1分钟
公共政策
Incident Reporting Regulations Summary 和 Chart
A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed 和 current cyber incident reporting regulations 和 breaks down their common elements, 如须报谁, 什么事件必须报告, 最后期限, 和更多的.
9分钟
公共政策
Avoiding Smash 和 Grab Under the SEC’s Proposed Cyber Rule
The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, 和 suggests a solution that avoids harm while still promoting disclosure.
5分钟
公共政策
Navigating the Evolving Patchwork of Incident Reporting Requirements
Rapid7 is supportive of CIRCIA 和 cyber incident reporting, but we encourage regulators to ensure reporting rules do not impose unnecessary burdens.
4分钟
公共政策
New US Law to Require Cyber Incident Reports
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners 和 operators to report cyber incidents 和 ransomware payments. This post will walk through highlights from the new law.
4分钟
公共政策
Prudent 网络安全 Preparation for the Potential Russia-Ukraine Conflict
Fending off an attack from a well-resourced nation state is a nightmare scenario for cybersecurity teams. Here are some steps your organization can take to bolster its defenses.
6分钟
Ransomware
How Ransomware Is Changing US Federal Policy
The increased stakes of the ransomware threat are pushing regulators to take a harder look at whether regulatory requirements for cybersecurity safeguards are effective.
4分钟
Ransomware
3 Strategies That Are More Productive Than Hack Back
Hack back, as used by non-government entities, is problematic for many reasons. Here are 3 alternative strategies to thwart the attackers.
4分钟
公共政策
Thawing Out the Chilling Effect Of DMCA Section 1201
The Copyright Office issued the latest rules on security research under DMCA Section 1201. Good news: researchers' legal protections have been strengthened with the removal of the "all other laws" requirement.
4分钟
公共政策
Update to GLBA Security Requirements for Financial Institutions
The FTC updated cybersecurity requirements for financial institutions under GLBA. 这包括访问控制, regular penetration testing 和 vulnerability scanning, 事件响应, 除此之外. Here we'll detail the changes in comparison to the previous rule.
10分钟
Ransomware
Ransomware: Is Critical Infrastructure in the Clear?
Is critical infrastructure in the clear, is it a specific target of ransomware attackers, or is it simply on the same footing as any other organization?
2分钟
网络安全
Rapid7 状态ment on the New St和ard Contractual Clauses for International Transfers of Personal Data
Rapid7 is committed to upholding high st和ards of privacy 和 security for our customers, 和 we are pleased to be able to offer the New SCCs.
4分钟
公共政策
网络安全 in the Infrastructure Bill
This post provides highlights on cybersecurity in recent infrastructure legislation. 网络安全 is essential to ensure modern infrastructure is safe, 和 Rapid7 commends Congress 和 the Administration for including cybersecurity in the Infrastructure Investment 和 Jobs Act.
10分钟
公共政策
Reforming the UK’s Computer Misuse Act
CMA是英国的反黑客法, 和 we've provided feedback on the issues we see with the legislation.
11分钟
公共政策
黑客反击仍然是一种攻击
The appeal of hack back is easy to underst和, but that doesn't make the idea workable. Here, we outline why Rapid7 is against the authorization of private-sector hack back.
3分钟
公共政策
Rapid7 Joins 状态ment On DMCA Lawsuits Against Security Tools
Rapid7 joined a statement from cybersecurity community members urging against suppression of security tools 和 technologies using Section 1201 of the DMCA.