How Executives Make Informed Cyber Decisions
September 19, 2024, at 1:00 P.M. CST
Non-technical executives can truly own cybersecurity when their companies measure, monitor, and manage cybersecurity risk like other parts of their business.
The SEC is only the latest regulator to expect non-technical executives to take ownership of cybersecurity risk management. Regulators argue that when companies pose risks to others those risks needs to be managed, whether they come from business practices, (more…)
CAMP IT: Techniques to Evolve Risk Governance and Comply with SEC Cybersecurity Rule
CAMP IT: Enterprise Risk / Security Management
In today’s highly regulatory environment it is essential that you have a clear understanding of risk across the enterprise. A risk management framework can bring visibility to key business and compliance risks and enable a company to make decisions on where to prioritize its limited resources. It is through a risk management framework that real (more…)
Cyber Firm Reports SEC’s Final Rule Language Causing 10-K Filer Missteps
CHICAGO, Sept. 17, 2024 /PRNewswire/ — HALOCK Security Labs and sister company, Reasonable Risk, recently published a survey report revealing that language in the SEC’s new cybersecurity requirements appears to be confusing executives at public companies. As a result, many 10-K filings now make implausible claims that companies do not foresee a risk that cybersecurity incidents may cause material impacts. Early 10-K filers also (more…)
Annual 10-K Survey 2024
WHAT IS THE ANNUAL 10-K SURVEY?
A publication by HALOCK Security Labs and Reasonable Risk that tracks how well public companies describe their cybersecurity programs in Item 1C of their 10-K disclosures.
WHAT IS ITEM 1C?
Item 1C is a new requirement (as of December 2023) from The SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule for public filers to describe to their investors how (more…)
Q&A with our QSA
The right Qualified Security Assessor (QSA) is crucial to the success of your organization’s security and compliance. HALOCK is fortunate to have a stellar team to support our clients. We are happy to highlight one of our key leaders on PCI, Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM. Get to know her with our quick Q&A:
(more…)
The SEC’s Authority Over Cybersecurity is Both Clear and Confusing
Smart executives can be forgiven for misunderstanding the breadth and limits of regulatory power over cybersecurity. Especially given the SEC’s spectacular scene-stealing actions in 2023 and its wing-clipping in (more…)
PCI SSC Resource Guide: Vulnerability Scans and Approved Scanning Vendors
The PCI Security Standards Council (PCI SSC) has published a Resource Guide: Vulnerability Scans and Approved Scanning Vendors
What is a Vulnerability Scan?
A process for identifying security weaknesses and flaws in systems and software. New vulnerabilities, security holes, and bugs are being discovered daily. Test your systems regularly to identify weaknesses and address them as soon as possible.
What is an Approved Scanning Vendor (more…)
Navigating Cyber Risk Management Options in the Modern Era
Every business inherently faces some degree of risk. It is, ironically, an essential component of success. Establishing a digital presence offers numerous opportunities but also introduces significant risks. While it would be ideal for best-of-breed cybersecurity tools to halt all cyberattacks, such an expectation is currently unrealistic. The objective then is to implement cyber (more…)
Clarification on eCommerce Outsourcing PCI DSS requirements 6.4.3 and 11.6.1
By Viviana Wesley, PCI QSA, ISO 27001 Auditor, CISM
Principal Consultant, Governance, Compliance and Engineering Services
Did you see that version 4.0.1 of the PCI DSS that was recently published?
Within the updated document you will notice that requirements 6.4.3 and 11.6.1 have a new applicability note:
6.4.3 – “This requirement also applies to scripts in the (more…)
PCI SSC North America Community Meeting and Reducing PCI Scope
The PCI SSC North America Community Meetings bring together the brightest minds in payment security. This year’s event took place in Boston, MA on September 10-12. The theme is ‘Shaping the Future of Payment Security‘.
With the release of PCI DSS v4.0, and changing purchase environments, professionals are keen to understand best practices – especially in the area of reducing PCI scope. Toast, Target, and HALOCK (more…)
