{"id":2645,"date":"2024-03-01T22:22:49","date_gmt":"2024-03-01T22:22:49","guid":{"rendered":"https:\/\/www.darkreading.com\/ics-ot-security\/ciso-corner-operationalizing-nist-csf-ai-models-run-amok"},"modified":"2024-03-01T22:22:49","modified_gmt":"2024-03-01T22:22:49","slug":"ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/03\/01\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok\/","title":{"rendered":"CISO Corner: Operationalizing NIST CSF 2.0; AI Models Run Amok"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/bltf96b922d4412e8b7\/64f154aa742661377190faad\/Chess_Alessandro_de_Leo_Alamy.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<div><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?w=640&#038;ssl=1\" class=\"ff-og-image-inserted\"><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles tailored specifically to security operations readers and security leaders. Every week, we&#8217;ll offer articles gleaned from across our news operation, The Edge, DR Technology, DR Global, and our Commentary section. We&#8217;re committed to bringing you a diverse set of perspectives to support the job of operationalizing cybersecurity strategies, for leaders at organizations of all shapes and sizes.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In this issue:<\/span><\/p>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">NIST Cybersecurity Framework 2.0: 4 Steps to Get Started<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"9\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">It&#8217;s 10 p.m. Do You Know Where Your AI Models Are Tonight?<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Orgs Face Major SEC Penalties for Failing to Disclose Breaches<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Biometrics Regulation Heats Up, Portending Compliance Headaches<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6.5\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"8\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">DR Global: &#8216;Illusive&#8217; Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"6\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"7\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Converging State Privacy Laws &amp; the Emerging AI Challenge<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"NIST Cybersecurity Framework 2.0: 4 Steps to Get Started\">NIST Cybersecurity Framework 2.0: 4 Steps to Get Started<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">The National Institute of Standards and Technology (NIST) has revised the book on creating a comprehensive cybersecurity program that aims to help organizations of every size be more secure. Here&#8217;s where to start putting the changes into action.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Operationalizing the latest version of NIST&#8217;s Cybersecurity Framework (CSF), released this week, could mean significant changes to cybersecurity programs.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">For instance, there&#8217;s a brand-new &#8220;Govern&#8221; function to incorporate greater executive and board oversight of cybersecurity, and it expands <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/why-genz-new-force-reshaping-ot-security\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">best security practices beyond just those for critical industries<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. In all, cybersecurity teams will have their work cut out for them, and will have to take a hard look at existing assessments, identified gaps, and remediation activities to determine the impact of the framework changes.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Fortunately, our tips for operationalization of the latest version of the NIST Cybersecurity Framework can help point the way forward. They include using all the NIST resources (the CSF is not just a document but a collection of resources that companies can use to apply the framework to their specific environment and requirements); sitting down with the C-suite to discuss the &#8220;Govern&#8221; function; wrapping in supply chain security; and confirming that consulting services and cybersecurity posture management products are reevaluated and updated to support the latest CSF.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/nist-cybersecurity-framework-2-0-4-steps-get-started\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">NIST Cybersecurity Framework 2.0: 4 Steps to Get Started<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/us-government-taking-bigger-role-in-software-security\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">US Government Expands Role in Software Security<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom\">Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Jai Vijayan, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">Apple&#8217;s PQ3 for securing iMessage and Signal&#8217;s PQXH show how organizations are preparing for a future in which encryption protocols must be exponentially harder to crack.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As quantum computers mature and give adversaries a trivially easy way to crack open even the most secure current encryption protocols, organizations need to move now to protect communications and data.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">To that end, Apple&#8217;s new PQ3 post-quantum cryptographic (PQC) protocol for securing iMessage communications, and a similar encryption protocol that Signal introduced last year called PQXDH, are quantum resistant, meaning they can \u2014 theoretically, at least \u2014 withstand attacks from quantum computers trying to break them.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">But organizations, the shift to things like PQC will be long, complicated, and likely painful. Current mechanisms heavily reliant on public key infrastructures will require reevaluation and adaptation to integrate quantum-resistant algorithms. And the <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cloud-security\/post-quantum-satellite-protection-rockets-towards-reality\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">migration to post-quantum encryption<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> introduces a new set of management challenges for enterprise IT, technology, and security teams that parallels previous migrations, like from TLS1.2 to 1.3 and ipv4 to v6, both of which have taken decades.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/as-quantum-resistant-encryption-emerges-so-do-worries-about-adoption-challenges\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Apple, Signal Debut Quantum-Resistant Encryption, but Challenges Loom<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/cracking-weak-cryptography-quantum-computing\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Cracking Weak Cryptography Before Quantum Computing Does<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"I\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">I<\/span>t&#8217;s 10 p.m. Do You Know Where Your AI Models Are Tonight?<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Ericka Chickowski, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">A lack of AI model visibility and security puts the software supply chain security problem on steroids.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">If you thought the software supply chain security problem was difficult enough today, buckle up. The explosive growth in AI use is about to make those supply chain issues exponentially harder to navigate in the years to come.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">AI\/machine learning models provide the foundation for an AI system&#8217;s ability to recognize patterns, make predictions, make decisions, trigger actions, or create content.&nbsp;But the truth is that most organizations don&#8217;t even know how to even start gaining <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/ai-risk-database-tackles-ai-supply-chain-risks\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">visibility into all of the AI models embedded<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> in their software.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">To boot, models and the infrastructure around them are built differently than other software components and traditional security and software tooling isn&#8217;t built to scan for or to understand how AI models work or how they&#8217;re flawed.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;A model, by design, is a self-executing piece of code. It has a certain amount of agency,&#8221; says Daryan Dehghanpisheh, co-founder of Protect AI. &#8220;If I told you that you have assets all over your infrastructure that you can&#8217;t see, you can&#8217;t identify, you don&#8217;t know what they contain, you don&#8217;t know what the code is, and they self-execute and have outside calls, that sounds suspiciously like a permission virus, doesn&#8217;t it?&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/do-you-know-where-your-ai-models-are-tonight\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\"> It&#8217;s 10 p.m. Do You Know Where Your AI Models Are Tonight?<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/hugging-face-ai-platform-100-malicious-code-execution-models\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Hugging Face AI Platform Riddled With 100 Malicious Code-Execution Models<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Orgs Face Major SEC Penalties for Failing to Disclose Breaches\">Orgs Face Major SEC Penalties for Failing to Disclose Breaches<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">In what could be an enforcement nightmare, potentially millions of dollars in fines, reputational damage, shareholder lawsuits, and other penalties await companies that fail to comply with the SEC&#8217;s new data-breach disclosure rules.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Companies and their CISOs could be facing anywhere from hundreds of thousands to millions of dollars in fines and other penalties from the US Securities and Exchange Commission (SEC), if they don&#8217;t get their cybersecurity and data-breach disclosure processes in order to comply with the new rules that have now gone into effect.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The SEC regs have teeth: The commission can hand down a permanent injunction ordering the defendant to cease the conduct at the heart of the case, order the payback of ill-gotten gains, or implement three tiers of escalating penalties that can result in astronomical fines.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Perhaps most worrisome for <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/vulnerabilities-threats\/how-secs-rules-cybersecurity-incident-disclosure-are-exploited\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">CISOs is the personal liability they now face<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> for many areas of business operations for which they have historically not had responsibility. Only half of CISOs (54%) are confident in their ability to comply with the SEC&#8217;s ruling.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">All of that is leading to a broad rethinking of the role of the CISO, and additional costs for businesses.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/orgs-face-major-sec-penalties-failing-disclose-breaches\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Orgs Face Major SEC Penalties for Failing to Disclose Breaches<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/what-companies-cisos-should-know-about-rising-legal-threats\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">What Companies &amp; CISOs Should Know About Rising Legal Threats<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Biometrics Regulation Heats Up, Portending Compliance Headaches\">Biometrics Regulation Heats Up, Portending Compliance Headaches<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By David Strom, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">A growing thicket of privacy laws regulating biometrics is aimed at protecting consumers amid increasing cloud breaches and AI-created deepfakes. But for businesses that handle biometric data, staying compliant is easier said than done.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Biometric privacy concerns are heating up, thanks to increasing <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/ios-malware-steals-faces-defeat-biometrics-ai-swaps\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">artificial intelligence (AI)-based deepfake threats<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, growing biometric usage by businesses, anticipated new state-level privacy legislation, and a new executive order issued by President Biden this week that includes biometric privacy protections.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">That means that businesses need to be more forward-looking and anticipate and understand the risks in order to build the appropriate infrastructure to track and use biometric content. And those doing business nationally will have to audit their data protection procedures for compliance with a patchwork of regulation, including understanding how they obtain consumer consent or allow consumers to restrict the use of such data and make sure they match the different subtleties in the regulations.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/application-security\/biometrics-regulation-portending-compliance-headaches\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Biometrics Regulation Heats Up, Portending Compliance Headaches<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cloud-security\/choose-the-best-biometrics-authentication-for-your-use-case\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Choose the Best Biometrics Authentication for Your Use Case<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"DR Global: 'Illusive' Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms\">DR Global: &#8216;Illusive&#8217; Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Robert Lemos, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">UNC1549, aka Smoke Sandstorm and Tortoiseshell, appears to be the culprit behind a cyberattack campaign customized for each targeted organization.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Iranian threat group UNC1549 \u2014 also known as Smoke Sandstorm and Tortoiseshell \u2014 is going after aerospace and <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/israel-cyberattacks-and-conflict-partnerships-and-acquisitions\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">defense firms in Israel<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">, the United Arab Emirates, and other countries in the greater Middle East.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Notably, between the tailored employment-focused spear-phishing and the use of cloud infrastructure for command-and-control, the attack may be difficult to detect, says Jonathan Leathery, principal analyst for Google Cloud&#8217;s Mandiant.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The most notable part is how illusive this threat can be to discover and track \u2014 they clearly have access to significant resources and are selective in their targeting,&#8221; he says. &#8220;There is likely more activity from this actor that is not yet discovered, and there is even less information on how they operate once they&#8217;ve compromised a target.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/illusive-iranian-hacking-group-ensnares-israeli-uae-aerospace-and-defense-firms\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">&#8216;Illusive&#8217; Iranian Hacking Group Ensnares Israeli, UAE Aerospace and Defense Firms<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/china-rolls-out-strategy-to-prevent-hacking-from-foreign-entities\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">China Launches New Cyber-Defense Plan for Industrial Networks<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs\">MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">By Jai Vijayan, Contributing Writer, Dark Reading<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">The goal is to give chip designers and security practitioners in the semiconductor space a better understanding of major microprocessor flaws like Meltdown and Spectre.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">With an increasing number of side-channel exploits targeting CPU resources, the MITRE-led Common Weakness Enumeration (CWE) program added four new microprocessor-related weaknesses to its list of common software and hardware vulnerability types.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The CWEs are the result of a collaborative effort among Intel, AMD, Arm, Riscure, and Cycuity and give processor designers and security practitioners in the semiconductor space a common language for discussing weaknesses in modern microprocessor architectures.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The four new CWEs are CWE-1420, CWE-1421, CWE-1422, and CWE-1423.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">CWE-1420 concerns exposure of sensitive information during transient or speculative execution \u2014 the hardware optimization function associated with <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/7-spectre-meltdown-symptoms-that-might-be-under-your-radar\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">Meltdown and Spectre<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> \u2014 and is the &#8220;parent&#8221; of the three other CWEs.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">CWE-1421 has to do with sensitive information leaks in shared microarchitectural structures during transient execution; CWE-1422 addresses data leaks tied to incorrect data forwarding during transient execution. CWE-1423 looks at data exposure tied to a specific internal state within a microprocessor.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more:<\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/four-new-cwes-released-for-microprocessor-architectures\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\"> MITRE Rolls Out 4 Brand-New CWEs for Microprocessor Security Bugs<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/mitre-rolls-out-supply-chain-security-prototype\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">MITRE Rolls Out Supply Chain Security Prototype<\/a><\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"Converging State Privacy Laws &amp; the Emerging AI Challenge\">Converging State Privacy Laws &amp; the Emerging AI Challenge<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold\">Commentary by Jason Eddinger, Senior Security Consultant, Data Privacy, GuidePoint Security<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_italic\">It&#8217;s time for companies to look at what they&#8217;re processing, what types of risk they have, and how they plan to mitigate that risk.<\/span><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Eight US states passed data privacy legislation in 2023, and in 2024, laws will come into effect in four, so companies need to sit back and look deeply at the data they&#8217;re processing, what types of risk they have, how to manage this risk, and their plans to mitigate the risk they&#8217;ve identified. The adoption of AI will make that tougher.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">As businesses map out a strategy to comply with all these new regulations that are out there, its worth noting that while these laws align in many respect, they also exhibit state-specific nuances.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Companies should expect to see many <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/biden-administration-unveils-data-privacy-executive-order\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" rel=\"noopener\">emerging data privacy trends<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> this year, including:<\/span><\/p>\n<div data-component=\"basic-list\" class=\"BasicList BasicList_nestedLevel_0 BasicList_variant_unordered BasicList_limited\">\n<ul data-testid=\"basic-list-unordered\" class=\"BasicList-UnorderedList\">\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"9\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">A continuation of states adopting comprehensive privacy laws. We don&#8217;t know how many will pass this year, but there surely will be much active discussion.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"11\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">AI will be a significant trend, as businesses will see unintended consequences from its usage, resulting in breaches and enforcement fines due to the rapid adoption of AI without any actual legislation or standardized frameworks.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"8\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"11\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">2024 is a presidential election year in the US, which will raise awareness and heighten attention to data privacy. Children&#8217;s privacy is also gaining prominence, with states such as Connecticut introducing additional requirements.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<li>\n<div class=\"BasicList-ListItem BasicList-ListItem_variant_unordered\" readability=\"7\"><span data-component=\"icon\" data-name=\"Circle\" class=\"BasicList-ListIcon BasicList-ListIcon_variant_unordered\"><\/span><\/p>\n<div class=\"BasicList-Item\" readability=\"9\">\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Businesses should also anticipate seeing data sovereignty trending in 2024. Multinationals must spend more time understanding where their data lives and the requirements under these international obligations to meet the data residency and sovereignty requirements to comply with international laws.<\/span><\/p>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Read more: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/cyber-risk\/converging-state-privacy-laws-emerging-ai-challenge\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Converging State Privacy Laws and the Emerging AI Challenge<\/a><\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><span class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\">Related: <\/span><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a href=\"https:\/\/www.darkreading.com\/data-privacy\/privacy-ransomware-top-2024-cyber-insurance\" target=\"_blank\" class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link ContentText-BodyTextChunk_bold ContentText-BodyTextChunk_italic\" rel=\"noopener\">Privacy Beats Ransomware as Top Insurance Concern<\/a><\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/ics-ot-security\/ciso-corner-operationalizing-nist-csf-ai-models-run-amok\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Welcome to CISO Corner, Dark Reading&#8217;s weekly digest of articles<\/p>\n","protected":false},"author":12,"featured_media":2646,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-2645","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=1200%2C800&ssl=1",1200,800,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=300%2C200&ssl=1",300,200,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=640%2C427&ssl=1",640,427,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=640%2C427&ssl=1",640,427,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=1200%2C800&ssl=1",1200,800,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=1200%2C800&ssl=1",1200,800,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=1024%2C683&ssl=1",1024,683,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/03\/ciso-corner-operationalizing-nist-csf-2-0-ai-models-run-amok.jpg?fit=1200%2C800&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2645","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2645"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2645\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/2646"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2645"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2645"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2645"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}