Patrick Benoit, a seasoned security leader and CyberEdBoard member, advises security leaders to lead by example and not worry about showing any of their own vulnerabilities, not least when they make a mistake. "It's OK to fail or misstep … That's what makes you a stronger leader," he said.
Check Point and Mimecast will each pay regulators nearly $1 million to settle charges of making materially misleading disclosures related to the SolarWinds Orion hack. The SEC alleged public disclosures from Check Point and Mimecast didn't capture the severity of the compromise.
The increasingly regulated landscape of cybersecurity is changing across Europe, America and Asia. Rohan Massey, partner at Ropes & Gray, speaks about the complexities organizations face and the importance of strategic prioritization to comply with regulatory challenges effectively.
Walker Newell and David Anderson of Woodruff Sawyer discuss how the SolarWinds case reshaped SEC regulations. CISOs must build closer ties with legal and compliance teams to manage risk and leverage new rules and ensure effective governance and incident response.
Security teams spend hundreds of hours each year gathering controls evidence
to demonstrate regulatory compliance. With more requirements on the horizon
and an expanding cyber threat landscape, that burden only stands to increase.
The most effective path out of the mire of manual evidence...
The SEC’s actions on the SolarWinds CISO have sparked a debate: Should chief information security officers be worried about personal liability related to cyberattacks on their watch?
Cybersecurity risk is a business risk, yet when a data breach occurs, it is the CISO’s job on the line. How can a CISO ensure...
The U.S. Securities and Exchange Commission's requirement for publicly traded companies to report cyber incidents that have a material impact within four days is "not about playing gotcha with public companies," said the commission’s director of the corporation finance division.
The BlackCat ransomware group tattled to U.S. federal regulators about an alleged victim not disclosing a material cyberattack within four business days. The group, also known as Alphv, listed MeridianLink on its data leak site and threatened to leak stolen data.
This white paper covers the disclosures required by the new SEC rules, the challenges these disclosures present to cybersecurity professionals and tips for managing these challenges with cybersecurity risk management software.
Newly passed cybersecurity rules from the SEC signal a renewed interest in regulating...
The fallout from the SEC's charges of fraud and internal control failures against SolarWinds and its CISO has implications for the industry. Cordery Compliance attorney Jonathan Armstrong advises security leaders to "take heed and remember that the actions of today can determine your fate tomorrow."
In July 2023, the U.S. Securities and Exchange Commission (SEC) finalized a new ruleset focused on cybersecurity disclosure and reporting requirements. Publicly traded companies, SEC registrants and organizations of all sizes will need to prepare for these regulation changes in order to be SEC compliant.
The...
With the new SEC regulation requirements, you need a trusted partner who can help you build the right program for a strong security posture by the December deadlines. Optiv has been recognized as a Leader in the 2023 IDC MarketScape for Cybersecurity Risk Management Services, a report that rigorously evaluates and...
Experts discuss the top things that companies, board directors and cyber leaders need to do now to be ready for compliance since the SEC fast-tracked adoption of its cybersecurity disclosure rules.
The SEC has pushed forward their disclosure rules, regarding cybersecurity risk management, strategy and governance. Additionally, they are requiring a two-part disclosure requirement for both annual and significant events statements.
Download this guide to help you:
Create a comprehensive roadmap and plan to...
The new Securities & Exchange Commission Cyber Rules mandate a transformation in how publicly traded companies manage cyber risk. To comply, they’ll need to build and deploy systems – within the next five months – to identify, measure and report cyber risk “materiality”. But, current methods are inadequate...
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.