Regulation Updates
Cybersecurity in Financial Disclosures: 11 Topics Your Section 1C of 10-K Filings Should Address
Last year, the Securities and Exchange Commission (SEC) announced new disclosure rules for publicly traded companies. Regulation S-K Item 106, which mandates cybersecurity disclosures in corporate 10-K filings, sheds light on how ...
NIST CSF 2.0: Everything You Need to Know About the Update
In November of 2023, we published this handy guide covering all the proposed changes to NIST CSF for those anticipating the long-awaited updates to this flexible and ubiquitous framework. That day has ...
2023 Regulatory Roundup: All the Major Compliance Changes that Happened
Life comes at you fast, and that’s especially true for CISOs grappling with the many compliance risks in cybersecurity. From greater regulatory pressures and heightened privacy standards to increased personal liability, topped ...
Embracing ESG Risk Management: It’s Simpler Than You Imagine
Everywhere business executives look these days, the discussion is turning to “ESG” — environmental, social, and governance issues — and how a company can demonstrate that it has its own ESG house ...
What’s New in SOC 2®: A Comprehensive Guide to the 2023 Revisions
The compliance landscape is constantly evolving, and so are the standards that govern it. SOC 2®, a widely recognized framework for assessing service organizations’ controls, has recently undergone revisions. In this blog ...
Has 2023 been the year of risk? Updates on our 8 predictions
It’s been about six months since we released our top eight predictions for 2023, which covered everything from org chart changes and crypto regulation to the new FTC Safeguards Rule. Were our ...
Has 2023 been the year of risk? Updates on our 8 predictions
It’s been about six months since we released our top eight predictions for 2023, which covered everything from ... Read More The post Has 2023 been the year of risk? Updates on ...
How to Upgrade Your Security Program from ISO 27001:2013 to ISO 27001:2022
Learn about what’s new with ISO 27001:2022, the rollout and adoption schedule, and 5 steps can take to get ready for a successful upgrade. The post How to Upgrade Your Security Program ...
Identifying a ‘Material Cyber Event’
The SEC wants publicly traded companies to disclose “material cybersecurity incidents” within four days of determining that an incident would indeed be material to investors. So, um, what does that mean? The ...
What the SEC Can Tell Us About Board Governance of Cyber Risk
Last month, we launched a series of posts examining the Securities and Exchange Commission’s proposed rules requiring public ... Read More The post What the SEC Can Tell Us About Board Governance ...
