Information security laws, investigations and ethics

Get news, advice and commentary on information security laws such as the CFAA, CAN-SPAM and CALEA. Learn about information security legislation, ethical vulnerability disclosure, digital surveillance laws and more.

Top Stories

Tip 08 Apr 2025
Ransomware payments: Considerations before paying

To pay or not to pay -- that's the question after a ransomware attack. Law enforcement recommends against it, but that doesn't stop some companies from paying up. Continue Reading
By
- Kyle Johnson, Technology Editor
News 29 Oct 2021
Europol 'targets' 12 suspects in ransomware bust

Europol has not said whether the suspected ransomware actors were arrested or detained, but the 12 were allegedly involved in attacks that affected 1,800 victims in 71 countries. Continue Reading
By
- Alexander Culafi, Senior News Writer, Dark Reading

News 24 Feb 2017
Experts: Government Vulnerabilities Equities Process should be law

Experts say codifying the Vulnerabilities Equities Process into law would increase transparency and trust regarding vulnerability disclosure by the government. Continue Reading
By
- Michael Heller, TechTarget
News 16 Feb 2017
Connected medical devices spark debate at RSA Conference session

An RSA Conference session on a new attack on connected medical devices led to a spirited debate on vulnerability disclosure and manufacturer responsibility. Continue Reading
By
- Rob Wright, Senior News Director, Dark Reading
News 10 Feb 2017
NSA contractor indicted for stealing elite cyberweapons over 20 years

The NSA contractor accused of stealing elite cyberweapons over the course of 20 years, but his connection to the Shadow Brokers auction of similar hacking tools is still unclear. Continue Reading
By
- Michael Heller, TechTarget
News 07 Feb 2017
Google to appeal after loss in cloud data privacy case

Further battle over cloud data privacy is imminent, as a court decides against Google and declines to consider Microsoft's recent appeal victory as precedent. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 31 Jan 2017
Hacked CCTV cameras in DC before inauguration leave unanswered questions

The Washington, D.C., Police Department spotted hacked CCTV cameras before the inauguration and has remediated the ransomware, but questions still surround the attack. Continue Reading
By
- Michael Heller, TechTarget
News 26 Jan 2017
Microsoft defeats DOJ appeal in cloud data privacy case

Microsoft notches another win in its battle to protect cloud data privacy, as an appeals court quashes the DOJ appeal over a warrant for data stored in an Ireland data center. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
News 23 Jan 2017
SEC to investigate the Yahoo breach disclosures

The SEC has requested more information for potential cases concerning whether the Yahoo breach disclosures could have come sooner. Continue Reading
By
- Michael Heller, TechTarget
Answer 12 Jan 2017
What effect does FITARA have on U.S. government cybersecurity?

FITARA became a law in 2014, but government cybersecurity continues to struggle. Expert Mike O. Villegas discusses the effects of the law. Continue Reading
By
- Mike O. Villegas, K3DES LLC
Answer 20 Sep 2016
Is settling a data breach lawsuit the best option for enterprises?

In the unfortunate event of a data breach lawsuit, it's often better to settle before the case reaches court. Expert Mike O. Villegas explains why and how CISOs can help. Continue Reading
By
- Mike O. Villegas, K3DES LLC
News 17 Jun 2016
FBI facial recognition systems draw criticism over privacy, accuracy

GAO report blasts FBI facial recognition programs over privacy and accuracy concerns; FBI systems offer access to over 411 million photos from federal and state sources. Continue Reading
By
- Peter Loshin, Former Senior Technology Editor
Tip 16 May 2016
How encryption legislation could affect enterprises

The legal battle between the FBI and Apple brought encryption legislation into the public eye, for better or worse. Expert Mike Chapple discusses the effect of this on enterprises. Continue Reading
By
- Mike Chapple, University of Notre Dame
News 18 Mar 2016
Apple court filing challenges iPhone backdoor as rhetoric heats up

The rhetoric about the iPhone backdoor from Apple and the FBI has gotten more intense as Apple challenged the FBI in court by calling its motion unconstitutional. Continue Reading
By
- Michael Heller, TechTarget
Answer 20 Oct 2015
Why did Anthem resist government vulnerability assessments?

Vulnerability assessments are often a requirement for organizations that have suffered a data breach and the assessors' results can be invaluable to protect a business. Continue Reading
By
- Mike O. Villegas, K3DES LLC
News 10 Jul 2015
Homeland Security chief calls for federal breach reporting law

The Homeland Security head wants federal laws requiring data breach reporting and information sharing, but one expert warns that government officials need better understanding of infosec technology before creating such laws. Continue Reading
By
- Michael Heller, TechTarget
Answer 20 Mar 2015
How should agencies prepare for federal security scanning?

What do agencies need to consider before going through the Department of Homeland Security's network security scanning? Expert Mike Chapple answers. Continue Reading
By
- Mike Chapple, University of Notre Dame
Feature 28 Apr 2014
Digital Forensics Processing and Procedures

In this excerpt from Digital Forensics Processing and Procedures, the authors provide insight on areas that will need to be considered when setting up a forensic laboratory. Continue Reading
By
- SearchSecurity and Syngress
News 24 May 2012

A bold view on prioritizing computer security laws

The number of computer security laws in the U.S. can be daunting. One bold lawyer suggests a way to prioritize the laws and avoid most legal battles. Continue Reading

— Security Bytes blog
News 27 Apr 2012

CISPA threat intelligence bill passes House

The Cyber Intelligence Sharing and Protection Act (CISPA), clears security vendors of any liability for sharing customer attack data with federal officials. Continue Reading

— Security Bytes blog
News 26 Mar 2012

ISP’s anti-botnet code of conduct accomplishes little

Leading ISPs sign the U.S. Anti-Bot Code of Conduct, which stops short of demanding ISPs provide a clean pipe to customers. Continue Reading

— Security Bytes Blog
Tip 10 Feb 2012
SEC disclosure rules: Public company reporting requirements explained

Learn the public company reporting requirements necessary to comply with CF Disclosure Guidance Topic No. 2, the SEC's cybersecurity reporting rules. Continue Reading
By
- Paul Kirvan
???topicInfoType.magazine_content??? 02 Feb 2012

Information Security Magazine: FEBRUARY 2012

Learn about the latest malware threats targeting enterprises and what you can do to reduce the risk of infection. Continue Reading

— Information Security Magazine: FEBRUARY 2012
News 23 Jun 2011

Feds break up scareware crime rings

Twenty-two computers and servers n the U.S. were seized in connection with the scareware scheme. Continue Reading

— Security Bytes blog
News 03 May 2011

Store dealing with dishonest employees uses internal theft prevention software

A London-based sushi chain expects to save almost £1 million this year with the help of new fraud-detection software. Continue Reading

— SearchSecurity.co.UK
News 29 Jul 2010

Black Hat 2010 podcast: Core Security's Tom Kellerman on APT

Core Security's Tom Kellerman discusses his thoughts about advanced persistent threats, how to deal with foreign adversaries and where and why the U.S. government is coming up short in fending off targeted and persistent attacks from cybercriminals and foreign governments. Continue Reading

— SearchSecurity.com
News 28 Jul 2010

Rite Aid to pay $1 million in HIPAA settlement

In its settlement agreement with the HHS over alleged HIPAA violations, the pharmacy chain will pay $1 million and must establish procedures for disposing of protected health information (PHI). Continue Reading

— Security Bytes blog
News 28 Jul 2010

Black Hat: DHS calls for attitude adjustment

Wednesday's DHS keynote included the tried-and-true plea for greater public-private partnership to secure cyberspace, yet served to challenge those who think securing the Internet is a lost cause. Continue Reading

— Security Bytes blog
News 03 Jun 2009

Experts optimistic of Obama cybersecurity plan

Information Security magazine's Michael Mimoso reported on the Obama cybersecurity announcement. He interviewed security experts Howard Schmidt, Paul Kocher and Patricia Titus. Continue Reading

— Security Wire Weekly podcast
News 27 Apr 2009

ICE Act would create White House cybersecurity post

The Information and Communications Enhancement (ICE) Act would create a White House "cyber office" that would coordinate between government agencies and the private sector. Continue Reading

— SearchCompliance.com
Answer 03 Feb 2009
What are the ethical issues when consulting for two competing companies?

Security consulting is a job in which privacy is paramount. Leaking security strategies to the wrong people -- especially a company's competition -- could lead to breaches or break ins. In this expert response, David Mortman gives best practices for handling consulting ethically. Continue Reading
By
- David Mortman, Dell
Answer 06 Aug 2008
What vendors would you recommend for software write-blockers?

In a forensics investigation, a software write-blocker can be very helpful. But which vendors offer the best blockers? Security management expert Mike Rothman explains what to look for. Continue Reading
By
- Mike Rothman, Securosis
News 20 Jun 2007

Homeland Security computer weaknesses to be examined

A House subcommittee is holding a hearing to identify the failures of the Department of Homeland Security (DHS) to secure its information networks. Continue Reading

— Security Bytes