SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants
|
|
- August Morris
- 8 years ago
- Views:
Transcription
1 Corporate Finance and Securities Client Service Group Data Privacy and Security Team To: Our Clients and Friends April 4, 2014 SEC Convenes Cybersecurity Roundtable: Highlights Importance of Cybersecurity for Public Companies and Financial Market Participants On March 26, 2014, the Securities and Exchange Commission (the SEC ) convened a roundtable with experts from a wide range of government agencies, SROs and other market participants and private sector companies. Divided into four panels, participants covered general cybersecurity landscape issues, disclosure issues faced by public companies, cybersecurity matters affecting the exchanges and other key market systems and, finally, the range of cybersecurity issues facing broker-dealers, investment advisers and transfer agents, particularly those involving identity theft and data protection. Chairwomen Mary Jo White stated in her opening remarks that cyber threats are of extraordinary and long-term seriousness and pose non-discriminating risks throughout the U.S. economy. Additionally, she noted recent testimony of FBI Director Jim Comey that resources devoted to cyber-based threats are quickly outpacing resources devoted to terrorism. Background Announcement by the SEC of the roundtable came quickly on the heels of the February 12, 2014 release by the White House of the final version of the Framework for Improving Critical Infrastructure Cybersecurity (the "Framework") developed by the National Institute of Standards and Technology (NIST) pursuant to the President's Executive Order When efforts by the White House to secure a legislative solution failed to gain critical traction, the White House proceeded to address the issue of cybersecurity through the President's executive powers. The NIST Framework is a voluntary set of standards and best practices to help organizations manage cybersecurity risks. The SEC is one of many federal agencies convening meetings, proposing regulatory guidance or rulemaking and generally focusing on cybersecurity risk assessments and prophylactic measures. Given the voluntary nature of the NIST Framework, it looks to be an "all hands on deck" effort by the current Administration. Agencies are leading the way to spread the word among the multiple actors in the 16 critical infrastructure sectors of U.S. industry to raise awareness and encourage entities to take up the mantle of identifying and protecting information and systems from This Client Bulletin is published for the clients and friends of Bryan Cave LLP. Information contained herein is not to be considered as legal advice. This Client Bulletin may be construed as an advertisement or solicitation Bryan Cave LLP. All Rights Reserved.
2 cyber attacks, finding appropriate and efficient means by which to share critical cyber intrusion information and building system and entity resilience to cyber attacks. The SEC Roundtable: Key Issues for Our Non-Bank Public Company Clients While it could be argued that all of the issues covered by all of the SEC roundtable experts are relevant and important for U.S. public companies -- particularly as we stand in the wake of stunning data breaches affecting millions of Target customers -- we have identified three key issues from the roundtable for immediate consideration by our public company clients: Cybersecurity risk management: Role of the Board of Directors and Fiduciary Duties Cybersecurity disclosure issues Interaction with the regulators Risk Management: Role of the Board. One clear message from the various panelists, and a tenet of the NIST Framework is that cybersecurity is no longer just an IT issue, but a key business issue which should be considered and addressed as part of every organization's risk management process. Panelists discussed the importance of board of director involvement in an entity's cybersecurity issues. Cybersecurity needs to be part of the overall risk management of every public company and those issues need to rise to the very top of the organization. There is no one-size-fits-all in this area. A company's industry, core competency, operations and level of technological dependence all factor into the analysis and a determination of tolerable risks, security measures and responsiveness. The NIST Framework provides a risk-based approach to managing these risks in a manner that is particular to each entity's industry. One panelist noted that not many public company boards have members who are expert in this area. As a result, board members must know what questions to ask of management and each other. For example: "What are my particular company's cyber threats?" "How do we determine what we really need to protect?" "How do we manage access?" "How do I know what data is leaving my company and how can we monitor how that data is being used and protected in the hands of third parties?" "Do we have a meaningful cybersecurity response plan and are we practicing/rehearsing implementation of that response plan?" Cybersecurity Disclosure Issues. There has been no new guidance from the SEC on disclosure issues relating to cybersecurity since the Division of Corporation Finance guidance of October A link to that guidance can be found here. In his opening remarks to the roundtable, Commissioner Luis A. Aguilar indicated that he was interested to hear whether the 2011 guidance was working, and how it 2
3 might be improved. The panel focusing on this aspect of cybersecurity disagreed on whether the guidance was effective, with one panelist advocating for registrants to provide greater disclosure to distinguish themselves from their industry peers in their level of cybersecurity and risk applicable to them, and other panelists indicating that more specific disclosure in response to the guidance is not appropriate due to the potential risk of providing a roadmap to cyber intruders. Public companies who have not yet incorporated this guidance into their disclosure controls and procedures should consider these areas for potential disclosures as set out in the guidance: Risk Factor Disclosure If the risk of cyber incidents is among the most significant factors that make an investment in an registrant s securities speculative or risky, then the registrant should include a risk factor adequately describing the risk. The determination of the materiality of this risk may be based upon the registrant s evaluation of prior cyber incidents, the severity and frequency of such incidents, as well as the adequacy of preventative actions taken by the registrant to reduce cybersecurity risks in the context of the industry in which the registrant operates and risks to such security. Registrants are advised not to disclose risk factors that could apply to any registrant, but instead to adequately describe the nature of the material risks and specify how each risk affects the registrant. MD&A Disclosure A registrant is advised to address cybersecurity risks and cyber incidents in Management s Discussion and Analysis of Financial Condition and Results of Operation if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represents a material event, trend or uncertainty that is reasonably likely to have a material effect on the registrant s results of operations, liquidity or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition. Description of Business If an individual or multiple cyber incidents has materially affected a registrant s products, services relationships with customers or suppliers, or competitive conditions, then the registrant is advised to disclose such fact in its Description of the Business disclosure. Registrants are advised to consider the impact of a cyber incident for each segment in determining whether to include disclosure regarding the effect of cyber incident(s). Legal Proceedings Disclosure Any material legal proceeding that the registrant or any of its subsidiaries is a party to that involves a cyber incident may need to be disclosed in its Legal Proceedings disclosure. Financial Statement Disclosure The impact of cybersecurity and cyber incidents on a registrant s financial statements should be properly disclosed in accordance with the appropriate accounting standards. The Cyber Guidance states that such disclosure may include (i) the capitalization of cybersecurity costs, (ii) customer incentives intended to retain customers during and after an attack, (iii) losses from asserted and unasserted claims resulting from a cyber incident, (iv) impairment of assets as a result of diminished future cash flow that 3
4 may result from a cyber incident, and (v) subsequent event disclosure if a cyber incident were to occur after the applicable balance sheet date. Disclosure Controls and Procedures If a cyber incident poses a risk to a registrant s ability to record, process, summarize and report information that is required to be disclosed in SEC filings, then consideration should be given as to whether there are any deficiencies in the registrant s disclosure controls and procedures that may make them ineffective. SEC staff members moderating the panels at the roundtable reiterated that the SEC is aware of concerns that detailed issuer disclosure could compromise a registrant s cybersecurity (e.g. that such disclosure may provide a road map to potential cyber intruders to infiltrate the registrant s network security). In contrast, the staff also cautioned issuers to be mindful of avoiding boilerplate disclosure regarding cybersecurity and cyber incidents in their filings. Keith Higgins, the Director of the Division of Corporation Finance, tacitly acknowledged during the roundtable that a significant amount of the cybersecurity and cyber incident disclosure presently provided in registrant filings is boilerplate. Notwithstanding this contrast, the SEC has issued comment letters to issuers since the issuance of the 2011 guidance requesting, among other things, that registrants without cybersecurity risk factors disclose information regarding the risk of cyber incidents and the sufficiency of preventative actions taken by the registrant, disclosure of past cyber incidents and the scope and magnitude of any cyber incidents. Interaction with Regulators. Finally, a recurring theme throughout each and every panel was the need for more and better information about cyber threats. Effective protection of the nation's critical infrastructure requires widespread cooperation and a meaningful flow of information: from the public sector to the private sector, private to public, public to public and private to private. Each of those exchanges of information face hurdles and critical legal issues. What is clear from the panels is that this issue is one that voluntary compliance with the NIST Framework is not going to address. Certain government agency panelists, including those from the Department of Homeland Security, were emphatic that the issues preventing the sharing of information needed to be addressed in a meaningful way to ensure greater security. It remains to be seen how the SEC may further encourage appropriate public disclosure and promote public company risk assessments that appropriately feature and address cybersecurity. What seems clear is that this issue permeates multiple regulatory paradigms and public companies need to prepare to address these issues. In his remarks, Commissioner Aguilar noted that cyber-attacks aimed at public companies and other market participants can have devastating effects on the U.S. economy, individual consumers, and the markets and investors that the SEC was created to protect. He stated that the SEC must play a role in protecting these parties, but that it was unclear what the role should be. One action he suggested was the establishment of a cybersecurity task force among all divisions of the SEC in order to better advise the SEC in respect of these issues. The SEC has encouraged persons to express their views on all of the cybersecurity issues addressed at the roundtable by submitting comments on such matters on the SEC s web site. * * * * * 4
5 For further information on this topic, contact LaDawn Naegle at (202) , Andrew Rodman at (212) , or other Bryan Cave Corporate Finance and Securities attorneys through the direct link to our Website, Bryan Cave Corporate Finance & Securities Practice. Additional information on this topic and other Data Privacy and Security issues is also available by contacting David Zetoony at (202) , Jena Valdetero at (312) , or other members of the Bryan Cave Data Privacy and Security Team attorneys through the direct link to our Website, Data Privacy and Security Team. Bryan Cave LLP makes available the information and materials in its Website for informational purposes only. The information is general in nature and does not constitute legal advice. Further, the use of this site, and the sending or receipt of any information, does not create any attorney-client relationship between us. Therefore, your communication with us through this Website will not be considered as privileged or confidential. 5
LexisNexis Emerging Issues Analysis
2012 Emerging Issues 6204 Research Solutions February 2012 Click here for more Emerging Issues Analyses related to this Area of Law. On October 13, 2011, the Division of Corporate Finance of the Securities
More informationIncreased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures
Increased Regulatory Focus on Cybersecurity Underscores Need for Public Companies to Review Cybersecurity-Related Disclosures March 11, 2014 I. RECENT FOCUS ON CYBERSECURITY As a result of recent highly-publicized
More informationIAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know
IAPP Global Privacy Summit 2014 The SEC and Cybersecurity: What Every Publicly Traded Company Must Know Moderator: Elaine Wolff, Partner Corporate Finance and Securities Practice, Jenner & Block Mary Ellen
More informationGus P. Coldebella (@g_co) Partner, Goodwin Procter LLP Former General Counsel, Dept. of Homeland Security. What are we going to talk about today?
Cyber Security Meets Corporate Securities: The SEC's Authority to Regulate Companies' Cyber Defenses and Corporate Directors' Fiduciary Responsibilities Gus P. Coldebella (@g_co) Partner, Goodwin Procter
More informationHow To Protect Your Cybersecurity From Cyber Incidents
SEC ENFORCEMENT The SEC s Two Primary Theories in Cybersecurity Enforcement Actions By Daniel F. Schubert, Jonathan G. Cedarbaum and Leah Schloss WilmerHale Cyber attacks are increasingly common and affect
More informationCyber Security for the Private Sector: What Companies and Their Lawyers Need to Know
Cyber Security for the Private Sector: What Companies and Their Lawyers Need to Know Gus Coldebella, Goodwin Procter LLP John Geschke, VP and General Counsel, Zendesk, Inc. Jim Jaeger, VP, Cybersecurity
More informationConnecting the dots: A proactive approach to cybersecurity oversight in the boardroom. kpmg.bm
Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom kpmg.bm Connecting the dots: A proactive approach to cybersecurity oversight in the boardroom 1 Connecting the dots:
More informationCyber Risks Connect With Directors and Officers
Cyber Risks Connect With Directors and Officers Implications of the New SEC Guidance on Cyber Security February 2012 Lockton Companies, LLC The Securities and Exchange Commission (SEC) has changed the
More informationOCIE CYBERSECURITY INITIATIVE
Topic: Cybersecurity Examinations Key Takeaways: OCIE will be conducting examinations of more than 50 registered brokerdealers and registered investment advisers, focusing on areas related to cybersecurity.
More informationDON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR ORGANIZATION PROTECTED FROM CYBERSECURITY THREATS? FREEMAN WOOD HEAD OF MERCER SENTINEL NORTH AMERICA GREGG SOMMER HEAD OF OPERATIONAL RISK ASSESSMENTS MERCER
More informationWILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES
WILLIS SPECIAL REPORT: 10K DISCLOSURES HOW RETAIL COMPANIES DESCRIBE THEIR CYBER LIABILITY EXPOSURES This special report examines the cyber risk disclosures made by the retail sector of the Fortune 1000.
More informationPresidential Summit Reveals Cybersecurity Concerns, Trends
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Presidential Summit Reveals Cybersecurity Concerns,
More informationWhite Paper on Financial Industry Regulatory Climate
White Paper on Financial Industry Regulatory Climate According to a 2014 report on threats to the financial services sector, 45% of financial services organizations polled had suffered economic crime during
More informationPosted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am
1 of 7 5/8/2014 7:34 PM Posted by David A. Katz, Wachtell, Lipton, Rosen & Katz, on Sunday December 16, 2012 at 10:20 am Editor s Note: David A. Katz is a partner at Wachtell, Lipton, Rosen & Katz specializing
More informationOctober 9, 2014. Lyman Terni, Consultant Tim Villano, Chief Technology Officer. Current Awareness of the Cybersecurity Framework
October 9, 2014 Ascendant Compliance Management is an independent consulting firm assisting Registered Investment Advisers and Broker-Dealers with regulatory compliance. Our firm has an IT Risk Assessment
More informationThe Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide
The Cyber Attack and Hacking Epidemic A Legal and Business Survival Guide Practising Law Institute January 9, 2012 Melissa J. Krasnow, Partner, Dorsey & Whitney LLP, and Certified Information Privacy Professional
More informationFINRA Publishes its 2015 Report on Cybersecurity Practices
Securities Litigation & Enforcement Client Service Group and Data Privacy & Security Team To: Our Clients and Friends February 12, 2015 FINRA Publishes its 2015 Report on Cybersecurity Practices On February
More informationChanging Legal Landscape in Cybersecurity: Implications for Business
Changing Legal Landscape in Cybersecurity: Implications for Business Presented to Greater Wilmington Cyber Security Group Presented by William R. Denny, Potter Anderson & Corroon LLP May 8, 2014 Topics
More informationCybersecurity Risk Factors: Five Tips to Consider When Any Public Company Might be The Next Target
10 February 2014 Practice Groups: Capital Markets Insurance Coverage The text of this article was first published by Law360 on February 10, 2014. Cybersecurity Risk Factors: Five Tips to Consider When
More informationSEC update: Cybersecurity initiatives. SEC update: Cybersecurity initiatives. Intelligize // 02
Intelligize // 02 As is tradition, at the beginning of the year, the U.S. Securities and Exchange Commission outlined both its current state of affairs and annual goals for maintaining proper compliance
More informationCybersecurity and Insurance Companies
Cybersecurity and Insurance Companies ACLI Forum 500 CEO Leadership Retreat Timothy J. Nagle Vice President & Chief Privacy Counsel Prudential Financial 1 May 13, 2015 What is cybersecurity? Protecting
More informationCorporate Perspectives On Cybersecurity: A Survey Of Execs
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Corporate Perspectives On Cybersecurity: A Survey
More informationTestimony of. Before the United States House of Representatives Committee on Oversight and Government Reform And the Committee on Homeland Security
Testimony of Dr. Phyllis Schneck Deputy Under Secretary for Cybersecurity and Communications National Protection and Programs Directorate United States Department of Homeland Security Before the United
More informationDON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS?
HEALTH WEALTH CAREER DON T BE A VICTIM! IS YOUR INVESTMENT PROGRAM PROTECTED FROM CYBERSECURITY THREATS? Gregg Sommer, CAIA Head of Operational Risk Assessments St. Louis MERCER 2015 0 CYBERSECURITY BREACHES
More informationIAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope
IAPP Global Privacy Summit Protecting Privacy Under the Cybersecurity Microscope March 6, 2014 Victoria King UPS (404) 828-6550 vking@ups.com Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com
More informationMANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS
MANAGING Cybersecurity Risk AND DISCLOSURE OBLIGATIONS RRD Donnelley SEC Hot Topics Institute May 21, 2014 1 MANAGING CYBERSECURITY RISK AND DISCLOSURE OBLIGATIONS Patrick J. Schultheis Partner Wilson
More informationCybersecurity..Is your PE Firm Ready? October 30, 2014
Cybersecurity..Is your PE Firm Ready? October 30, 2014 The Panel Melinda Scott, Founding Partner, Scott Goldring Eric Feldman, Chief Information Officer, The Riverside Company Joe Campbell, CTO, PEF Services
More informationManaging Business Risk
Managing Business Risk With Assurance Report Cards April 7, 2015 Table of Contents Introduction... 3 Cybersecurity is a Business Issue... 3 Standards, Control Objectives and Controls... 5 Standards and
More informationNo. 33 February 19, 2013. The President
Vol. 78 Tuesday, No. 33 February 19, 2013 Part III The President Executive Order 13636 Improving Critical Infrastructure Cybersecurity VerDate Mar2010 17:57 Feb 15, 2013 Jkt 229001 PO 00000 Frm 00001
More informationDelaware Cyber Security Workshop September 29, 2015. William R. Denny, Esquire Potter Anderson & Corroon LLP
Changing Legal Landscape in Cybersecurity: Implications for Business Delaware Cyber Security Workshop September 29, 2015 William R. Denny, Esquire Potter Anderson & Corroon LLP Agenda Growing Cyber Threats
More informationRE: Experience with the Framework for Improving Critical Infrastructure Cybersecurity
October 10, 2014 Ms. Diane Honeycutt National Institute of Standards and Technology 100 Bureau Drive, Stop 8930 Gaithersburg, MD 20899 RE: Experience with the Framework for Improving Critical Infrastructure
More informationData Privacy And Cybersecurity For Investment Funds. Gregory J. Nowak Angelo A. Stio III October 28, 2014
Data Privacy And Cybersecurity For Investment Funds Gregory J. Nowak Angelo A. Stio III October 28, 2014 WHY IS DATA PRIVACY AND SECURITY IMPORTANT? 2 Why is it important to protect data? Data privacy
More informationSenate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace
Senate Committee on Commerce, Science, and Transportation March 19, 2015, Hearing Examining the Evolving Cyber Insurance Marketplace Testimony of Ben Beeson Vice President, Cyber Security and Privacy Lockton
More informationGAO. INFORMATION SECURITY Persistent Weaknesses Highlight Need for Further Improvement
GAO For Release on Delivery Expected at time 1:00 p.m. EDT Thursday, April 19, 2007 United States Government Accountability Office Testimony Before the Subcommittee on Emerging Threats, Cybersecurity,
More informationBy David Mainzer. October 2010
By David Mainzer October 2010 One effect of the Dodd-Frank Wall Street Reform and Consumer Protection Act (the Dodd-Frank Act ), which came into effect on July 21, 2010, is expected to be an increase the
More informationNIST Cybersecurity Framework What It Means for Energy Companies
Daniel E. Frank J.J. Herbert Mark Thibodeaux NIST Cybersecurity Framework What It Means for Energy Companies November 14, 2013 Your Panelists Dan Frank J.J. Herbert Mark Thibodeaux 2 Overview The Cyber
More informationAmerica s New Cybersecurity Framework: Help or New Source of Exposure?
America s New Cybersecurity Framework: Help or New Source of Exposure? BY BEHNAM DAYANIM, RYAN NIER & ELIZABETH DORSI March 2014 Data theft is on the rise, and the federal government is concerned. In 2013
More informationCyberprivacy and Cybersecurity for Health Data
Experience the commitment Cyberprivacy and Cybersecurity for Health Data Building confidence in health systems Providing better health care quality at lower cost will be the key aim of all health economies
More informationCyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World
Cyber-Crime, Cyber-Espionage, Cyber-War, & Cyber-Threats: An Exploration of Illegal Conduct & Warfare in the Cyber-World Moderator: Panelists: Honorable Preet Bharara, United States Attorney, Southern
More informationDefining the Gap: The Cybersecurity Governance Study
Defining the Gap: The Cybersecurity Governance Study Sponsored by Fidelis Cybersecurity Independently conducted by Ponemon Institute LLC Publication Date: June 2015 Ponemon Institute Research Report Defining
More informationSEC Cybersecurity Findings May Establish De Facto Standard
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com SEC Cybersecurity Findings May Establish De Facto
More informationThe Dow Chemical Company. statement for the record. David E. Kepler. before
The Dow Chemical Company statement for the record of David E. Kepler Chief Sustainability Officer, Chief Information Officer, Business Services and Executive Vice President before The Senate Committee
More informationWhy you should adopt the NIST Cybersecurity Framework
www.pwc.com/cybersecurity Why you should adopt the NIST Cybersecurity Framework May 2014 The National Institute of Standards and Technology Cybersecurity Framework may be voluntary, but it offers potential
More informationTestimony of Dan Nutkis CEO of HITRUST Alliance. Before the Oversight and Government Reform Committee, Subcommittee on Information Technology
Testimony of Dan Nutkis CEO of HITRUST Alliance Before the Oversight and Government Reform Committee, Subcommittee on Information Technology Hearing entitled: Cybersecurity: The Evolving Nature of Cyber
More informationBECAUSE CYBERSECURITY RISKS ARE ENTERPRISE RISKS. www.blankrome.com/cybersecurity
Working together, Blank Rome LLP and Good Harbor Security Risk Management LLC, haved teamed to provide a comprehensive solution for protecting your company s property and reputation from the unprecedented
More informationThe Problems With SEC s Cybersecurity Approach
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com The Problems With SEC s Cybersecurity Approach Law360,
More informationCYBERSECURITY EXAMINATION SWEEP SUMMARY
This Risk Alert provides summary observations from OCIE s examinations of registered broker-dealers and investment advisers, conducted under the Cybersecurity Examination Initiative, announced April 15,
More informationEXAMINATION PRIORITIES FOR 2015
EXAMINATION PRIORITIES FOR 2015 I. Introduction This document identifies selected 2015 examination priorities of the Office of Compliance Inspections and Examinations ( OCIE, we or our ) of the Securities
More informationCybersecurity The role of Internal Audit
Cybersecurity The role of Internal Audit Cyber risk High on the agenda Audit committees and board members are seeing cybersecurity as a top risk, underscored by recent headlines and increased government
More informationCybersecurity and Hospitals. What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response
Cybersecurity and Hospitals What Hospital Trustees Need to Know About Managing Cybersecurity Risk and Response This resources was prepared exclusively for American Hospital Association members by Mary
More informationTESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY. Before the
For Release Upon Delivery 10:00 a.m., December 10, 2014 TESTIMONY OF VALERIE ABEND SENIOR CRITICAL INFRASTRUCTURE OFFICER OFFICE OF THE COMPTROLLER OF THE CURRENCY Before the COMMITTEE ON BANKING, HOUSING,
More informationPerspectives on Cybersecurity and Its Legal Implications
Survey Results 2015 Perspectives on Cybersecurity and Its Legal Implications a 2015 survey of corporate executives The National Institute of Standards and Technology (NIST), a non-regulatory agency of
More informationDelving Into FCC's 'Damn Important' Cybersecurity Report
Portfolio Media. Inc. 860 Broadway, 6th Floor New York, NY 10003 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com Delving Into FCC's 'Damn Important' Cybersecurity
More informationCybercrime and Regulatory Priorities for Cybersecurity
NRS Technology and Communication Compliance Forum Cybercrime and Regulatory Priorities for Cybersecurity Copyright 2014 by K&L Gates LLP. All rights reserved. Sean P. Mahoney sean.mahoney@klgates.com K&L
More informationModalities for Cyber Security and Privacy Resilience: The NIST Approach
Modalities for Cyber Security and Privacy Resilience: The NIST Approach ABSTRACT Janine S. Hiller Virginia Tech jhiller@vt.edu Roberta S. Russell Virginia Tech rrussell@vt.edu Cybersecurity was a major
More informationCybersecurity. Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048
Cybersecurity Shamoil T. Shipchandler Partner, Bracewell & Giuliani LLP 214.758.1048 Setting expectations Are you susceptible to a data breach? October 7, 2014 Setting expectations Victim Perpetrator
More informationLegislative Language
Legislative Language SEC. 1. COORDINATION OF FEDERAL INFORMATION SECURITY POLICY. (a) IN GENERAL. Chapter 35 of title 44, United States Code, is amended by striking subchapters II and III and inserting
More informationCybersecurity and the Threat to Your Company
Why is BIG Data Important? March 2012 1 Cybersecurity and the Threat to Your Company A Navint Partners White Paper September 2014 www.navint.com Cyber Security and the threat to your company September
More informationRemarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel
Remarks for Admiral David Simpson WTA Advocates for Rural Broadband Spring Meeting Cybersecurity Panel May 5th, 2015 10:00-11:30 a.m. Hyatt Regency, Indian Wells, CA Thank you all for welcoming me. It
More informationLitigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations
Litigating Privacy, Data Breach and Cybersecurity Issues in 2014: The SEC View on Disclosure Obligations American Bar Association Section of Litigation Annual Conference 2014 Spring Program Scottsdale,
More informationHow To Protect Your Data From Hackers
Cyber Risk: What you need to know and what you can t afford to ignore! James Johnston Directors' and Officers' Insurance Underwriter Daniel Fletcher Cyber Insurance Underwriter Financial & Specialty Markets
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda! Rise in Data Breaches! Effects of Increase in Cybersecurity Threats! Cybersecurity
More informationFederal Securities Law Disclosure Obligations Regarding Governmental Investigations
Federal Securities Law Disclosure Obligations Regarding Governmental Investigations Jared S. Richardson Associate General Counsel & Secretary Trinity Industries, Inc. W. Scott Wallace Partner Haynes and
More informationThe Dodd-Frank Wall Street Reform and Consumer Protection Act: Impact, Issues and Concerns in Implementing the Volcker Rule
July 2010 The Dodd-Frank Wall Street Reform and Consumer Protection Act: Impact, Issues and Concerns in Implementing the Volcker Rule BY KEVIN L. PETRASIC Introduction The Dodd-Frank Wall Street Reform
More informationCybersecurity Developments and the Growing Role of Senior Executives and Directors
Cybersecurity Developments and the Growing Role of Senior Executives and Directors From the 2013 Target Corporation breach to this year s attacks on Primera Blue Cross and American Airlines Group Inc.,
More informationCybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014
Cybersecurity in the Utilities Sector Best Practices and Implementation 2014 Canadian Utilities IT & Telecom Conference September 24, 2014 Victoria Yan Pillitteri Advisor for Information Systems Security
More informationSEC Requests for Comment on Money Market Fund Reform Proposal
Skadden Skadden, Arps, Slate, Meagher & Flom LLP & Affiliates SEC Requests for Comment on Money Market Fund Reform Proposal Comment requests that may be of particular interest to issuers of short-term
More informationNasdaq Delisting: Process, Implications and Strategies September 28, 2001
Nasdaq Delisting: Process, Implications and Strategies September 28, 2001 Recent market declines have caused the common stock of many companies to face delisting from the Nasdaq National Market (the NNM
More informationH. R. 5005 11 SEC. 201. DIRECTORATE FOR INFORMATION ANALYSIS AND INFRA STRUCTURE PROTECTION.
H. R. 5005 11 (d) OTHER OFFICERS. To assist the Secretary in the performance of the Secretary s functions, there are the following officers, appointed by the President: (1) A Director of the Secret Service.
More informationTrends in Data Breach and CybersecurityRegulation, Legislation and Litigation. Part I
Trends in Data Breach and CybersecurityRegulation, Legislation and Litigation Part I March 20, 2014 Speakers John J. Sullivan, Partner, rejoined Mayer Brown after serving as General Counsel at the US Department
More informationNIST Cybersecurity Framework. ARC World Industry Forum 2014
NIST Cybersecurity Framework Vicky Yan Pillitteri NIST ARC World Industry Forum 2014 February 10-13, 2014 Orlando, FL Executive Order 13636 Improving Critical Infrastructure Cybersecurity It is the policy
More informationwww.pwc.com Cybersecurity and Privacy Hot Topics 2015
www.pwc.com Cybersecurity and Privacy Hot Topics 2015 Table of Contents Cybersecurity and Privacy Incidents are on the rise Executives and Boards are focused on Emerging Risks Banking & Capital Markets
More informationCybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission. June 25, 2015
Cybersecurity for Nonprofits: How to Protect Your Organization's Data While Still Fulfilling Your Mission June 25, 2015 1 Your Panelists Kenneth L. Chernof Partner, Litigation, Arnold & Porter LLP Nicholas
More informationDeveloping a Corporate Governance Framework
Developing a Corporate Governance Framework About ERM About The Speaker Karen Livingstone Practice Director at ERM Risk Management, Governance, Regulatory Compliance CPA, CISA, CIA, CRMA designations 20+
More informationExamining the Evolving Cyber Insurance Marketplace
Prepared Testimony and Statement for the Record of Ola Sage Founder and CEO e-management Hearing on Examining the Evolving Cyber Insurance Marketplace Before the Senate Committee on Commerce, Science,
More informationPRIVACY & CYBERSECURITY
PRIVACY & CYBERSECURITY UPDATE AUGUST 2014 CONTENTS (click on the titles below to view articles) NIST Announces October Workshop and Releases Framewok Update...1 Insurance Company Succeeds in Cybersecurity
More informationSeptember 9, 2015. Office of the Secretary Public Company Accounting Oversight Board 1666 K Street, N.W. Washington, D.C.
One South Wacker Drive, Suite 500 Chicago, IL 60606 www.mcgladrey.com Office of the Secretary 1666 K Street, N.W. Washington, D.C. 20006-2803 Re: PCAOB Rulemaking Docket Matter No. 041 McGladrey LLP appreciates
More informationSharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So?
Sharing Cybersecurity Threat Info With the Government -- Should You Be Afraid To Do So? Bruce Heiman K&L Gates September 10, 2015 Bruce.Heiman@klgates.com (202) 661-3935 Why share information? Prevention
More informationSenate Subcommittee Hearing and Report Regarding Online Advertising and Hidden Hazards to Consumer Security and Data Privacy
MORRISON & FOERSTER LLP MEMORANDUM TO: FROM: ESPC Reed Freeman Patrick Bernhardt DATE: May 16, 2014 RE: Senate Subcommittee Hearing and Report Regarding Online Advertising and Hidden Hazards to Consumer
More informationExercising Your Enterprise Cyber Response Crisis Management Capabilities
Exercising Your Enterprise Cyber Response Crisis Management Capabilities Ray Abide, PricewaterhouseCoopers, LLP 2015 PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved.
More informationCyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014
Cyber Risk Checklist: Compliance with Legal Obligations Grand Rapids Cyber Security Conference April 23, 2014 2014, Mika Meyers Beckett & Jones PLC All Rights Reserved Presented by: Jennifer A. Puplava
More informationVirtual Asset Management Roundtable Series: SEC Examination Trends for Investment Advisers
Virtual Asset Management Roundtable Series: SEC Examination Trends for Investment Advisers April 10, 2014 Jennifer L. Klass Daniel R. Kleinman Richard F. Morris Christine M. Lombardo www.morganlewis.com
More informationLegislative Language
Legislative Language SECTION 1. DEPARTMENT OF HOMELAND SECURITY CYBERSECURITY AUTHORITY. Title II of the Homeland Security Act of 2002 (6 U.S.C. 121 et seq.) is amended (a) in section 201(c) by striking
More informationTHE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS
THE DIGITAL AGE THE DEFINITIVE CYBERSECURITY GUIDE FOR DIRECTORS AND OFFICERS Download the entire guide and follow the conversation at SecurityRoundtable.org Investment in cyber insurance Lockton Companies
More informationCybersecurity and Corporate America: Finding Opportunities in the New Executive Order
Executive Order: In the President s State of the Union Address on February 12, 2013, he announced an Executive Order Improving Critical Infrastructure Cybersecurity (EO) to strengthen US cyber defenses
More informationCLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS
CLIENT UPDATE CRITICAL INFRASTRUCTURE CYBERSECURITY: U.S. GOVERNMENT RESPONSE AND IMPLICATIONS NEW YORK Jeremy Feigelson jfeigelson@debevoise.com WASHINGTON, D.C. Satish M. Kini smkini@debevoise.com Renee
More informationCYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES. second edition
CYBERSECURITY BEST PRACTICES FOR SMALL AND MEDIUM PENNSYLVANIA UTILITIES second edition The information provided in this document is presented as a courtesy to be used for informational purposes only.
More information12/17/2015. Accounting, Reporting and SEC Update. Agenda. Current SEC Landscape. Key personnel changes. Current agenda
Accounting, Reporting and SEC Update Mark Miskinis, Partner, Deloitte & Touche, LLP SEC Services Agenda Current SEC Landscape SEC Initiatives and Rulemaking Question and Answer 2 Mid-market perspectives
More informationEd McMurray, CISA, CISSP, CTGA CoNetrix
Ed McMurray, CISA, CISSP, CTGA CoNetrix AGENDA Introduction Cybersecurity Recent News Regulatory Statements NIST Cybersecurity Framework FFIEC Cybersecurity Assessment Questions Information Security Stats
More informationAs discussed in greater detail below, the following reflects the list of items that we support:
January 6, 2015 Open Letter to U.S. Securities Industry Participants Re: Market Structure Reform Discussion Dear industry participant, BATS believes there is consensus among market participants for several
More informationCybersecurity y Managing g the Risks
Cybersecurity y Managing g the Risks Presented by: Steven L. Caponi Jennifer Daniels Gregory F. Linsin 99 Cybersecurity The Risks Are Real Perpetrators are as varied as their goals Organized Crime: seeking
More informationOECD PROJECT ON CYBER RISK INSURANCE
OECD PROJECT ON CYBER RISK INSURANCE Introduction 1. Cyber risks pose a real threat to society and the economy, the recognition of which has been given increasingly wide media coverage in recent years.
More informationThe Legal Pitfalls of Failing to Develop Secure Cloud Services
SESSION ID: CSV-R03 The Legal Pitfalls of Failing to Develop Secure Cloud Services Cristin Goodwin Senior Attorney, Trustworthy Computing & Regulatory Affairs Microsoft Corporation Edward McNicholas Global
More informationAnswering your cybersecurity questions The need for continued action
www.pwc.com/cybersecurity Answering your cybersecurity questions The need for continued action January 2014 Boards and executives keeping a sustained focus on cybersecurity do more than protect the business:
More informationwww.sharedassessments.org 2015 The Shared Assessments Program - All Rights Reserved 2
The Significance of Information Security and Privacy Controls on Law Firms as Third Party Service Providers and Collaborative Opportunities for Resolution April 2015 Abstract As regulators increase pressure
More informationWritten Testimony of Michael Menapace. Sen. Jerry Moran, Sen. Blumenthal, and other members of the Subcommittee -
Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security Hearing entitled Examining the Evolving Cyber Insurance Marketplace. Thursday, March 19, 2015 Written Testimony of Michael
More informationWritten Testimony. Dr. Andy Ozment. Assistant Secretary for Cybersecurity and Communications. U.S. Department of Homeland Security.
Written Testimony of Dr. Andy Ozment Assistant Secretary for Cybersecurity and Communications U.S. Department of Homeland Security Before the U.S. House of Representatives Committee on Oversight and Government
More informationSEC ISSUES PROPOSED RULES FOR WHISTLEBLOWER CLAIMS
CLIENT MEMORANDUM SEC ISSUES PROPOSED RULES FOR WHISTLEBLOWER CLAIMS On November 3, 2010, the Securities and Exchange Commission proposed new rules governing whistleblower claims under Section 922 of the
More informationTHE WHITE HOUSE Office of the Press Secretary
FOR IMMEDIATE RELEASE February 13, 2015 THE WHITE HOUSE Office of the Press Secretary FACT SHEET: White House Summit on Cybersecurity and Consumer Protection As a nation, the United States has become highly
More informationPrivate Placements In Public Equity (PIPEs): Best Practices for FINRA Members 1
1345 AVENUE OF THE AMERICAS NEW YORK, NEW YORK 10105 TELEPHONE: (212) 370-1300 FACSIMILE: (212) 370-7889 www.egsllp.com Private Placements In Public Equity (PIPEs): Best Practices for FINRA Members 1 We
More information