Compliance Week: Almost Everybody is Unprepared for SEC Cybersecurity Disclosures. But You Can Get Through This.
When: October 24, 2023 - October 24, 2023
Description: Just how, exactly, are you going to describe your company’s cybersecurity strategy, governance, and risk management program in your 10-K? You need to know what governance is, right? And how that’s different from strategy? And how cybersecurity risk management is … something that executives’ roles and … board director sign-off … and reasonable investors too … right? Oh, and materiality, too. Got it. For most companies, 10-Ks will be hard to fill out because U.S. companies generally don’t run cybersecurity through governance, strategy, or risk management programs. At least not in a way that could withstand review by inquiring analysts or investors. Most public companies do, however, provide demonstrable (and prudent) disclosures. So how will your 10-K cybersecurity disclosures be both accurate and not scare away reasonable investors?
In this presentation, Chris Cronin will help you understand what cybersecurity strategy, governance, and risk management are, and will show you how to use an emerging definition for reasonable cybersecurity controls to help you define materiality. Your first 10-K will likely be a light touch among many pretty weird 10-Ks that other companies will file. But your 2024 preparation for your second filing can put you ahead of your competitors.
ISACA North Texas: 5 Things You Can Do Now To Survive A Breach
When: December 15, 2023 - December 15, 2023
Where: Sheraton DFW Airport Hotel
Description: It will happen. When you find out matters. How can you limit the damage from your next breach incident? HALOCK Security Labs’ founder, Terry Kurzynski, will present the 5 must-haves: to save the company. When the breach happens all eyes are on the CISO with one question, how did this happen? Your governance process and risk methods tell a story about the organization’s security consciousness. Were the correct controls prioritized? Did you think about who could be harmed? Was the breach incident foreseeable? What is the organization’s definition of acceptable risk? Did you have reasonable controls in place? How long were those vulnerabilities known? All that and more in a session you don’t want to miss. Speaker: Terry Kurzynski, Senior Partner at HALOCK Security Labs