2024 Session
Coronado D/E
9:45 am - 10:30 am, Wednesday, September 25
How I Learned to Stop Worrying and Love the SEC

Is the new SEC Cybersecurity rule (CRMSGID) a regulatory hammer or is it one of the best tools for changing cyber security risk management in ways that truly matter? The projected worldwide losses in cybercrime are projected to be $10.5T in 2025 by Cybercrime Magazine. This session is a case study from the AT&T Wireless software failure that lead to hundreds of millions in losses and the lessons learned from SOX 2002 that will help cyber pros and the C-suite embrace the CRMSGID rule in a way that will transform business operations and dramatically improve the root cause of ransomware.

Learning Objectives:

  • Understand the top two requirements of the new SEC rule: 10-K readiness and 8-K incident disclosure readiness. I break down the SEC ruling into process based approaches and explain how the Solar Winds litigation puts a fine point on 10-K reporting
  • Understand why the word "reasonable" as it is used in security policies everywhere can be problematic and how to address the exposure that creates with a "reasonable risk" assessment and gap analysis. Understand why reasonable risk is necessary for reducing liabilityand why it is critical to "show your work"
  • Understand the approach of "outcome based security" for ensuring that what is written in the 10-K and policy statements is what is actually done in the environment, and how this helps minimize the overhead of security audits
Get in touch
Get in touch
Customer Service
For any and all inquiries please click the button below
Speaking Opportunities

Tim Garon
Director, Event Content and Strategy

InfoSec World
Stay Informed
Join our mailing list for the latest news on InfoSec World 2024.