Tag Archives: incident reporting

Security in the Dark

December 6, 2011 – 6:00 am – I attended a roundtable recently at which someone mentioned that, in their experience, those familiar contractual requirements requesting third-party service providers to tell their customers about security breaches within a short time frame (within three  hours, say) are often not conveyed to…
By | Posted in Compliance and Laws, CSO/CISO Perspectives, Human Elements | Also tagged , , , | Comments (0)

SEC-urity’s Catch 22

November 7, 2011 – 6:00 am – On October 13, 2011, the Division of Corporation Finance (DCF) of the Securities and Exchange Commission (SEC) issued CF Disclosure Guidance: Topic No. 2 – Cybersecurity, available at http://www.sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm . It provides the DCF’s “views…
By | Posted in Compliance and Laws, Cybercrime, Risk Analysis | Also tagged , , , , , , , | Comments (0)