1分钟
公共政策
Incident Reporting Regulations Summary 和 Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed 和 current cyber incident reporting regulations 和 breaks down their common elements, 如须报谁, 什么事件必须报告, 最后期限, 和更多的.
9分钟
公共政策
Avoiding Smash 和 Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, 和 suggests a solution that avoids harm while still promoting disclosure.
4分钟
公共政策
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners 和 operators to report cyber incidents 和 ransomware payments. This post will walk through highlights from the new law.
6分钟
Ransomware
How Ransomware Is Changing US Federal Policy
The increased stakes of the ransomware threat are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective.
3分钟
合规
Simplifying Complex Cybersecurity Regulations
Cybersecurity regulations often require similar baseline security practices, even though the legislation may structure compliance requirements differently.
4分钟
公共政策
Thawing Out the Chilling Effect Of DMCA Section 1201
The Copyright Office issued the latest rules on security research under DMCA Section 1201. Good news: researchers' legal protections have been strengthened with the removal of the "all other laws" requirement.
4分钟
公共政策
Update to GLBA Security Requirements for Financial Institutions
The FTC updated cybersecurity requirements for financial institutions under GLBA. 这包括访问控制, regular penetration testing 和 vulnerability scanning, 事件响应, 除此之外. Here we'll detail the changes in comparison to the previous rule.
4分钟
公共政策
基础设施法案中的网络安全
This post provides highlights on cybersecurity in recent infrastructure legislation. Cybersecurity is essential to ensure modern infrastructure is safe, 和 Rapid7 commends Congress 和 the Administration for including cybersecurity in the Infrastructure Investment 和 Jobs Act.
3分钟
公共政策
Rapid7 Joins 状态ment On DMCA Lawsuits Against Security Tools
Rapid7 joined a statement from cybersecurity community members urging against suppression of security tools 和 technologies using Section 1201 of the DMCA.
9分钟
公共政策
Proposed security researcher protection under CFAA
Rapid7 views independent cybersecurity research 和 the security community as important drivers for advancing cybersecurity for all, Rapid7的核心价值. One way we take action on this value is by supporting protection for security researchers acting in good faith.
2分钟
公共政策
最高法院缩小了CFAA
The Supreme Court interprets the CFAA narrowly. This avoids over-criminalizing cybersecurity research 和 commonplace internet activity, though may raise concerns about insider threats.
6分钟
公共政策
How the Biden Administration's cybersecurity order will affect companies
The Biden Administration's Executive Order will create new software security 和 cyber incident reporting requirements for federal contractors.
7分钟
公共政策
Calling for cybersecurity in infrastructure modernization
Rapid7 issued a group letter urging the Biden Administration 和 Congress to work together to integrate cybersecurity into infrastructure legislation.
6分钟
公共政策
欧盟NIS 2指令草案概述
The EU Commission proposed revisions to its NIS Directive that would enhance cybersecurity requirements on critical infrastructure-like organizations in the EU. This post provides an overview of the proposed revisions.
4分钟
公共政策
Principles for personal information security legislation
Rapid7's principles for laws to protect personal information: 1) Strong but flexible security requirements; 2) Security exemptions from privacy restrictions; 3) 状态 preemption without undermining cybersecurity.