Security news aggregator

Latest coverage for Proposal

The Proposal tag covers proposals that could shape cybersecurity policy, technical standards, incident response, and protections for digital systems.

3 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

A proposal is a documented plan for introducing, changing, or funding a security measure, policy, architecture, or project. It turns a problem or requirement into a decision by defining scope, objectives, options, cost, dependencies, owners, and implementation criteria. In security reporting, it may cover a vulnerability-remediation plan, access-control redesign, security tooling purchase, or response to a proposed technical standard.

Its security value depends on connecting identified threats and vulnerabilities to specific controls and verification steps. Reviewers should examine assumptions about assets, trust boundaries, data handling, and third parties; privacy and regulatory constraints where personal data is involved; and plans for testing, rollout, monitoring, exception handling, and reassessment. A proposal that omits residual risk, ownership, measurable acceptance criteria, or maintenance can leave weaknesses unresolved after approval.

Showing 3 most recent headlines Filtered view
Bank Info Security 2 years, 3 months ago

FTC Bans Online Mental Health Firm From Sharing Certain Data

Proposed Action Also Orders Cerebral Inc. to Pay $7M PenaltyThe FTC has proposed restricting a mental telehealth service firm from sharing consumer data and requiring it to pay a $7 million penalty to settle allegations that the firm used online tracking tools to unlawfully disclose sensitive health information to third-party advertisers without consent.

Bank Info Security 2 years, 3 months ago

Law Firm to Pay $8M to Settle Health Data Hack Lawsuit

Orrick Herrington Cyberattack Compromised Clients' Data, Affected Nearly 638,000A global law firm that provides data breach legal services has agreed to an $8 million settlement to resolve a proposed class action lawsuit filed against the firm in the aftermath of its cyberattack last year, which affected some health sector clients and nearly 638,000 individuals.