SEC Final Rule on Cybersecurity Explained | #CISOlife
By SideChannel - vCISO & Enclave Zero-Trust Platform
Community Score: 50% | 2.1K views | 2y
0 community ratings: null thumbs up, null thumbs down
Item 1.05 – Disclosing material cybersecurity incidents This seems to be the most talked about aspect of the amendment. It requires “any cybersecurity incident they determine to be material and to describe the material aspects of the incident’s nature, scope, and timing, as well as its material impact or reasonably likely material impact on the registrant. An Item 1.05 Form 8-K will generally be due four business days after a registrant determines that a cybersecurity incident is material.” There are 2 caveats to this if the disclosure poses a substantial risk to national security or if there’s a conflicting Federal requirement to report. On the latter, there is only 1 identified by the SEC and that’s for those under FCC regulations where a seven day reporting is required. Each company will have to determine what is “material” to them. Most conversations I’ve seen center this on the financial team determining impact based on revenue or profit. The definition of material will ultimate
Tags: NIST, Strategy, sidechannel, cybersecurity, informationsecurity, controls, smallbusiness, cyber, leadership, ciso, cio, security, left of boom, cisolife, hacking, hack, cmmc, dod
Communities
- Science & Tech — 0 upvotes, 0 comments
More from SideChannel - vCISO & Enclave Zero-Trust Platform
- Who Actually Owns Security | MSPs, MSSPs, and the Case for the vCISO — Score: 50%
- SOC 2 Platforms & Promises | Delve | #CISOlife — Score: 50%
- Protecting your Business with DJ Fuller and Brian Haugli — Score: 50%
- Protecting your Business with DJ Fuller and Brian Haugli — Score: 50%
- Bridging Business Strategy and Cybersecurity — Score: 50%
- Five Outcomes to Build your Cloud Strategy | Dutch Schwartz — Score: 50%