5 recommendations for acing the SEC cybersecurity rules
- by nlqip
4. Test your incident response plans thoroughly
Organizations must have designated people and formal processes in place to determine the “material impact” of an incident and to communicate with relevant authorities by the stipulated deadlines.
Testing and preparedness of incident response plans will be crucial. Sometimes when groups are brought together from a diverse set (legal, IT, finance, third parties, etc.), but are not accustomed to working together, then this can cause unwarranted confusion during mitigation efforts.
5. Return to fundamentals
In cybersecurity, it’s always wise to sort out the basics. Understand what constitutes a material breach. If you’re a public company, there should already be legal and business teams that are fully versed in the concept of materiality and have experience applying it in other contexts. Learn from them. Evaluate any existing oversight structures at the board and management level and determine whether any improvements are needed. For example, providing ample space for security discussion on the board agenda or appointing a dedicated cybersecurity committee.
Source link
lol
4. Test your incident response plans thoroughly Organizations must have designated people and formal processes in place to determine the “material impact” of an incident and to communicate with relevant authorities by the stipulated deadlines. Testing and preparedness of incident response plans will be crucial. Sometimes when groups are brought together from a diverse set…
Recent Posts
- Microsoft Edge will flag extensions causing performance issues
- Sophos CEO On How EDR Vendors, Microsoft Are ‘Rethinking’ Security After CrowdStrike Outage
- This Windows PowerShell Phish Has Scary Potential – Krebs on Security
- Unexplained ‘Noise Storms’ flood the Internet, puzzle experts
- Tor says it’s “still safe” amid reports of police deanonymizing users