Information security laws, investigations and ethics
Get news, advice and commentary on information security laws such as the CFAA, CAN-SPAM and CALEA. Learn about information security legislation, ethical vulnerability disclosure, digital surveillance laws and more.
Top Stories
-
Tip
28 Aug 2023
Should companies make ransomware payments?
Once infected with ransomware, organizations face a major question: to pay or not to pay? Law enforcement recommends against it, but that doesn't stop all companies from paying. Continue Reading
-
Tip
14 Aug 2023
How to create a ransomware incident response plan
A ransomware incident response plan may be the difference between surviving an attack and shuttering operations. Read key planning steps, and download a free template to get started. Continue Reading
-
News
17 May 2017
Vulnerabilities Equities Process may be law with PATCH Act
The bipartisan PATCH Act aims to codify the Vulnerabilities Equities Process into law in the wake of a global ransomware attack based on a stolen NSA cyberweapon. Continue Reading
-
News
06 Apr 2017
Chinese hacking group APT10 linked to global trade target
Evidence points to Chinese hacking group APT10 conducting economic espionage in the breach of a trade policy group prior to U.S.-China trade summit talks in Florida. Continue Reading
-
Podcast
05 Apr 2017
Risk & Repeat: Strong encryption under fire again
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the latest round of the encryption debate and what it means for apps that use strong encryption. Continue Reading
-
News
31 Mar 2017
EU encryption backdoor options for messaging apps set for June
Messaging app developers will be offered 'three or four' legislative and non-legislative options for encryption backdoor access for EU law enforcement. Continue Reading
-
News
31 Mar 2017
WikiLeaks' false flag attack allegations against CIA unfounded
Another set of documents from the Vault 7 CIA cache was released by WikiLeaks, but experts say the allegations of false flag attacks are unfounded and dangerous. Continue Reading
-
News
31 Mar 2017
Obama-era cyber executive order extended by Trump
A cyber executive order from the Obama era has been extended by President Trump to allow sanctions placed on cybercriminals who attack the U.S. Continue Reading
-
Podcast
22 Mar 2017
Risk & Repeat: Accused Yahoo hackers indicted
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the indictments of the alleged Yahoo hackers and how the attackers minted Yahoo authentication cookies. Continue Reading
-
News
21 Mar 2017
WikiLeaks' disclosure of CIA hacks comes with requirements
WikiLeaks reportedly made demands of vendors at risk from the Vault 7 CIA hacks, but without knowing what the requirements are, experts are unsure how to react. Continue Reading
-
News
21 Mar 2017
FBI investigating Trump campaign ties to Russia, DNC breach
FBI Director James Comey confirmed the bureau is investigating the Trump campaign's ties to the Russian government and election cyberattacks such as the DNC breach. Continue Reading
-
News
17 Mar 2017
Will the Yahoo breach indictments be an effective hacker deterrent?
The Department of Justice indicted suspects in the 2014 Yahoo breach, but experts are unsure if this will prove to be an effective hacker deterrent moving forward. Continue Reading
-
News
15 Mar 2017
DOJ indicts suspected Yahoo hackers from Russia; extradition unclear
The U.S. Department of Justice indicted four men -- including two Russian Federal Security Service officers -- accused of being the Yahoo hackers, but only one person was arrested. Continue Reading
-
Podcast
15 Mar 2017
Risk & Repeat: Leak of CIA hacking tools creates confusion
In this episode of SearchSecurity's Risk & Repeat podcast, editors discuss the confusion around WikiLeaks' release of government documents regarding CIA hacking tools. Continue Reading
-
News
10 Mar 2017
WikiLeaks vows to disclose CIA hacking tools; CIA to investigate
WikiLeaks founder Julian Assange promised to work with vendors to help patch products vulnerable to CIA hacking tools, while the FBI and CIA will investigate the leak. Continue Reading
-
News
08 Mar 2017
Vault 7 CIA hacking weapons include iOS, Android and Windows zero days
WikiLeaks released a massive dump of files it claims to be CIA hacking tools, codenamed Vault 7, which includes iOS and Android zero-day exploits. Continue Reading
-
News
02 Mar 2017
Employees knew about Yahoo security breach years ago, per new SEC filing
A new SEC filing details who knew about the major Yahoo security breach in 2014, but experts are confused by the repercussions of the announcement. Continue Reading
-
News
24 Feb 2017
Experts: Government Vulnerabilities Equities Process should be law
Experts say codifying the Vulnerabilities Equities Process into law would increase transparency and trust regarding vulnerability disclosure by the government. Continue Reading
-
News
16 Feb 2017
Connected medical devices spark debate at RSA Conference session
An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading
-
News
10 Feb 2017
NSA contractor indicted for stealing elite cyberweapons over 20 years
The NSA contractor accused of stealing elite cyberweapons over the course of 20 years, but his connection to the Shadow Brokers auction of similar hacking tools is still unclear. Continue Reading
-
News
07 Feb 2017
Google to appeal after loss in cloud data privacy case
Further battle over cloud data privacy is imminent, as a court decides against Google and declines to consider Microsoft's recent appeal victory as precedent. Continue Reading
-
News
31 Jan 2017
Hacked CCTV cameras in DC before inauguration leave unanswered questions
The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack. Continue Reading
-
News
26 Jan 2017
Microsoft defeats DOJ appeal in cloud data privacy case
Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center. Continue Reading
-
News
23 Jan 2017
SEC to investigate the Yahoo breach disclosures
The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner. Continue Reading
-
Answer
12 Jan 2017
What effect does FITARA have on U.S. government cybersecurity?
FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law. Continue Reading
-
Answer
20 Sep 2016
Is settling a data breach lawsuit the best option for enterprises?
In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help. Continue Reading
-
News
17 Jun 2016
FBI facial recognition systems draw criticism over privacy, accuracy
GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources. Continue Reading
-
Tip
16 May 2016
How encryption legislation could affect enterprises
The legal battle between the FBI and Apple brought encryption legislation into the public eye, for better or worse. Expert Mike Chapple discusses the effect of this on enterprises. Continue Reading
-
News
18 Mar 2016
Apple court filing challenges iPhone backdoor as rhetoric heats up
The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional. Continue Reading
-
Answer
20 Oct 2015
Why did Anthem resist government vulnerability assessments?
Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business. Continue Reading
-
News
10 Jul 2015
Homeland Security chief calls for federal breach reporting law
The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws. Continue Reading
-
Answer
20 Mar 2015
How should agencies prepare for federal security scanning?
What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers. Continue Reading
-
Feature
28 Apr 2014
Digital Forensics Processing and Procedures
In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory. Continue Reading
-
News
24 May 2012
A bold view on prioritizing computer security laws
The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. Continue Reading
-
News
27 Apr 2012
CISPA threat intelligence bill passes House
The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials. Continue Reading
-
News
26 Mar 2012
ISP’s anti-botnet code of conduct accomplishes little
Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers. Continue Reading
-
Tip
10 Feb 2012
SEC disclosure rules: Public company reporting requirements explained
Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Continue Reading
-
News
23 Jun 2011
Feds break up scareware crime rings
Twenty-two computers and servers n the U.S. were seized in connection with the scareware scheme. Continue Reading
-
News
03 May 2011
Store dealing with dishonest employees uses internal theft prevention software
A London-based sushi chain expects to save almost £1 million this year with the help of new fraud-detection software. Continue Reading
-
News
29 Jul 2010
Black Hat 2010 podcast: Core Security's Tom Kellerman on APT
Core Security's Tom Kellerman discusses his thoughts about advanced persistent threats, how to deal with foreign adversaries and where and why the U.S. government is coming up short in fending off targeted and persistent attacks from cybercriminals and foreign governments. Continue Reading
-
News
28 Jul 2010
Black Hat: DHS calls for attitude adjustment
Wednesday's DHS keynote included the tried-and-true plea for greater public-private partnership to secure cyberspace, yet served to challenge those who think securing the Internet is a lost cause. Continue Reading
-
News
28 Jul 2010
Rite Aid to pay $1 million in HIPAA settlement
In its settlement agreement with the HHS over alleged HIPAA violations, the pharmacy chain will pay $1 million and must establish procedures for disposing of protected health information (PHI). Continue Reading
-
News
03 Jun 2009
Experts optimistic of Obama cybersecurity plan
Information Security magazine's Michael Mimoso reported on the Obama cybersecurity announcement. He interviewed security experts Howard Schmidt, Paul Kocher and Patricia Titus. Continue Reading
-
News
27 Apr 2009
ICE Act would create White House cybersecurity post
The Information and Communications Enhancement (ICE) Act would create a White House "cyber office" that would coordinate between government agencies and the private sector. Continue Reading
-
Answer
03 Feb 2009
What are the ethical issues when consulting for two competing companies?
Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for handling consulting ethically. Continue Reading
-
Answer
06 Aug 2008
What vendors would you recommend for software write-blockers?
In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for. Continue Reading
-
News
20 Jun 2007
Homeland Security computer weaknesses to be examined
A House subcommittee is holding a hearing to identify the failures of the Department of Homeland Security (DHS) to secure its information networks. Continue Reading