CAMP IT: Enterprise Risk / Security Management
Think of the New SEC Cyber Security Rule as Sarbanes-Oxley (SOX) for Cybersecurity.
It applies to public companies and goes into effect December 15 of 2023.
If any of your customers or vendors are publicly traded companies, it’s just a matter of time before they expect these capabilities from you, as part of their 3rd Party Security Assessments. Because of this, we will all need to comply with the major components of the SEC Cybersecurity rule.
So what are these major components and how can you build the capability to address all of them quickly?
This session will cover how you can gain the following five capabilities:
- Ensure your security program is legally defensible and compliant with the new SEC Cybersecurity Rule, published July 26, 2023.
- Define a “clear line of acceptable risk” below which you accept risks and above which you remediate. This “clear line” allows you to define your “materiality“ as required by the SEC Cyber Security rule.
- Understand the “known risk” to your organization (i.e., your risk FICO score).
- Provide the Board of Directors a roadmap for your cybersecurity program that reduces risk to an acceptable level.
- Communicate risks and justify expenditure requests in business terms.
SPEAKER: Jim Mirochnik