Posts Tagged ‘cybersecurity’
Comments on SEC Cyber Proposal
We continue our focus on cybersecurity compliance today with a return to the SEC’s proposals for expanded disclosure of cybersecurity risk in corporate reports. The public comment period for those proposals closed last week, and compliance officers have a bundle of interesting points to ponder. The SEC received dozens of comments, and to no surprise…
Read MoreSome Thoughts on IT Workforce Risks
Looking for another reason to worry about the long-term success of your compliance, audit, or risk management efforts? Fear not! A recent report on workforce development in cybersecurity paints a stark picture of just how challenging it is these days to build and maintain a good team. The report comes from ISACA, the professional association…
Read MoreRussia’s Effect on Supply Chains, Compliance Risk
The Ethics & Compliance Initiative hosted its annual conference this week, including a panel discussion about Russia’s war against Ukraine and its long-term implications for corporate ethics and compliance. The speakers spooled out a bundle of useful observations, so let’s take a few minutes to recap those points and ponder them a bit more. The…
Read MoreSEC’s Push for Better Cyber Governance
Today I want to revisit the SEC’s proposed new rules requiring public companies to disclose more about their cybersecurity risks. Those plans would obligate companies to discuss how the board and senior management address cybersecurity risk at a strategic, enterprise level. What’s that all about? In a previous post about the SEC proposals, I considered…
Read MoreSEC Proposes Cyber Disclosure Rules
The Securities and Exchange Commission has proposed new rules that would require all public companies to disclose much more about how they manage cybersecurity risks and to disclose “material cybersecurity incidents” to investors promptly. The commission voted to propose the new rules on Wednesday morning — and to be clear, these are proposed new rules,…
Read MoreBulletin on Russia Cyber Threat
The United States’ top cybersecurity regulator published a special bulletin this week listing numerous measures companies should implement immediately to ward off possible attacks from Russia during its Ukraine invasion. CISA, the Cybersecurity Infrastructure and Security Agency, issued the bulletin on Tuesday in conjunction with the Department of Homeland Security. Both agencies stressed that they…
Read MoreJustice Dept. Beefs Up Cyber Actions
Just in time for Russia’s invasion of Ukraine and the cyber attacks that inevitably will follow, the Justice Department is promising to use “disruptive action” against cyber criminals, even if those actions jeopardize the department’s chance for future charges and arrests. So said deputy attorney general Lisa Monaco on Thursday, speaking at the annual Munich…
Read MoreRansomware Update: It Still Sucks
We have a trio of reminders this week on the perilous state of corporate cybersecurity, with ransomware becoming an ever-more sophisticated threat and business ERP systems still persistently vulnerable to attack. Compliance professionals should take note, since effective strategies to combat ransomware depend on a strong compliance function. First is the latest alert from the…
Read MoreLog4j: We Have to Talk About This
By now compliance and audit professionals may have heard about the cybersecurity vulnerability called Log4j. This will foremost be a problem for IT security officers; but Log4j also illuminates a lot of challenges that audit, compliance, and risk management challenges will face in the 2020s. So let’s unpack the issues afoot here. First, the background.…
Read MoreNotes on Cybersecurity and Operational Risk
Last week one of the country’s top banking regulators published its semi-annual report on risks to the financial system, and to no surprise cybersecurity risk was near the top. The more one ponders the findings, however, the more you can see insights about cybersecurity, internal control, and innovation that are worth the time of a…
Read More