Wednesday, October 19, 2011

SEC Issues Cybersecurity Reporting Guidance

Assessment of InfoSec Risks Also Mandated

Following a spate of high-profile data and privacy breaches afflicting publicly-traded companies, the SEC has issued "CF Disclosure Guidance: Topic 2." This Guidance describes factors that influence what and when to disclose concerning incidents and risks of incidents. Disclosures may include:
  • Discussion of aspects of the registrant’s business or operations that give rise to material cybersecurity risks and the potential costs and consequences

  • To the extent the registrant outsources functions that have material cybersecurity risks, description of those functions and how the registrant addresses those risks

  • Description of cyber incidents experienced by the registrant that are individually, or in the aggregate, material, including a description of the costs and other consequences

  • Risks related to cyber incidents that may remain undetected for an extended period

  • Description of relevant insurance coverage
The Guidance also requires registrants to report conclusions on the effectiveness of disclosure controls and procedures. Specifically, "management should also consider whether there are any deficiencies in its disclosure controls and procedures that would render them ineffective." Reading between the lines, management should assess whether deficiencies in the ability to detect cybersecurity incidents, whether from external threats or from insiders misusing approved access rights, have an impact on the effectiveness of disclosure controls.

A well-balanced portfolio of internal controls encompasses both prevention and detection of cybersecurity incidents (both internal and external), in order to reduce operational and reporting risk. Veriphyr Identity and Access Intelligence is the first application to detect enterprise user access vulnerabilities with a hosted, on-demand delivery model, not with site-deployed software or hardware. Veriphyr analyzes identities, activity, and privileges to expose access weaknesses that enable insiders and intruders to capture, leak, or alter data through breach of systems, applications, databases, and networks.

Click below to share this article and subscribe to our newsfeed!

No comments:

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at