In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues. The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk.

 

Visit https://securityweekly.com/csp for all the latest episodes!

 Follow us on Twitter: https://www.twitter.com/cyberleaders

Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

 

Show Notes: https://securityweekly.com/csp122