February 24, 2017 By Scott Koegler 3 min read

As more government agencies get involved with creating cybersecurity regulations, security professionals will need to monitor new laws and understand which apply to their industry and whether some overlap or conflict. Increased enforcement from different agencies can mean significant consequences even if breaches are avoided.

As the new administration adjusts regulations, chief information security officers (CISOs) will need to add governmental cyber regulations to their daily watchlists. Consider the following key areas that impact enterprise security in multiple ways.

Federal Cybersecurity Regulations

The Cybersecurity Information Sharing Act of 2015 provides a framework for the federal government, some state governments and private industry to securely share cyberthreat information. As part of that action, the Security and Exchange Commission (SEC) established guidelines for regulated firms to comply with specific regulations. For example, the SEC recently settled a case with a company that suffered a data breach that compromised the personally identifiable information (PII) of nearly 100,000 people, showing its commitment to increasing security — particularly in the financial sector.

Government Fraud and Waste

Banking and finance regulations have been the focus of attention in the years since the Great Recession, and offshore tax evasion has been high on the Department of Justice’s list of targets. In 2015, the DOJ, under its Swiss Bank Program, entered agreements with multiple banks to encourage cooperation with regard to financial transactions.

Additionally, the Organization for Economic Cooperation and Development (OECD) created a global standard for financial institutions to exchange account information automatically in an effort to restrict offshore tax evasion. These efforts need to be understood and considered as companies conduct business around the globe. CISOs must institute measures to alert them when suspicious activities threaten their standard business practices.

Corporate Compliance

The Organizational Sentencing Guidelines of 1991 set the stage for federal oversight of corporate activities. In 2015, the DOJ hired a compliance counsel to guide prosecutors with regard to specific charges that might be brought against companies.

Since that time, the DOJ has demonstrated a commitment to pursuing a variety of charges. New guidelines are likely to bring about changes in how the agency monitors compliance. CISOs need to be aware of changes and update their compliance practices as needed.

Global Cooperation

The internationally connected internet narrows or eliminates separations between regulators in countries around the globe. This connectedness increases the complexity of interactions in companies, some of which may not even know the specific countries where they are doing business. Privacy regulations vary widely and change frequently as governments strive to protect their own and their citizens’ interests. CISOs need to be vigilant about changes in regulations on a global basis.

Focus on Money Laundering

Global trade involves the movement of money across international borders, and some governments are concerned about funds being routed to terrorist organizations. Closely associated with those concerns is the prospect of money laundering that hides the sources and destinations of funds. CISOs must monitor the routes of transactions and assure they are within federal and state guidelines.

Trade Sanctions as Foreign Policy

Trade sanctions have long been used to encourage behavioral changes in foreign governments. The U.S. has increased its use of sanctions for a variety of purposes against countries in recent years. Often, those sanctions impose criminal or civil penalties against U.S. companies that violate them. CISOs need to understand the specifics of international sanctions and monitor the sources and destinations of business transactions that take place across borders to be in full compliance with laws.

Government regulations are in flux, and CISOs are responsible for the security and compliance of their companies’ transactions and business dealings. They must maintain a current view of government rules and understand how they apply to and affect the data that flows in and out of the organization, even if they are not responsible for the contents of those transactions.

Listen to the podcast: Lessons from the NIST Cybersecurity Framework

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today