In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues.
The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk.
Show Notes: [ Ссылка ]
#CISOStoriesPodcast #SecurityWeekly #Cybersecurity #informationsecurity
00:00 - Cyber Security Weekly
01:32 - Computer Science
02:22 - Computers and Use of Technology
02:50 - Computer Networks
03:24 - Security Operations Centers
04:30 - What is the proposed rule?
05:04 - How do we make this more of a top-down issue?
06:08 - Cyber Risk
06:44 - Materiality
09:49 - Financial Costs
15:34 - Cyber Risk Oversight
20:12 - SEC has a Band-Aid across publicly just listed companies
22:05 - Cyber Security
