podcast: The Biden Cybersecurity Executive Order — CISA as CISO
(Lawfare, 18 May 2021)
Our interview is with Brandon Wales, acting head of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and Jen Daskal, deputy general counsel for Cyber and Technology Law at DHS. - Eufy blames software ‘bug’ for breach that exposed users’ video footage to strangers
(C|Net, 17 May 2021)
The company claims the problem affected a “limited number” of users and has since been resolved. - ERISA Cybersecurity Lessons for Employers
(The National Law Review, 17 May 2021)
Litigation arising under the Employee Retirement Income Security Act of 1974 involving cybersecurity threats has highlighted a plan administrator’s duty to prudently select and monitor service providers. - The Establishment of a Cyber Safety Review Board
(Security Boulevard, 18 May 2021)
The just-published EO on Improving the Nation’s Cybersecurity creates what feels like the 1927 version of the NTSB. In other words, there will be multiple iterations of the Cyber Safety Board until we get it right. - Cybersecurity Resilience: One CISO’s Pandemic Takeaways
(Gov Info Security, 17 May 2021)
Old Mutual’s Kerissa Varma on Being ‘Truly Resilient in Extraordinary Circumstances’
