The Library

There has significant media coverage on the Network Information Security Directive and the revision to the General Data Protection Regulation, in this session we will cover the realities. When do they come into effect, what are the key aspected you should be aware of and more critically how will they impact your cyber security strategies. This session will give you a practical insight to ensure your cyber strategy is aligned with the new legislation.

Doing business in the European Union is changing. By May 2018, companies must comply with the new General Data Protection Regulation’s (GDPR) data breach notification requirements and the Network and Information Security (NIS) Directive’s security incident notification requirements.

Notification requirements make it imperative to prevent incidents before they happen. To help you prepare for these new requirements, Palo Alto Networks hosted a webinar with cybersecurity and data privacy lawyers from Orrick Herrington & Sutcliffe to discuss:

· What are the requirements and the deadlines under each law?
· What are the thresholds for notification, and who needs to be notified?
· How should companies prepare for their oncoming obligations? What strategies should be in place? What have other international companies done to prepare and communicate?
· What might be the legal consequences of non-compliance?

Retail has been particularly hard hit by cybersecurity breaches because of the wealth of Personal Identity Information (PII) collected and, unfortunately retained, by the retailers. The 2013 massive compromise of retail giant Target’s systems has been litigated in the courts and subject to an extensive Multi-State Attorney-General Task Force action that has produced record payouts to plaintiffs.

The purpose of this paper is to use the Target litigation as a backdrop of the cybersecurity measures a business must have in place if it is to protect adequately the PII of its lifeblood — the customers.

As more and more executives are realizing, the public cloud offers unparalleled agility benefits, allowing companies to go from idea to implementation dramatically faster than ever. Agility, digital modernization and instant scalability are often the primary engines for public cloud adoption growth. Not surprisingly, the decision to adopt public cloud services for many business initiatives is no longer the sole purview of the CIO. In fact, research from IDC indicates that 41 percent of CEOs are major decision-makers in the determination to adopt public cloud, with a nod to the growing role board members now play in that decision.

This paper outlines the three main questions CEOs and board members should be asking their CIO about public cloud security.

By highlighting some key questions to ask and rules to follow when articulating a cloud strategy, this paper will help organizations take advantage of the cloud with the confidence that they’re not leaving themselves exposed to new cyber security risks.

As with any business enabling technology, public cloud adoption poses risks. Senior leaders should understand and manage those risks in a way that is in line with the organization’s risk appetite while taking into account the regulatory and competitive factors applicable to the organization and its industry.

Commercial boards and senior government officials may be the only groups capable of kick-starting a new direction in the evolution of cybersecurity. In order to understand why this is a board issue, it is important to understand why commercial industry and government operations are at this critical intersection between best practices and new ideas.

This paper describes Defense-in-Depth and why it is a failed model, it describes how network defenders adopted the Cyber Kill Chain model as a replacement but have not implemented it well, and also describes a much better way to implement the Cyber Kill Chain model, with a security platform.

Two new pieces of legislation entering into force in the European Union – the Network and Information Security Directive and the General Data Protection Regulation – have the potential to impact how any company that does business in Europe manages its cybersecurity risks. To learn more about these pieces of legislation, their implications, and for advice related to preparing your company to respond to them, download the Executive Advisory Report: European Union Cybersecurity-Related Legislation.

Your organization’s approach to cybersecurity can either securely enable your business to innovate and make use of transformational technologies, like the cloud, or it can introduce unnecessary risk and complexity. Making the proper investments in cybersecurity can help companies protect the resiliency and integrity of their business operations.