Tim Erlin writes:
Requirements for reporting cybersecurity incidents to some regulatory or government authority are not new, but there has always been a large amount of inconsistency, globally, in exactly what the requirements are. More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting of cybersecurity incidents. Here’s a brief rundown of the recent activity.
Read more at The State of Security. Erlin is advocating for balancing the trend towards faster notification with also focusing on completed and quality analyses of incidents. All too often, we do not get to see such analyses.