The Securities and Exchange Commission (SEC) proposed a report and consequences

SEC Rule, Report, Cyber, Cybersecurity,

What is the new SEC proposed regulation?

The Securities and Exchange Commission (SEC) has proposed a change regarding cybersecurity disclosures and how they will impact public companies. The rules cover various topics, including cybersecurity, environmental, social, and governance issues. The proposed changes will reshape the cybersecurity function, with increased expectations around incident disclosure and response, board-level involvement, and supply chain scrutiny.

What are the most impactful rules, and how will SEC change impact you

  • Material Cybersecurity Incidents Reported Within 4 Business Days: Companies must report any incident that jeopardizes the confidentiality, integrity, or availability of their information systems or any information residing therein. This includes accidental data exposure or inadvertent data sharing. The report should include when the incident was discovered, whether it is ongoing, a brief description of the incident, whether any data was stolen, altered, accessed, or used for any other unauthorized purpose, the effect of the incident on the company’s operations, and whether the company has remediated or is currently remediating the incident.
  • Cybersecurity Incident Disclosure in Periodic Reports: The proposed rule does not require public companies to file a separate Form 8-K for such updates; rather, this information would be disclosed in the next filed quarterly or annual report.
  • Periodic Disclosures of Cybersecurity Risk Management Policies and Procedures: Companies must disclose if they have a cybersecurity risk assessment program and provide a description of the program. They must also disclose their policies and procedures to oversee and identify the cybersecurity risks associated with the use of any third-party service provider, activities undertaken to prevent, detect and minimize effects of cybersecurity incidents, and whether the company has business continuity, contingency and recovery plans in the event of a cybersecurity incident.
  • Governance Disclosures Regarding Cybersecurity: Companies must disclose whether the entire board, specific board members, or a board committee is responsible for the oversight of cybersecurity risks. They must also disclose the process and frequency by which the board is informed about cybersecurity risks and whether and how the board or board committee considers cybersecurity risks as part of its business strategy, risk management, and financial oversight.

How can Security Phoenix Help 

Phoenix security enables organizations to ingest vulnerabilities from multiple locations, aggregating them into products and visualizing the risk level of those products. The Phoenix security platform can help with disclosure, reporting and monitoring of specific assets and related vulnerabilities as well as the remediation plan

shift smart, risk based, vulnerability management, phoenix security

Phoenix security cutting-edge contextual risk-based algorithms enable organisations to prioritise application security vulnerabilities based on context and probability of exploitation and present a unified impact analysis.

The cutting-edge vulnerability selection engine enables organisations to set risk-based targets that translate into specific actions for engineers. 

Get a Free Assessment today

Moreover, Phoenix Security’s correlation capabilities can help organizations link the activities in the code with the context in the shift-right part, ensuring that issues are identified and addressed proactively. Using Phoenix Security’s scorecard, organizations can create a common language between the security, development, and business teams, ensuring everyone is aligned and focused on achieving the same goals.

Francesco is an internationally renowned public speaker, with multiple interviews in high-profile publications (eg. Forbes), and an author of numerous books and articles, who utilises his platform to evangelize the importance of Cloud security and cutting-edge technologies on a global scale.

Discuss this blog with our community on Slack

Join our AppSec Phoenix community on Slack to discuss this blog and other news with our professional security team

From our Blog

Phoenix Security, the next-gen leader in Application Security Posture Management and Unified Vulnerability Management, welcomes Lee Vorthman, Ciso of ORACLE advertising to the advisory board
Francesco Cipollone
Owasp top 10 has been a pillar over the years; sister to CWE – Common Weakness Enumeration we provide an overview of the top software vulnerabilities and web application security risks with a data-driven approach focused on helping identify what risk to fix first.
Francesco Cipollone
The Cloud Security and AppSec teams at Phoenix Security are pleased to bring you another set of new Phoenix Security features and improvements for vulnerability management across application and cloud security engines. This release builds on top of previous releases with key additions and progress across multiple areas of the platform. Asset and Vulnerability Management – Associate assets with multiple Applications and Environments – Mapping of vulnerabilities to Installed Software – Find Assets/Vulns by Scanner – Detailed findings Location information Risk-based Posture Management – Risk and Risk Magnitude for Assets – Filter assets and vulnerabilities by source scanner Integrations – BurpSuite XML Import – Assessment Import API Other Improvements – Improved multi-selection in filters – New CVSS Score column in Vulnerabilities
Alfonso Eusebio

Join our Mailing list!

Get all the latest news, exclusive deals, and feature updates.

x Logo: ShieldPRO
This Site Is Protected By