Disclaimer: The opinions of the columnists are their own and not necessarily those of their employer.

Category Archives: Compliance and Laws

The Bankers and the Lawmen Should be Cyber Friends

– When I read Matthew Goldstein’s February 24, 2015 article “Wall St. and Law Firms Plan Cooperative Body to Bolster Online Security,” in the DealB%k section of The New York Times, I was reminded of the song from Rogers and Hammerstein’s “Oklahoma” about how farmers and cowmen should get…

Balancing Security, Privacy and Secrecy

– Recently, I read the National Security column, “We Need More Secrecy: Why government transparency can be the enemy of liberty,” by David Frum in the May 2014 issue of The Atlantic magazine. It reminded me that I had proposed adding the word “secrecy” to the title of a 2009 book that I…

Security in the Dark

– I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three  hours, say) are often not conveyed to…

SEC-urity’s Catch 22

– On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…

The FFIEC and Password-Generating Tokens

– In June 2011, the FFIEC (Federal Financial Institutions Examination Council) issued a “Supplement to Authentication in an Internet Banking Environment,” available at http://www.ffiec.gov/pdf/Auth-ITS-Final%206-22-11%20(FFIEC%20Formated).pdf The FFIEC comprises five financial regulatory…