Inside Cybersecurity

February 16, 2025

Daily News

BSA calls for CISA risk-based approach to determine reporting for substantial incidents under upcoming mandatory regime

By Sara Friedman / July 2, 2024

BSA-The Software Alliance is proposing utilizing a risk-based approach to define what should be considered a “substantial cyber incident” that would qualify for mandatory reporting under the Cybersecurity and Infrastructure Security Agency’s upcoming regulatory requirements.

“BSA recommends CISA consider two overarching variables to describe substantial cyber incident: the cyber incident’s impact on a covered entity’s (i) security, that is, the confidentiality, integrity, and availability of its information and information systems and (ii) resilience, that is, its ability to operate under...


Log in to access this content.


Not a subscriber? Sign up for 30 days free access to exclusive news and analysis on cybersecurity regulations and more.