Blog Posts Tagged with "SEC"
July 02, 2012 Added by:Headlines
The U.S. Attorney’s Office filed a criminal complaint against FalconStor Software, a data storage and protection company, alleging that the company conspired to pay more than $300,000 in bribes to executives of J.P. Morgan Chase Bank to obtain over $12 million in electronic storage licencing contracts...
May 17, 2012 Added by:Thomas Fox
Trust cascades down each level of a company from the Board of Directors to employees and then to customers. Trust is equally important in the M&A context. These ideas are useful for the compliance practitioner when integrating a new acquisition into an existing compliance culture...
May 07, 2012 Added by:Fergal Glynn
Following new SEC guidance issued relating to disclosure of security risks in company filings, public companies are beginning to be measured by regulators and investors on the strength of their security solution and ability to protect intellectual property and customer data...
April 17, 2012 Added by:Thomas Fox
Management must “walk the talk” through both discipline and a system of rewards. The discipline must be clear and delivered decisively. The rewards must be not only direct financial remuneration but also the internal promotion of persons who do business in an ethical manner...
February 11, 2012 Added by:Fergal Glynn
As security professionals do we all just suffer from “security tunnel vision” or is something major shifting in our industry? Is it all just related to the significant rise in hacktivism or the 24-hour news cycle requiring that every little thing become a news story?
February 05, 2012 Added by:John Linkous
We have entered a new era of cybersecurity, one where the objective is not to protect against a breach - the majority of large organizations are no longer able to - instead we need to be able to detect them and mitigate the damage done by them...
February 03, 2012 Added by:Pierluigi Paganini
The impairment of these mechanisms could lead to the redirection of traffic to bogus sites with serious consequences - and not just that - the compromise of the Digital Certificate model itself raises the risk for the interception of emails and confidential documents...
December 09, 2011 Added by:Steven Fox, CISSP, QSA
This guidance is designed to “elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision,” including those related to information security breaches...
November 20, 2011 Added by:John Nicholson
Companies now face the unenviable task of deciding what aspects of cyber incidents or risks are “material” and disclosing them, with the knowledge that the sophisticated and determined nature of cyber-attackers makes predicting the nature of an attack and its consequences incredibly difficult...
November 14, 2011 Added by:Thomas Fox
Admittedly, the time during any due diligence for an assessment of compliance is limited. This may well lead to a purchasing entity completing a transaction with unknown compliance risks in place. This can have several negative consequences, including successor liability...
October 31, 2011 Added by:David Navetta
What the guidance document does stress, however, is process and risk assessment. One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security...
October 14, 2011 Added by:Chris Blask
On October 13 the Securities and Exchange Commission (SEC) released CF Disclosure Guidance: Topic No. 2. This document establishes requirements for public companies to account for the cost of cybersecurity incidents and defenses, as well as to disclose their cyber risk mitigation plans to investors...
August 24, 2011 Added by:david barton
I agree that DCs provide certain fundamental general controls that may impact the systems that are maintained there. But even those general controls do not constitute Internal Controls over Financial Reporting (ICFR) which is clearly a requirement for performing a SOC 1 (SSAE 16) review...
April 21, 2011 Added by:David Navetta
Companies have to assess the adequacy of their privacy and data security practices, including understanding the privacy and data security legal requirements that could impact the company’s business, ensuring that the company’s practices are consistent with those requirements...
January 29, 2011 Added by:Anthony M. Freed
Heartland Payment Systems (HPY) and Federal investigators have released more details about the nature of the massive data breach made public last week, but have refused to pinpoint the exact date that Heartland first became aware there may have been a problem with their network security...
What PCI Requirements Apply to Us: Tacking a... Sarah James on 10-21-2014
Why Are We Failing at Software Security?... Sarah James on 10-21-2014
Join the Security Intelligence Network on Li... Leo nardz on 10-21-2014