March 17, 2018 at 2:33 pm
Comments posted to this topic are about the item If only the US would follow ...
March 18, 2018 at 10:15 pm
I have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).
I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.
March 19, 2018 at 6:08 am
You should get your basic right...
This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
EU not UK
Correct your article it's EU not UK only!
Thank you!
http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC
March 19, 2018 at 7:20 am
Guaranteed this would open up an entire wealthy cottage industry of satisfying government bureaucrats micromanaging thousands of regulations. Probably with little actual security improvement (note the government's own lousy track record.)
...
-- FORTRAN manual for Xerox Computers --
March 19, 2018 at 8:42 am
Daniel Auger - Sunday, March 18, 2018 10:15 PMI have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.
Have you any links to the Dept. of Homeland Security's free IT security services?
Kindest Regards, Rod Connect with me on LinkedIn.
March 19, 2018 at 9:29 am
Daniel Auger - Sunday, March 18, 2018 10:15 PMI have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.
Let's hope so. Didn't know they offered services, but that's great.
March 19, 2018 at 9:33 am
CozzaroNero - Monday, March 19, 2018 6:08 AMYou should get your basic right...
This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
EU not UK
Correct your article it's EU not UK only!
Thank you!http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC
The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.
March 19, 2018 at 9:37 am
It would be interesting to find out where the 17 million actually goes and what it would be used for. If it goes towards people that have had their identities stolen or have suffered other financial or reputation damage from a data breach, then I agree with the fines. If not, then what? And how many times can a company be made to suffer the fine? It seems to me, like you said, it may be a proverbial drop in the bucket and simply suffer the fines than to do all that is necessary to make an "air tight" computational world for their given business especially with the notion that a customer can request "I want to disappear".
--Jeff Moden
Change is inevitable... Change for the better is not.
March 19, 2018 at 10:22 am
I think the UK has bigger security issues they don't address other than cybersecurity.
March 19, 2018 at 10:31 am
Steve Jones - SSC Editor - Monday, March 19, 2018 9:32 AMCozzaroNero - Monday, March 19, 2018 6:08 AMYou should get your basic right...
This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
EU not UK
Correct your article it's EU not UK only!
Thank you!http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC
The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.
Sorry, Verba volant, scripta manent, you got it wrong all the way thru and not able to recognise that is even more wrong.
Your article is praising UK for something that is coming from EU Parliament which is why you are wrong. You mention the EU only for the GDPR, surprisingly right... lol
March 19, 2018 at 10:43 am
CozzaroNero - Monday, March 19, 2018 10:31 AMSteve Jones - SSC Editor - Monday, March 19, 2018 9:32 AMCozzaroNero - Monday, March 19, 2018 6:08 AMYou should get your basic right...
This is not UK doing the right thing, this is UK applying the EU law (EU 2016/1148).
In 2016, EU Parliament has acted to achieve an high common level of network and information systems security across EU.
All members state of the EU, including UK, MUST comply to that law before may 2018! hence UK is simply implementing what the EU has asked to do to all countries in the EU...
EU not UK
Correct your article it's EU not UK only!
Thank you!http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.194.01.0001.01.ENG&toc=OJ:L:2016:194:TOC
The piece doesn't say UK only. However, the referenced article is the UK requiring this, which is what I with the US would do. The piece does mention this is because of EU Parliament guidance. The EU piece leaves it up to member states as to the penalties, which is really what I wanted to point out.
Sorry, Verba volant, scripta manent, you got it wrong all the way thru and not able to recognise that is even more wrong.
Your article is praising UK for something that is coming from EU Parliament which is why you are wrong. You mention the EU only for the GDPR, surprisingly right... lol
So write a counter point article and submit it.
March 19, 2018 at 11:33 am
Cyber security and digital privacy are rarely ever political campaign issues up for debate here in the US, at least not in the same way that immigration, the environment or international trade are. It's a topic that should be debated more substantively, instead of just in a stylistic way.
"Do not seek to follow in the footsteps of the wise. Instead, seek what they sought." - Matsuo Basho
March 19, 2018 at 12:10 pm
This is a fascinating contemporary topic that I'm excited to see unfold. In the US I'm curious to see the final straw that breaks the camels back. Do we ever get to that point? I'm hesitant and skeptical about throwing regulations and money and problems. It would be nice to see some sort of legislation come out that defends privacy and makes a good faith effort to minimize security breaches. As with most things the implementation is where all the debate will be.
March 19, 2018 at 12:23 pm
Rod at work - Monday, March 19, 2018 8:42 AMDaniel Auger - Sunday, March 18, 2018 10:15 PMI have some good news for you. The US Department of Homeland Security offers free IT (and other) security services to entities in the USA that fall under critical infrastructure. These services include things like security assessments, penetration testing & scans, incident preparedness, and information sharing. However, as far as I know, there are no federal punitive measures in place akin to what is outlined in the article. There are a lot of complications and restrictions limiting oversight because of state vs. federal jurisdictions. For example: it's not uncommon for a state agency to be forbidden by law from sharing certain types of information with federal agencies (such as IT details).I'm guessing the USA is not far away from its own GDPR like act, but only time will tell.
Have you any links to the Dept. of Homeland Security's free IT security services?
I couldn't find a detailed list, but the DHS site is full of high level info.
https://www.dhs.gov/topic/cybersecurity
https://www.dhs.gov/topic/protecting-critical-infrastructure
Viewing 15 posts - 1 through 15 (of 18 total)
You must be logged in to reply to this topic. Login to reply