n
nRepresentatives Andrew Garbarino (R-NY) and Thom Tillis (R-NC)nintroduced annjoint resolutionnnon November 14, 2023 that, if passed, would overturn the Securities andnExchange Commission’s (SEC) recent “nnCybersecurity Risk Management, Strategy, Governance, and IncidentnDisclosure”nnfinal rules.
nnISC2 and other industry players are concerned by the new SEC rulesnbecause they leave considerable ambiguity, particularly regarding thendefinition and measure of risk. They also fail to make a definitivenruling on cybersecurity skills and experience requirements for publicncompany boards. Further the new rules in their current form remain opennto broad interpretation and variance from one industry to another andncould expose organizations and their cybersecurity teams to added risk.n
nnIt is difficult for CRAs to pass due to the need for approval from bothnhouses and the President. Under the present administration seven CRAsnhave been introduced and all vetoed. Therefore we do not anticipate thatnthis CRA will be successful. However it does point to a growing body ofnopposition to the SEC Ruling and ISC2 will continue to call for greaternclarity on the SEC rules. For now, ournnguidancennto members remains the same. Members should periodically review incidentnreporting processes against the SEC ruling to understand in advance whatnmateriality means for their organization, and factor incident risknreporting into their processes. There are also several ISC2 resourcesnthat can help, listed here:n
nnLooking to grow your knowledge in the governance, compliance andnincident response space?n
nnConsider thennSkill Builder on GRCnnwhich will provide an immediate opportunity to learn and developnadditional competencies, making compliance and comprehension ofnregulation changes easier. This educational asset if free for ISC2nmembers and offered at U.S. $19 for non-members.n
nnISC2’snnCertified in Governance, Risk and Compliance (CGRC)nncertification offers a long-term path for skills development andncompetency in the risk management process aspects of the SEC rules.n
nnSubject matter experts discussnnYour Window into Governance, Risk & Compliancennduring a 60-minute panel discussion at ISC2 Security Congress 2023.n
nnISC2 previously hosted a webinar onnnBoard Level Reporting Metrics – Getting the Conversation Rightnnthat focused on risk profiles and the metrics used to communicate withnthe Board of Directors to articulate risk.n
nnISC2 hosts regular panel discussions on hot button insecurity topicsnfeaturing thought leaders and visionaries from the industry who answernquestions from the audience.nnSetting up an accountnnis easy and you can be notified when ISC2 has an upcoming topics.n
n