Blog Posts Tagged with "SEC"
SEC Shares Cybersecurity and Resiliency Observations
January 30, 2020 Added by:Ionut Arghire
The U.S. Securities and Exchange Commission (SEC) has published a report detailing cybersecurity and operational resiliency practices that market participants have adopted.
Comments (0)
Falconstor Software Conspired to Bribe Chase Executives
July 02, 2012 Added by:Headlines
The U.S. Attorney’s Office filed a criminal complaint against FalconStor Software, a data storage and protection company, alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank to obtain over $12 million in electronic storage licencing contracts...
Comments (0)
Achieving Compliance in the Post-Acquisition Context
May 17, 2012 Added by:Thomas Fox
Trust cascades down each level of a company from the Board of Directors to employees and then to customers. Trust is equally important in the M&A context. These ideas are useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture...
Comments (0)
Cybersecurity Risks in Public Companies: An Infographic
May 07, 2012 Added by:Fergal Glynn
Following new SEC guidance issued relating to disclosure of security risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their security solution and ability to protect intellectual property and customer data...
Comments (1)
An Enterprise Compliance Dialogue
April 17, 2012 Added by:Thomas Fox
Management must “walk the talk” through both discipline and a system of rewards. The discipline must be clear and delivered decisively. The rewards must be not only direct financial remuneration but also the internal promotion of persons who do business in an ethical manner...
Comments (0)
Security Weekly News Roundup: Tunnel Vision
February 11, 2012 Added by:Fergal Glynn
As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?
Comments (0)
Who Will Watch the Watchers?
February 05, 2012 Added by:John Linkous
We have entered a new era of cybersecurity, one where the objective is not to protect against a breach - the majority of large organizations are no longer able to - instead we need to be able to detect them and mitigate the damage done by them...
Comments (0)
VeriSign Hacked - But Why?
February 03, 2012 Added by:Plagiarist Paganini
The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...
Comments (0)
SEC Calls for Cohesive Incident Response and Reporting
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
Comments (0)
Accounting for Cybersecurity
November 20, 2011 Added by:John Nicholson
Companies now face the unenviable task of deciding what aspects of cyber incidents or risks are “material” and disclosing them, with the knowledge that the sophisticated and determined nature of cyber-attackers makes predicting the nature of an attack and its consequences incredibly difficult...
Comments (0)
The Compliance Function in Pre-Acquisition Due Diligence
November 14, 2011 Added by:Thomas Fox
Admittedly, the time during any due diligence for an assessment of compliance is limited. This may well lead to a purchasing entity completing a transaction with unknown compliance risks in place. This can have several negative consequences, including successor liability...
Comments (0)
SEC Issues Guidance on Security Incident Disclosure
October 31, 2011 Added by:David Navetta
What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...
Comments (0)
SEC to Enterprises: Account for Cybersecurity
October 14, 2011 Added by:Chris Blask
On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...
Comments (0)
Why Data Centers Don't Need SSAE 16
August 24, 2011 Added by:david barton
I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...
Comments (9)
SEC Fines Executives for Privacy and Security Violations
April 21, 2011 Added by:David Navetta
Companies have to assess the adequacy of their privacy and data security practices, including understanding the privacy and data security legal requirements that could impact the company’s business, ensuring that the company’s practices are consistent with those requirements...
Comments (0)
Did Heartland CEO Make Insider Trades?
January 29, 2011 Added by:Anthony M. Freed
Heartland Payment Systems (HPY) and Federal investigators have released more details about the nature of the massive data breach made public last week, but have refused to pinpoint the exact date that Heartland first became aware there may have been a problem with their network security...
Comments (0)
- SecurityWeek Names Ryan Naraine as Editor-at-Large
- Why Cyber Security Should Be at the Top of Your Christmas List
- United States Federal Government’s Shift to Identity-Centric Security
- How Extreme Weather Will Create Chaos on Infrastructure
- BSIMM11 Observes the Cutting Edge of Software Security Initiatives
- Sustaining Video Collaboration Through End-to-End Encryption
- Will Robo-Helpers Help Themselves to Your Data?
- Securing the Hybrid Workforce Begins with Three Crucial Steps
- A New Strategy for DDoS Protection: Log Analysis on Steroids
- COVID-19 Aside, Data Protection Regulations March Ahead: What To Consider