10/7/2023 0 Comments Cybersecurity recent news![]() Given that a Google search for cybersecurity websites produces millions of results, we thought we thought we'd compile a list of the best. All Rights Reserved.The information security landscape is constantly evolving, which is why it's so important to stay up to date with the latest trends, threats, and advancements. (Corrected on July 28)Ĭopyright ©2022 Dow Jones & Company, Inc. An earlier version of this article incorrectly said he serves on Isaca’s board. Write to James Rundle at & Amplifications Michael Oberlaender serves on the board of Isaca’s Greater Houston chapter. “If I were a CISO and I didn’t have a supporter or advocate in the boardroom, I wouldn’t take that job,” he said. “The target on the CISO’s back just got a heck of a lot bigger because the board doesn’t have a lot of added accountability on these issues,” saidįounder and CEO of the Digital Directors Network, which advocates for boards to include directors with technical knowledge. That may also increase the pressure on security chiefs, who have been grappling with the prospect of increasing legal liability risks of their job. Some issues, such as those involving insurance, may not be purely technical matters and will require other expertise to explain, she said. It will be important for CISOs to bring in legal and other experts to help them explain the broader financial implications of material cybersecurity incidents, she said. “CISOs are going to be in the boardroom more,” said Dominique Shelton Leipzig, a partner in the cybersecurity and data privacy practice at law firm Mayer Brown. The SEC didn’t change a requirement for companies to report cyberattacks four business days after they determine it may have a material impact on their operations, meaning directors will need to be able to get up to speed quickly. ![]() But there’s a long tail of small-to-medium-sized public companies that are probably going to have to figure this out,” he said.Ī likely outcome is that boards will be engaging more with the executives responsible for cyber risk management. “A big chunk of the Fortune 500 have got this reasonably well-covered. Many larger companies, particularly those in highly regulated critical infrastructure sectors such as financial services, won’t need to dramatically adjust their approach to board oversight, said Phil Venables, CISO at “When we see enterprises with security expertise on the board, they’re better equipped to make decisions about risk but also make decisions about future business initiatives,” she said. “Disclosing the oversight process is a motivator to get more board expertise-or it should be,” said Baer, who was part of the office of the CISO atĪWS cloud company until this month. This means that even if boards don’t have to disclose which directors have experience in cybersecurity issues, they still need people with that knowledge, said Merritt Baer, field chief information security officer at cloud security provider Lacework. Directors are expected to exercise oversight of cybersecurity risk management processes, and those must be detailed in annual reports, according to the final rule. The SEC didn’t let boards entirely off the hook. Many larger companies won’t need to dramatically adjust their approach to board oversight, said Phil Venables, CISO at Google Cloud.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |