CISA Launches New Cyber Incident Reporting Rules for US Defense Contractors
CISA has revealed the first draft for an update of the Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022
Incident coverage examines breaches, outages, and response failures to explain how security events affect systems, data, and organizations.
Search across headline titles and summaries.
Background for this topic.
An incident is a suspected or confirmed event that threatens the confidentiality, integrity, or availability of information or systems, or violates a security policy. Examples include unauthorized access, malware execution, exposed credentials, data loss, and disruptive attacks. Not every alert is an incident: triage determines whether an event is credible, its scope, and the assets or data involved.
Incident handling requires timely detection, analysis, containment, eradication, and recovery. Practitioners must preserve relevant evidence, identify affected accounts and systems, assess whether data was accessed or altered, and prevent recurrence. Clear escalation and documentation support privacy or regulatory notifications when applicable. Findings should feed security improvements such as closing exploited vulnerabilities, strengthening access controls, and updating detection and response procedures.
CISA has revealed the first draft for an update of the Cyber Incident Reporting for Critical Infrastructure (CIRCIA) Act of 2022
The maintainers of the Python Package Index (PyPI) repository briefly suspended new user sign-ups following an influx of malicious projects uploaded as part of a typosquatting campaign
After all, it's only about keeping the essentials on – no rush America's long-awaited cyber attack reporting rules for critical infrastructure operators are inching closer to implementation, after the Feds posted a notice of proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).…
A rising volume of calls to the Scottish Cyber and Fraud Centre highlights surging threat levels
How to Navigate New SEC RulesThe new SEC rules, which took effect in late 2023, introduce mandatory cyber-incident reporting requirements for all U.S.-listed companies.
Denise Anderson and Errol Weiss of Health-ISAC Discuss Critical Cyber IssuesThe Change Healthcare attack - the most disruptive cyber incident to ever hit the U.S. healthcare ecosystem - spotlights the risks that come from relying on a handful of major suppliers, said leaders of the Health Information Sharing and Analysis Center.
US Cyber Defense Agency Proposes 72-Hour Reporting Rule for Covered EntitiesThe U.S. Cybersecurity and Infrastructure Security Agency posted its proposed rulemaking to the Federal Register aiming to implement a 72-hour reporting requirement for covered critical infrastructure entities as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022.
The days of cybercriminals having something of a moral compass are over The parent company of The Big Issue, a street newspaper and social enterprise for homeless people, is wrestling with a cybersecurity incident claimed by the Qilin ransomware gang.…
Reveals 2021 incident that saw parliamentary agencies briefly probed The government of South Pacific island nation New Zealand has revealed that it, too, has been attacked by China.…