NIST Publishes Draft 2 of Cybersecurity Framework Version 1.1
On December 5, 2017, the National Institute for Standards and Technology (“NIST”) published Draft 2 of Cybersecurity Framework version 1.1 (the “Framework”). The draft is intended to provide a flexible, voluntary, and effective tool to help organizations better manage their cybersecurity risks. For those unfamiliar with the Framework, it was developed in response to growing awareness that the national and economic security of the United States depends on the reliable functioning of critical information technology infrastructure and that cybersecurity threats place the nation at risk. On February 12, 2013, President Obama issued Executive Order 13636, “Improving Critical Infrastructure Cybersecurity” (the. Read More.
Topics: Cybersecurity, Cybersecurity Framework, Improving Critical Infrastructure Cybersecurity, Industrial Control Systems, Information Technology, National Institute for Standards and Technology "NIST"
SEC Corp Fin to Tweak Cybersecurity Guidance
David Fredrickson of the Securities and Exchange Commission’s (“SEC”) Division of Corporation Finance (“Corp Fin”) has announced that the SEC will update its 2011 document, Disclosure Guidance: Topic No. 2, Cybersecurity. A refresh of the commission’s cybersecurity interpretive guidance, the update would address investors’ complaints that public companies are not providing timely or informative disclosures regarding cyber-attacks on their computer systems. Fredrickson, Corp Fin’s chief counsel, noted that the SEC’s staff is considering updates to disclosure controls and procedures, as in how quickly are cybersecurity breaches identified and brought to the attention of senior management for proper disclosure. The commission. Read More.
CAQ Issues Auditing Request for Proposals for 2018
The Center for Audit Quality (“CAQ”) has issued a request for proposals (“RFPs”) to finance auditing projects for academic research. This marks the tenth annual request by the CAQ, which is asking for applicants to submit RFPs concerning critical policy issues and topics of interest such as auditor risk assessment, cybersecurity, non-GAAP measures, and professional skepticism. Proposals must be submitted via the CAQ online submission form by March 15, 2018. The CAQ’s Research Advisory Board will review all proposals, and the CAQ will award grants to the selected projects in June 2018.
SEC Introduces Initiatives for Cyber Threats and Retail Investors
Building on its Enforcement Division’s efforts to counter cyber-based threats and safeguard retail investors, the Securities and Exchange Commission (“SEC”) announced on September 25 the creation of the following two initiatives: Cyber Unit: Using the Enforcement Division’s cyber expertise, the new Cyber Unit will target misconduct concerning market manipulation schemes featuring false information distributed electronically and through social media; hacking to acquire private information; and violations related to distributed ledger technology and initial coin offerings. Retail Strategy Task Force: With the Enforcement Division experiencing long-term success at bringing cases such as the sale of unsuitable structured products and microcap pump-and-dump schemes, the Retail Strategy Task Force will create proactive,. Read More.
SEC Chairman Clayton Testifies on 2016 Cybersecurity Breach
After announcing on September 20 that the Securities and Exchange Commission’s (“SEC”) computers were breached last year , SEC Chairman Jay Clayton recently provided additional details on the cybersecurity intrusion to the Senate Committee on Banking, Housing and Urban Affairs. During his September 26 testimony, Clayton expressed his concerns over the 2016 breach involving the SEC’s Electronic Data Gathering And Retrieval filing system. He noted that the breach will cause many to pay close attention to the SEC’s approach to cybersecurity, and whether the agency is taking the proper steps to appropriately address its cyber risk. Clayton also reiterated that the SEC’s review and investigation of the matter are. Read More.
SEC Computers Compromised Last Year
Securities and Exchange Commission (“SEC”) Chairman Jay Clayton has announced that the agency’s computers were breached in 2016, possibly causing private information in its Electronic Data Gathering And Retrieval (“EDGAR”) filing system to be used for making illegal trades. In a statement issued on Wednesday, Clayton said an investigation is underway, but the SEC believes the security breach did not create unauthorized access to personally identifiable information, endanger the market regulator’s operations, or lead to systemic risk. Aside from stating that it detected the breach last year, the SEC has provided few details. The SEC did note that it realized. Read More.