SEC Cybersecurity Risk Governance Requirements - Christopher Hetner - CSP #122
CISO Stories Podcast (Audio) · SC Media
Audio is streamed directly from the publisher (dts.podtrac.com) as published in their RSS feed. Play Podcasts does not host this file. Rights-holders can request removal through the copyright & takedown page.
Show Notes
In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues. The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk.
Visit https://securityweekly.com/csp for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/cyberleaders
Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
Show Notes: https://securityweekly.com/csp122