Gus P. Coldebella Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?
|
|
- Bryce Lindsey
- 8 years ago
- Views:
Transcription
1 Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security 1 What are we going to talk about today? Three things: 1. What the SEC is doing and why 2. The Law of the Boardroom 3. How these things affect (or should affect) what companies do with regard to cybersecurity 2
2 FACT: The SEC has taken the de facto lead in cyber security in the federal government. 3 YOUR PERFECTLY APPROPRIATE RESPONSE: Who cares? 4
3 Why should I care? These are the big ones: The SEC has regulatory authority that includes setting disclosure guidance and rules for public companies If you disagree, the SEC can bring expensive investigations and litigation. The SEC s examination power also allows it to test IAs and BDs for compliance with cybersecurity standards 5 Reasons (Stated and Unstated) That the SEC is In the Driver s Seat The Publicly-Stated Reason: The mission of the U.S. Securities and Exchange Commission is to protect investors, maintain fair, orderly, and efficient markets, and facilitate capital formation. -- The SEC s formal jurisdiction over cybersecurity is directly focused on the integrity of our market systems, customer data protection, and disclosure of material information. But it is incumbent on every government agency to be informed on the full range of cybersecurity risks and actively engage to combat those risks in our respective spheres of responsibility. --SEC Chairman Mary Jo White 3/26/14 Cybersecurity Roundtable 6
4 Reasons (Stated and Unstated) That The SEC s In the Driver s Seat Some Unstated Reasons: 1. Congressional Inaction and The Rockefeller Letters 2. Enforcement Through Disclosure No Federal Breach Notification Law? No Problem! 3. Making What Is Voluntary Mandatory No Mandatory NIST Framework? No Problem! 4. The Power of Indirect Regulation 5. Reach and Power of Agency and Consequences of Non- Compliance 7 Why should I care? The big question: Will the SEC help the victim or blame the victim? 8
5 The SEC s Disclosure Guidance Who has to file reports? Are you a reporting company? If you re a public company (i.e., you have a class of securities that is listed on a national securities exchange such as the NYSE or NASDAQ, or you re a company with more than $10 million in assets whose equity securities are held by more than a specified number of holders), then you are. Reporting companies have to file: Annual reports on Form 10-K; Quarterly reports on Form 10-Q; and Current Reports on Form 8-K. 9 The SEC s Disclosure Guidance What needs to be included in periodic reports? There is no blanket requirement that every material fact be included. But certain things must be included under the 34 Act and Regulation S-K, which sets the specific disclosure requirements associated with Form 10-K and other SEC filings. Importantly, nothing related to cybersecurity is included in the 34 Act or Regulation S-K, but 10
6 The SEC s Disclosure Guidance CF Disclosure Guidance: Topic No. 2 (Oct. 2011) What does the SEC expect the registrant to do? Evaluate cyber risks Take into account all relevant information, including Prior cyber incidents, their severity and frequency Probability of cyber risks occurring Qualitative and quantitative magnitude of risks, including potential costs and other consequences No generic disclosure May need to disclose known or threatened attacks to put risks in context 11 The SEC s Disclosure Guidance CF Disclosure Guidance: Topic No. 2 (Oct. 2011) Where should the disclosure be? Two main places: Risk factors and MD&A. Risk factors: If among the most significant factors that make investment in a registrant speculative or risky MD&A: If costs and other consequences of known or potential cyber events represents a material event, trend or uncertainty. Also, in the Description of the Business section, businesses should disclose whether a cybersecurity incident has impaired a product's future viability 12
7 The SEC s Disclosure Guidance What is material? Information presenting a substantial likelihood that the disclosure of the omitted fact would have been viewed by the reasonable investor as having significantly altered the total mix of information made available. (TSC Indus. v. Northway, Inc., 426 U.S. 438 (1976)). Silence, absent a duty to disclose, is not misleading[.] (Basic Inc. v. Levinson, 485 U.S. at 239 n.17.) 13 The SEC s Disclosure Guidance Case Studies 14
8 The SEC s Disclosure Guidance Comment Letter Trends 1. Staff seems to think all breaches are material (or at least should be disclosed) 2. Companies should be aware that the SEC will do its own research into companies cybersecurity history 3. Special attention paid to financial-services companies 4. Third-party risk is a key focus So, how is this guidance affecting companies cybersecurity? 15 The SEC s Disclosure Guidance 16
9 Disclosure When A Breach Happens What About When A Breach Happens? In addition to filing annual reports on Form 10-K and quarterly reports on Form 10-Q, public companies must report certain material corporate events on a current basis. Form 8-K is the current report companies must file with the SEC to announce major events that shareholders should know about. Nine sections. Sections 1-7 and 9 call for disclosure when specific things happen (entry into a material agreement, change in accountant, etc.) Cyber breaches are not one of them. But 17 Disclosure When A Breach Happens Form 8-K Item 8.01 Other Events. The registrant can use this Item to report events that are not specifically called for by Form 8-K, that the registrant considers to be of importance to security holders. 18
10 Disclosure When A Breach Happens Form 8-K What did recent breach victims do? 19 Disclosure When A Breach Happens Form 8-K What should companies consider when determining whether to currently report a breach? Materiality Trading Litigation and regulatory enforcement risk Threat (or guarantee!) of discovery Did you say it already? Reg FD. 20
11 Examination of Investment Advisers and Broker-Dealers On April 14, 2014, SEC put out a blueprint for how it will assess cybersecurity preparedness in securities industry OCIE Cybersecurity Initiative Risk Alert 50 BDs and IAs but moved an entire industry 21 Examination of Investment Advisers and Broker-Dealers Risk Alert contains a 7 page assessment with 28 comprehensive questions, including about: information technology asset management information security organization and policies risk assessments access management removable media and data loss prevention encryption incident response planning system and data backup and disaster recovery/business continuity cyber insurance third-party relationships disclosure 22
12 The Law Of The Boardroom: Role of BoD In Cybersecurity Delaware Law 101 What are the Duty of Care and the Duty of Loyalty? Good faith Reasonable basis Ordinary prudent person The Business Judgment Rule and Why Directors Want It To Apply to Them Caremark and Potential Violations of the Duty of Loyalty 23 The Law Of The Boardroom: Role of BoD In Cybersecurity Some Operating Principles for Companies and Boards of Directors 1. You don t have to do it all yourself Reliance on competent people inside and outside of company is OK 2. It is better to act than not to act Caremark. If the company follows the SEC s guidance, it will be ahead of the game 3. This is not one and done Threat is dynamic; information is ever-changing 4. Broaden your view Focusing only on what s required to be disclosed (like PII breaches) is short-sighted 24
13 Conclusions / Lessons Learned Gus Coldebella, Goodwin Procter LLP gcoldebella@goodwinprocter.com 25
Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know
Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Gus Coldebella, Goodwin Procter LLP John Geschke, VP and General Counsel, Zendesk, Inc. Jim Jaeger, VP, Cybersecurity
More informationIncreased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures
Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures March 11, 2014 I. RECENT FOCUS ON CYBERSECURITY As a result of recent highly-publicized
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationSEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants
Corporate Finance and Securities Client Service Group Data Privacy and Security Team To: Our Clients and Friends April 4, 2014 SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationLitigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations
Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationLexisNexis Emerging Issues Analysis
2012 Emerging Issues 6204 Research Solutions February 2012 Click here for more Emerging Issues Analyses related to this Area of Law. On October 13, 2011, the Division of Corporate Finance of the Securities
More informationThe Problems With SEC s Cybersecurity Approach
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationCybersecurity Developments and the Growing Role of Senior Executives and Directors
Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,
More informationClient Update SEC Releases Updated Cybersecurity Examination Guidelines
Client Update September 18, 2015 1 Client Update SEC Releases Updated Cybersecurity Examination Guidelines NEW YORK Jeremy Feigelson jfeigelson@debevoise.com Jim Pastore jjpastore@debevoise.com David Sarratt
More informationRoberta D. Anderson, Partner, K&L Gates, Pittsburgh. Alan Brill, Senior Managing Director, Kroll, Secaucus, N.J.
Presenting a live 90 minute webinar with interactive Q&A Data Privacy and Cybersecurity Due Diligence in M&A Deals Identifying Vulnerabilities, Drafting Data Related Provisions in M&A Agreements, Post
More informationCybersecurity and Insurance Companies
Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationFederal Securities Law Disclosure Obligations Regarding Governmental Investigations
Federal Securities Law Disclosure Obligations Regarding Governmental Investigations Jared S. Richardson Associate General Counsel & Secretary Trinity Industries, Inc. W. Scott Wallace Partner Haynes and
More informationFINRA-Broker Dealer Investment Banking Due Diligence
FINRA-Broker Dealer Investment Banking Due Diligence On April 20, 2010, the Financial Industry Regulatory Authority ( FINRA ) issued Regulatory Notice 10-22 (the Notice ) reminding broker-dealers of their
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationHOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES?
HOW DID NETWORK SECURITY AND PRIVACY ISSUES BECOME D&O EXPOSURES? MODERATOR: Richard J. Bortnick, Esq., Defense Attorney, Cozen O Connor PANELISTS: Anjali Das, MBA, Esq., Partner, Wilson Elser Moskowitz
More informationMultiple Drivers For Cyber Security Insurance
ANALYST BRIEF Multiple Drivers For Cyber Security Insurance EXPECTATIONS PLACED ON INSURANCE CARRIERS RISE WITH MARKET GROWTH Author Andrew Braunberg Overview There has been considerable good news for
More informationCyber Security: Not if, but when...
Cyber Security: Not if, but when... Gerry Stegmaier Partner, Privacy and Data Security, Goodwin Procter Paul Luehr Managing Director & Chief Privacy Officer, Stroz Friedberg June 2015 Costs of Data Breaches
More informationPreventing And Dealing With Cyber Attacks And Data Breaches. Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014
Preventing And Dealing With Cyber Attacks And Data Breaches Arnold & Porter LLP Lockheed Martin WMACCA February 12, 2014 Charles A. Blanchard Arnold & Porter LLP Formerly General Counsel, U.S. Air Force
More informationCurrent Developments Concerning Cybersecurity. ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016
Current Developments Concerning Cybersecurity ICI General Membership Meeting Legal Forum Jillian Bosmann and Nancy O Hara Thursday, May 19, 2016 AGENDA Why is Cybersecurity Important? Top Cybersecurity
More informationCybersecurity: The Legal, Legislative and Regulatory Outlook
Cybersecurity: The Legal, Legislative and Regulatory Outlook Jamie Barnett Rear Admiral USN (Retired) Co-Chair, Telecommunications Partner in Cybersecurity Practice Cybersecurity Impact and Costs Direct
More informationWhat are you trying to secure against Cyber Attack?
Cybersecurity Legal Landscape Bonnie Harrington Executive Counsel EHS and Product Safety & Cybersecurity GE Energy Management Imagination at work. What are you trying to secure against Cyber Attack? Personally
More informationThe Investment Lawyer
The Investment Lawyer Covering Legal and Regulatory Issues of Asset Management VOL. 21, NO. 10 OCTOBER 2014 New Frontiers in Fund Boards Oversight of Risk: Alternative Funds, Cyber Security, and High Frequency
More informationCROWDFUNDING WHAT IS CROWDFUNDING?
CROWDFUNDING PBI Business Lawyers Institute 5 November 2015 G. Philip Rutledge, Partner Bybel Rutledge LLP, Lemoyne, PA 17043 rutledge@bybelrutledge.com WHAT IS CROWDFUNDING? Much over used term to describe
More informationVirtual Asset Management Roundtable Series: SEC Examination Trends for Investment Advisers
Virtual Asset Management Roundtable Series: SEC Examination Trends for Investment Advisers April 10, 2014 Jennifer L. Klass Daniel R. Kleinman Richard F. Morris Christine M. Lombardo www.morganlewis.com
More informationMitigating and managing cyber risk: ten issues to consider
Mitigating and managing cyber risk: ten issues to consider The board of directors is responsible for managing and mitigating risk exposure. A recent study conducted by the Ponemon Institute 1 revealed
More informationTrends in Data Breach and CybersecurityRegulation, Legislation and Litigation. Part I
Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation Part I March 20, 2014 Speakers John J. Sullivan, Partner, rejoined Mayer Brown after serving as General Counsel at the US Department
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationFINRA Issues Regulatory Notice Reminding Broker-Dealers of their Obligation to Conduct Reasonable Investigations in Regulation D Offerings
News Bulletin May 2010 FINRA Issues Regulatory Notice Reminding Broker-Dealers of their Obligation to Conduct Reasonable Investigations in Regulation D Offerings On April 20, 2010, the Financial Industry
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationTHE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION
THE FUTURE OF CYBERSECURITY: STANDARDS AND REGULATION Paul Rosenzweig Red Branch Consulting PLLC www.redbranchconsulting.com www.paulrosenzweigesq.com The Economics of Cybersecurity Non-Exclusive (Use
More informationDeveloping a Corporate Governance Framework
Developing a Corporate Governance Framework About ERM About The Speaker Karen Livingstone Practice Director at ERM Risk Management, Governance, Regulatory Compliance CPA, CISA, CIA, CRMA designations 20+
More informationCybersecurity Risks, Regulation, Remorse, and Ruin
Financial Planning Association of Michigan 2014 Fall Symposium Cybersecurity Risks, Regulation, Remorse, and Ruin Shane B. Hansen shansen@wnj.com (616) 752-2145 October 23, 2014 Copyright 2014 Warner Norcross
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationData Privacy and Cybersecurity Task Force
Data Privacy and Cybersecurity Task Force key contact Josephine Cicchetti Shareholder T: 202.965.8162 F: 202.965.8104 email We provide clients across industries with comprehensive counsel on complex, evolving,
More informationTHE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED
THE CYBER SECURITY PLAYBOOK WHAT EVERY BOARD OF DIRECTORS SHOULD KNOW BEFORE, DURING, AND AFTER AN ATTACK SECURITY REIMAGINED THE CYBER SECURITY PLAYBOOK 2 03 Introduction 04 Changing Roles, Changing Threat
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationF R E Q U E N T L Y A S K E D Q U E S T I O N S A B O U T R E G U L A T I O N F D
F R E Q U E N T L Y A S K E D Q U E S T I O N S A B O U T R E G U L A T I O N F D Background What is Regulation FD? Regulation FD (for Fair Disclosure ), promulgated by the SEC under the Securities Exchange
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationIs Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014
Is Your Financial Institutions' Insurance Policy vulnerable to a cyber claim? Joan D Ambrosio, James Cooper and Kim West 22 January 2014 Cyber Exposures Joan D Ambrosio Reported data breaches continue
More informationData Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014
Data Privacy And Cybersecurity For Investment Funds Gregory J. Nowak Angelo A. Stio III October 28, 2014 WHY IS DATA PRIVACY AND SECURITY IMPORTANT? 2 Why is it important to protect data? Data privacy
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation MELISSA J. KRASNOW, DORSEY & WHITNEY LLP
More informationSEMPRA ENERGY. Corporate Governance Guidelines. As adopted by the Board of Directors of Sempra Energy and amended through September 12, 2014
SEMPRA ENERGY Corporate Governance Guidelines As adopted by the Board of Directors of Sempra Energy and amended through September 12, 2014 I Role of the Board and Management 1.1 Board Oversight Sempra
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationFREQUENTLY ASKED QUESTIONS ABOUT RULE 10b - 18 AND STOCK REPURCHASE PROGRAMS
FREQUENTLY ASKED QUESTIONS ABOUT RULE 10b - 18 AND STOCK REPURCHASE PROGRAMS The Regulation What is Rule 10b-18? Rule 10b-18 provides an issuer (and its affiliated purchasers ) with a non-exclusive safe
More informationPRIORITIZING CYBERSECURITY
April 2016 PRIORITIZING CYBERSECURITY Five Investor Questions for Portfolio Company Boards Foreword As the frequency and severity of cyber attacks against global businesses continue to escalate, both companies
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationState Governments at Risk: The Data Breach Reality
State Governments at Risk: The Data Breach Reality NCSL Legislative Summit August 5, 2015 Doug Robinson, Executive Director National Association of State Chief Information Officers (NASCIO) About NASCIO
More informationSEC Requests Additional Information on Conduct Standards for Broker-Dealers and Investment Advisers
CURRENT ISSUES RELEVANT TO OUR CLIENTS MARCH 18, 2013 SEC Requests Additional Information on Conduct Standards for Broker-Dealers and Investment Advisers In 2010 the Dodd-Frank Wall Street Reform and Consumer
More informationCYBER SECURITY SPECIALREPORT
CYBER SECURITY SPECIALREPORT 32 The RMA Journal February 2015 Copyright 2015 by RMA INSURANCE IS AN IMPORTANT TOOL IN CYBER RISK MITIGATION Shutterstock, Inc. The time to prepare for a potential cyber
More informationState Agency Cyber Security Survey v 3.4 2 October 2014. State Agency Cybersecurity Survey v 3.4
State Agency Cybersecurity Survey v 3.4 The purpose of this survey is to identify your agencies current capabilities with respect to information systems/cyber security and any challenges and/or successes
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationMore M&A activity over the next 18 months is expected
Yoo Jaechang/TongRo Images/Corbis The Board s Role in M&A Transactions In her regular column on corporate governance issues, Holly Gregory explains recent developments that add complexity to a board s
More informationCyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day
Lloyd s of London (Reuters) May 8, 2000 Cyber Risk, Legal And Regulatory Issues, And Insurance Mitigation ISACA Pittsburgh Information Security Awareness Day Rivers Casino, Pittsburgh November 17, 2014
More informationWhich Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015
Which Describes Your Cybersecurity Program Eager Beaver or Deer in Headlights? October 29, 2015 What you will learn. How to apply the results from The Office of Compliance Inspections and Examinations
More informationHead Traders, Technical Contacts, Compliance Officers, Heads of ETF Trading, Structured Products Traders. Exchange-Traded Fund Symbol CUSIP #
Information Circular: FactorShares Trust To: From: Head Traders, Technical Contacts, Compliance Officers, Heads of ETF Trading, Structured Products Traders NASDAQ / BX / PHLX Listing Qualifications Department
More informationShare Trading Policy. Dealing Rules for Directors and Senior Executives. Summary
Share Trading Policy Dealing Rules for Directors and Senior Executives Summary The Board encourages directors and senior executives (key management personnel (KMP s)) to own shares in the Company to further
More informationCyber Risks in the Boardroom
Cyber Risks in the Boardroom Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks in a Changing
More informationBest practices and insight to protect your firm today against tomorrow s cybersecurity breach
Best practices and insight to protect your firm today against tomorrow s cybersecurity breach July 8, 2015 Baker Tilly Virchow Krause, LLP Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently
More informationFREQUENTLY ASKED QUESTIONS ABOUT BLOCK TRADE REPORTING REQUIREMENTS
FREQUENTLY ASKED QUESTIONS ABOUT BLOCK TRADE REPORTING REQUIREMENTS Block Trades and Distributions What is a block trade? Many people use the term block trade colloquially. Technically, a block trade is
More informationGoing concern. FASB defines management s going concern assessment and disclosure responsibilities. At a glance. Background
No. US2014-07 September 23, 2014 What s inside: Background... 1 Key provisions... 2 Disclosure threshold: Substantial doubt... 2 Consideration of management s plans... 4 Required disclosures... 6 What
More informationIDENTIFYING AND RESPONDING TO DATA BREACHES
IDENTIFYING AND RESPONDING TO DATA BREACHES Michael P. Hindelang Honigman Miller Schwartz and Cohn LLP October 14, 2015 Merit Security Summit DATA SECURITY RISKS, THREATS & REAL WORLD EXAMPLES OVERVIEW
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org The risks to boards of directors and board
More informationPROPOSED INTERPRETIVE NOTICE
August 28, 2015 Via Federal Express Mr. Christopher J. Kirkpatrick Secretary Office of the Secretariat Commodity Futures Trading Commission Three Lafayette Centre 1155 21st Street, N.W. Washington, DC
More informationClients Legal Needs in HIPAA Security Compliance
Clients Legal Needs in HIPAA Security Compliance Robyn A. Meinhardt, JD, RN FOLEY & LARDNER LLP 2004 Preserving Attorney-Client Privilege and Work Product Protections 1 Relevance to Security Compliance
More informationCOMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER THE DEPARTMENT OF DEFENSE [DOD-2009-OS-0183/RIN 0790-AI60]
COMMENTS OF THE ELECTRONIC PRIVACY INFORMATION CENTER to THE DEPARTMENT OF DEFENSE Defense Industrial Base (DIB) Voluntary Cyber Security and Information Assurance (CS/IA) Activities By notice published
More informationAftermath of a Data Breach Study
Aftermath of a Data Breach Study Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: January 2012 Ponemon Institute Research Report Aftermath
More informationGuidance on Risk Management, Internal Control and Related Financial and Business Reporting
Guidance Corporate Governance Financial Reporting Council September 2014 Guidance on Risk Management, Internal Control and Related Financial and Business Reporting The FRC is responsible for promoting
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationWritten Information Security Programs: Compliance with the Massachusetts Data Security Regulation
View the online version at http://us.practicallaw.com/7-523-1520 Written Information Security Programs: Compliance with the Massachusetts Data Security Regulation Melissa J. Krasnow, Dorsey & Whitney LLP
More informationIT Security to Combat Today s Cyber Fraud
IT Security to Combat Today s Cyber Fraud Thomas J. DeMayo, CISSP, CIPP, CEH, CPT, MCSE Director, IT Audit and Consulting - O Connor Davies, LLP Timothy M. Simons, CPA, CFA, CIPM, CSCP, CFP Senior Managing
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationIf some evil genius were sitting down to devise ways
The Investment Lawyer Covering Legal and Regulatory Issues of Asset Management VOL. 22, NO. 2 FEBRUARY 2015 Cybersecurity: Could Investment Company Directors Be Liable for a Breach? By Arthur C. Delibert,
More informationALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage
ALM Virtual Corporate Counsel Managing Cybersecurity Risks and Mitigating Data Breach Damage VENABLE LLP Attorneys at Law Washington, DC/New York/San Francisco/Los Angeles/Baltimore/Virginia/Delaware November
More informationInternational Municipal Lawyers Association 75th Annual Conference New Orleans, LA
International Municipal Lawyers Association 75th Annual Conference New Orleans, LA A Municipal Lawyer s Primer re: Initial and and Continuing Disclosure Responsibilities of Municipal Securities Issuers
More informationLogging In: Auditing Cybersecurity in an Unsecure World
About This Course Logging In: Auditing Cybersecurity in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that
More informationUNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION
SECURITIES ACT OF 1933 Release No. 8750 / November 8, 2006 UNITED STATES OF AMERICA Before the SECURITIES AND EXCHANGE COMMISSION SECURITIES EXCHANGE ACT OF 1934 Release No. 54720 / November 8, 2006 INVESTMENT
More informationBECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS. www.blankrome.com/cybersecurity
Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented
More information787 Wye Road, Akron, Ohio 44333 P 330-666-6200 F 330-666-7801 www.keystonecorp.com
Introduction Keystone White Paper: Regulations affecting IT This document describes specific sections of current U.S. regulations applicable to IT governance and data protection and maps those requirements
More informationPrepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014
Prepare for the Worst: Best Practices for Responding to Cybersecurity Breaches Trivalent Solutions Expo June 19, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A.
More informationCOMPETITION TRIGGERS BATTLE FOR TALENT AND ACQUISITIONS
2015 www.bdo.com For more information on BDO USA s service offerings to this industry vertical, please contact one of the regional service leaders below: TIM CLACKETT Los Angeles 310-557-8201 / tclackett@bdo.com
More informationCORPORATE COMMUNICATIONS POLICY TABLE OF CONTENTS
CORPORATE COMMUNICATIONS POLICY TABLE OF CONTENTS INTRODUCTION... 1 STATEMENT OF POLICY... 1 AUTHORIZED SPOKESPERSONS... 2 MATERIAL INFORMATION... 2 DISCLOSURE OF MATERIAL NONPUBLIC INFORMATION... 2 REVIEW
More informationMaterial Nonpublic Information by Credit Market Participants
Statement of Principles and Recommendations Regarding the Handling of Material Nonpublic Information by Credit Market Participants ISDA October 2003 Statement of Principles and Recommendations Regarding
More informationThe Investment Lawyer
The Investment Lawyer Covering Legal and Regulatory Issues of Asset Management VOL. 22, NO. 7 JULY 2015 REGULATORY MONITOR State Law Developments Squire Patton Boggs (US) LLP By Courtney Nowell, Matthew
More informationVendor Management. Outsourcing Technology Services
Vendor Management Outsourcing Technology Services Objectives Board and Senior Management Responsibilities Risk Management Program Risk Assessment Service Provider Selection Contracts Ongoing Monitoring
More information