Security and Compliance News – SCW #3

November 8, 2019



PwC's 2019 Annual Corporate Directors Survey, What is the Board's Role in Effective Risk Management?, CEOs could get jail time for violating privacy bill, California Amends Breach Notification Law, Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance, and 5 Updates from PCI SSC That You Need to Know.

Visit for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor's Page

Security and Compliance News

  1. Crisis management comes into focus
  2. Increasing the profile of cybersecurity in the boardroom
  3. Directors lukewarm on a stakeholder model of governance
  4. Who’s responsible for culture? Everyone…including the board
  5. More work to be done on talent management
  • What is the Board’s Role in Effective Risk Management? - Boards can take the following actions to assure effective risk management oversight:
    • Ensure that board members understand why and how robust risk monitoring is required to achieve organizational strategic goals and overall success.
    • Nominate board executive(s) with appropriate risk management background.
    • Establish a board risk committee or group that oversees all risk management activities enterprise-wide and advises the full board around risk-related decisions.
    • Designate a Chief Risk Officer (CRO) to represent the risk committee and oversee risk-related issues.
    • Regularly review all aspects of risk monitoring processes to ensure they are effectively and efficiently meeting organizational needs.
  • CEOs could get jail time for violating privacy bill - The bill, known as the Mind Your Own Business Act will contain the most comprehensive protections for Americans’ private data and will go further than the EU General Data Protection Regulation (GDPR). The Mind Your Own Business Act will empower the Federal Trade Commission (FTC) by allowing them to establish minimum privacy and cybersecurity standards and issuing steep fines (up to 4% of annual revenue) on the first offense for companies. Senior executives who have knowingly lied to the FTC could face 20-20 year criminal penalties.
  • California Amends Breach Notification Law - On October 11, 2019, California Governor Gavin Newsom signed into law AB 1130, which expands the types of personal information covered by California’s breach notification law to include, when compromised in combination with an individual’s name: (1) additional government identifiers, such as tax identification number, passport number, military identification number, or other unique identification number issued on a government document commonly used to verify the identity of a specific individual; and (2) biometric data generated from measurements or technical analysis of human body characteristics (e.g., fingerprint, retina, or iris image) used to authenticate a specific individual.
  • Technical challenge or business enabler? Seizing the opportunity of PCI DSS compliance - Adopting a compliance framework that complements commercial objectives alongside the latest security and privacy requirements is key to truly reap the benefits of PCI DSS. But how do you start?
    • Define the scope
    • If it isn’t broken, make it better!
    • Deliver added value
    • Looking to the Future
  • 5 Updates from PCI SSC That You Need to Know - As payment technologies evolve, so do the requirements for securing cardholder data.
  1. Programs Open for Software Security Framework Assessors in October
  2. New Standard for Contactless Payments by the End of the Year
  3. Requests for Comments for PCI DSS Version 4.0 to Open in October
  4. New Version of P2PE Standard and Program in December
  5. A New Strategic Framework


[caption id="attachment_210" align="alignleft" width="120"]Matt Alderman Matt Alderman - CEO[/caption] [caption id="attachment_210" align="alignleft" width="120"]Michael Santarcangelo Michael Santarcangelo - Founder; Catalyst[/caption]



  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to If you have missed any of our previously recorded webcasts, you can find our on-demand library at

[audio src=""]

prestitial ad