New SEC Rules around Cybersecurity Incident Disclosures

9 months ago AndyC

New SEC Rules around Cybersecurity Incident Disclosures
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents.

New SEC Rules around Cybersecurity Incident Disclosures

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules:

  1. Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk.
  2. Public companies must “describe their processes, if any, for assessing, identifying, and managing material risks from cybersecurity threats” in their annual filings.

The rules go into effect this December.

In an email newsletter, Melissa Hathaway wrote:

Now that the rule is final, companies have approximately six months to one year to document and operationalize the policies and procedures for the identification and management of cybersecurity (information security/privacy) risks. Continuous assessment of the risk reduction activities should be elevated within an enterprise risk management framework and process. Good governance mechanisms delineate the accountability and responsibility for ensuring successful execution, while actionable, repeatable, meaningful, and time-dependent metrics or key performance indicators (KPI) should be used to reinforce realistic objectives and timelines. Management should assess the competency of the personnel responsible for implementing these policies and be ready to identify these people (by name) in their annual filing.

News article.

Tags: , , , , ,

Sidebar photo of Bruce Schneier by Joe MacInnis.

About Author

AndyC

Andy Curtis is an award-winning security consultant, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by state and federal government, leading healthcare and banking providers across three continents. He has given talks about computer security for some of the world’s largest companies, worked with law enforcement agencies on investigations into hacking groups, and is a regular voice on TV and radio explaining IT security threats.

See author's posts

Tags: , , , , , , , , , , , , , , ,

More Stories

Experts warn of BIG-IP Next Central Manager flaws that allow device takeover

Experts warn of BIG-IP Next Central Manager flaws that allow device takeover

6 hours ago AndyC
Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster

Smashing Security podcast #371: Unmasking LockBitsupp, company extortion, and a Tinder fraudster

12 hours ago AndyC
LockBit gang claimed responsibility for the attack on City of Wichita

LockBit gang claimed responsibility for the attack on City of Wichita

18 hours ago AndyC
New TunnelVision technique can bypass the VPN encapsulation

New TunnelVision technique can bypass the VPN encapsulation

18 hours ago AndyC
LiteSpeed Cache WordPress plugin actively exploited in the wild

LiteSpeed Cache WordPress plugin actively exploited in the wild

24 hours ago AndyC
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

24 hours ago AndyC

You may have missed

Formas en que los responsables de TI pueden hacer frente a la Ley de Inteligencia Artificial de la UE

Formas en que los responsables de TI pueden hacer frente a la Ley de Inteligencia Artificial de la UE

3 hours ago AndyC
SAP, IBM Consulting partner to offer genAI-based services

SAP, IBM Consulting partner to offer genAI-based services

3 hours ago AndyC
El mercado global de tecnología jurídica alcanzará los 50.000 millones de dólares

El mercado global de tecnología jurídica alcanzará los 50.000 millones de dólares

3 hours ago AndyC
Qualcomm AI Hub: tecnología generativa accesible y personalizable

Qualcomm AI Hub: tecnología generativa accesible y personalizable

3 hours ago AndyC
Essential skills and traits of chief AI officers

Essential skills and traits of chief AI officers

3 hours ago AndyC

Subscribe To InfoSec Today News

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

World Wide Crypto will use the information you provide on this form to be in touch with you and to provide updates and marketing.