At a glance.
- Comment on the US SEC's proposed cybersecurity rules.
- CISA announced new members of its Advisory Board.
Comment on the US SEC's proposed cybersecurity rules.
Earlier this month the US Securities and Exchange Commission (SEC) proposed a set of rules involving cybersecurity risk management and reporting:
"First, it would require mandatory, ongoing disclosures on companies’ governance, risk management, and strategy with respect to cybersecurity risks. This would allow investors to assess these risks more effectively. For example, under the proposed rules, companies would disclose information such as:
- "management’s and the board’s role and oversight of cybersecurity risks;
- "whether companies have cybersecurity policies and procedures; and"
- how cybersecurity risks and incidents are likely to impact the company’s financials.
"Second, it would require mandatory, material cybersecurity incident reporting. This is critical because such material cybersecurity incidents could affect investors’ decision-making.
"When companies have an obligation to disclose material information to investors, they must be complete and accurate. Their disclosures also should be timely. Today’s proposal would specify when and what information about cybersecurity incidents companies must disclose in a current report, such as on Form 8-K. It also would require updates in periodic reports to give investors more complete information on previously disclosed, material cybersecurity incidents."
The SEC has issued announcements covering three changes:
- Expansion and updates to Regulation Systems Compliance and Integrity (SCI).
- Requirements for specific classes of entities to address cybersecurity risk.
- Customer protection through enhanced disclosure rules.
Security Week has a brief overview of the proposed rules' implications. Lowenstein Sandler encourages entities likely to be affected to review the proposed rules and offer public comment on them.
CISA announced new members of its Advisory Board.
The US Cybersecurity and Infrastructure Security Agency (CISA) has announced new members of its advisory board. They represent a mix of experience in the public and private sector. The new members are:
- Dave DeWalt, CEO and Founder, NightDragon
- Brian Gragnolati, President and CEO, Atlantic Health System
- Royal Hansen, Vice President of Privacy, Safety and Security Engineering, Google
- Chris Inglis, Former U.S. National Cyber Director
- Rahul Jalali, Senior Vice President and Chief Information Officer, Union Pacific
- John Katko, Former Representative for New York's 24th District
- Jim Langevin, Former Representative for Rhode Island's 2nd District
- Cathy Lanier, Senior Vice President and Chief Security Officer, National Football League
- Doug Levin, Co-Founder and National Director, K12 Security Information eXchange (SIX)
- Ciaran Martin, Former CEO, National Cyber Security Centre (United Kingdom)
- Robert Scott, Commissioner, New Hampshire Department of Environmental Services
- Kevin Tierney, Vice President and Chief Cybersecurity Officer, General Motors
- Alex Tosheff, Senior Vice President and Chief Security Officer, VMware