Security news aggregator

Latest coverage for Proposal

The Proposal tag covers proposals that could shape cybersecurity policy, technical standards, incident response, and protections for digital systems.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A proposal is a documented plan for introducing, changing, or funding a security measure, policy, architecture, or project. It turns a problem or requirement into a decision by defining scope, objectives, options, cost, dependencies, owners, and implementation criteria. In security reporting, it may cover a vulnerability-remediation plan, access-control redesign, security tooling purchase, or response to a proposed technical standard.

Its security value depends on connecting identified threats and vulnerabilities to specific controls and verification steps. Reviewers should examine assumptions about assets, trust boundaries, data handling, and third parties; privacy and regulatory constraints where personal data is involved; and plans for testing, rollout, monitoring, exception handling, and reassessment. A proposal that omits residual risk, ownership, measurable acceptance criteria, or maintenance can leave weaknesses unresolved after approval.

Showing 3 most recent headlines Filtered view

After all, it's only about keeping the essentials on – no rush America's long-awaited cyber attack reporting rules for critical infrastructure operators are inching closer to implementation, after the Feds posted a notice of proposed rulemaking for the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA).…

Bank Info Security 2 years, 3 months ago

CISA Seeks Public Input on Cyber Incident Reporting Rules

US Cyber Defense Agency Proposes 72-Hour Reporting Rule for Covered EntitiesThe U.S. Cybersecurity and Infrastructure Security Agency posted its proposed rulemaking to the Federal Register aiming to implement a 72-hour reporting requirement for covered critical infrastructure entities as required under the Cyber Incident Reporting for Critical Infrastructure Act of 2022.

Bank Info Security 2 years, 3 months ago

Feds Wave Sticks & Carrots at Health Sector to Bolster Cyber

Industry Groups Welcome Help for Hospitals and Others - But Oppose PenaltiesProposed federal sticks and carrots to incentivize the health sector to implement stronger cybersecurity standards are already meeting opposition from some industry groups that say financial help is welcome but payment penalties for perceived laggards likely will do more harm than good.