Blog Posts Tagged with "SEC"


SEC Shares Cybersecurity and Resiliency Observations

January 30, 2020 Added by:Ionut Arghire

The U.S. Securities and Exchange Commission (SEC) has published a report detailing cybersecurity and operational resiliency practices that market participants have adopted.

Comments  (0)


Falconstor Software Conspired to Bribe Chase Executives

July 02, 2012 Added by:Headlines

The U.S. Attorney’s Office filed a criminal complaint against FalconStor Software, a data storage and protection company, alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank to obtain over $12 million in electronic storage licencing contracts...

Comments  (0)


Achieving Compliance in the Post-Acquisition Context

May 17, 2012 Added by:Thomas Fox

Trust cascades down each level of a company from the Board of Directors to employees and then to customers. Trust is equally important in the M&A context. These ideas are useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture...

Comments  (0)


Cybersecurity Risks in Public Companies: An Infographic

May 07, 2012 Added by:Fergal Glynn

Following new SEC guidance issued relating to disclosure of security risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their security solution and ability to protect intellectual property and customer data...

Comments  (1)


An Enterprise Compliance Dialogue

April 17, 2012 Added by:Thomas Fox

Management must “walk the talk” through both discipline and a system of rewards. The discipline must be clear and delivered decisively. The rewards must be not only direct financial remuneration but also the internal promotion of persons who do business in an ethical manner...

Comments  (0)


Security Weekly News Roundup: Tunnel Vision

February 11, 2012 Added by:Fergal Glynn

As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?

Comments  (0)


Who Will Watch the Watchers?

February 05, 2012 Added by:John Linkous

We have entered a new era of cybersecurity, one where the objective is not to protect against a breach - the majority of large organizations are no longer able to - instead we need to be able to detect them and mitigate the damage done by them...

Comments  (0)


VeriSign Hacked - But Why?

February 03, 2012 Added by:Plagiarist Paganini

The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...

Comments  (0)


SEC Calls for Cohesive Incident Response and Reporting

December 09, 2011 Added by:Steven Fox, CISSP, QSA

This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...

Comments  (0)


Accounting for Cybersecurity

November 20, 2011 Added by:John Nicholson

Companies now face the unenviable task of deciding what aspects of cyber incidents or risks are “material” and disclosing them, with the knowledge that the sophisticated and determined nature of cyber-attackers makes predicting the nature of an attack and its consequences incredibly difficult...

Comments  (0)


The Compliance Function in Pre-Acquisition Due Diligence

November 14, 2011 Added by:Thomas Fox

Admittedly, the time during any due diligence for an assessment of compliance is limited. This may well lead to a purchasing entity completing a transaction with unknown compliance risks in place. This can have several negative consequences, including successor liability...

Comments  (0)


SEC Issues Guidance on Security Incident Disclosure

October 31, 2011 Added by:David Navetta

What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...

Comments  (0)


SEC to Enterprises: Account for Cybersecurity

October 14, 2011 Added by:Chris Blask

On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...

Comments  (0)


Why Data Centers Don't Need SSAE 16

August 24, 2011 Added by:david barton

I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...

Comments  (9)


SEC Fines Executives for Privacy and Security Violations

April 21, 2011 Added by:David Navetta

Companies have to assess the adequacy of their privacy and data security practices, including understanding the privacy and data security legal requirements that could impact the company’s business, ensuring that the company’s practices are consistent with those requirements...

Comments  (0)


Did Heartland CEO Make Insider Trades?

January 29, 2011 Added by:Anthony M. Freed

Heartland Payment Systems (HPY) and Federal investigators have released more details about the nature of the massive data breach made public last week, but have refused to pinpoint the exact date that Heartland first became aware there may have been a problem with their network security...

Comments  (0)

Page « < 1 - 2 > »