- Chief Compliance Officer and VP of Legal Affairs, Arrow Electronics
By 
Adrianne Appel2023-08-25T13:40:00
Businesses can prepare for the Securities and Exchange Commission’s (SEC) upcoming cybersecurity disclosure rule by going through it and identifying key gaps in compliance, according to an expert.
The final rule adopted by the SEC in July includes two major parts, noted Mary Tarchinski-Krzoska, market adviser for risk and compliance at software provider AuditBoard. Tarchinski-Krzoska spoke Tuesday during a session at a conference in Las Vegas jointly sponsored by ISACA, formerly the Information Systems Audit and Control Association, and the Institute of Internal Auditors.
One part of the rule requires companies to disclose annually new information, starting with reports for fiscal years ending on or after Dec. 15, 2023, that describes their cybersecurity policies and programs, including how risks are identified and mitigated. The other part pertains to cybersecurity breaches and will require companies to promptly determine whether a breach was material; if so, they must report details in a disclosure with the SEC within four business days.
THIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.
News and analysis for the well-informed compliance or audit exec.
Register for free
Access one free, non-premium article each month.
Complimentary CPE webcasts, resources, and e-Books.
Annual Membership best value
Subscribe now for $365
Our lowest price ($1 per day) for one year.
MGM Resorts International said it expects to take a $100 million hit as part of the fallout of a cyberattack that has most significantly impacted its Las Vegas operations.
The timing of a recent cyberattack against Clorox juxtaposed against the Securities and Exchange Commission’s adoption of its cybersecurity incident disclosure rule soon to take effect has presented a case study regarding how companies might seek to meet the requirements of the rule.
Data security and compliance are not one and the same but have enough overlap that organizations can take steps when building a data security program to move closer to achieving compliance.
The massive cyberattack on Change Healthcare has potentially compromised the personal and protected health information of an untold number of Americans, according to parent company UnitedHealth Group.
AT&T said personal account data on approximately 73 million current and former customers was released on the dark web two weeks ago but has not yet identified when and where the breach occurred.
When organizations move their data or operations to the cloud, the compliance team has their work cut out and then some, experts discussed at CW’s Cyber Risk & Data Privacy Summit.
