The logic of this is that the federal government is a prime target for today’s most advanced cyberattacks, so the measures it insists on for protection are, by necessity, the strongest possible.Įnterprises that adopt those same defences should be both maximally secure and also better qualified to do business with the federal government because they are aligned. In the U.S., that means taking a federal-first approach: conforming to the highest security requirements of the United States federal government. To minimise complexity and maintain compliance, many organisations are taking a “highest bar” approach-conforming to the toughest relevant standards knowing that any lesser requirements will then also be covered, and that their cyber defences will be as strong as possible. Some of these new measures are sector-specific, others apply more broadly, and all of them add to existing privacy and data protection regimes such as the Health Insurance Portability and Accountability Act (HIPAA) for healthcare, the Gramm-Leach-Bliley Act (GLBA) for financial services, and the European Union’s General Data Protection Regulation (GDPR), which covers any business with employees or customers in the EU.
Intensifying cyberattacks and heightened awareness of the risks they pose is driving the creation of new cybersecurity laws around the world, including in the U.S.
0 kommentar(er)
