Another CISO Scapegoat as SEC Welcomes CISOs to the Big Leagues – BSW #329
In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!
Announcements
Follow Security Weekly Productions on LinkedIn for exclusive show clips, insights, and updates across our organization! Stay connected with our hosts and fellow community members, and join the conversation that's shaping the future of cybersecurity.
Hosts
- 1. Clorox Scapegoats Cyber Chief, Rewards Board After Crisis
Clorox’s 2023 investor meeting exemplifies and re-affirms why corporate cyber governance too often remains primarily a rhetorical charade.
- 2. Going Overboard: How Many Seats Is Too Many?
Overboarding, the practice of directors sitting on too many boards, has gained increasing attention recently as investors continue to ramp up their scrutiny of company governance practices. The concern stems from the fact that overboarded directors may be stretched too thin to properly carry out their duties or lack the necessary degree of independence due to their other interests.
- 3. Council Post: The SEC To CISOs: Welcome To The Big Leagues
The SEC took a serious step on October 30, 2023. As law firm Sullivan & Cromwell LLP explained, the government entity “filed a complaint against SolarWinds Corporation and its Chief Information Security Officer alleging securities fraud and failures under the internal accounting controls, reporting, and disclosure controls provisions of the Securities Exchange Act in connection with allegedly material cybersecurity weaknesses and risks.”
I believe this move indicates something deeper—specifically, overnight, the SEC has essentially elevated the CISO role within the C-suite.
- 4. SolarWinds: SEC lacks ‘competence’ to regulate cybersecurity
SolarWinds has come out guns blazing to defend itself following the US Securities and Exchange Commission's announcement that it will be suing both the IT software maker and its CISO over the 2020 SUNBURST cyberattack.
The vendor said the SEC's lawsuit is "fundamentally flawed," both from a legal and factual perspective, and that it will be defending the charges "vigorously."
- 5. Addressing the SEC’s New Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure Requirements
The summary below explains the final rule obligations in three areas and provides high-level initial action items to prepare for compliance with the new rules. The SEC, through its comments on the definition of “cybersecurity incident,” explained that these rules focus on the impact on companies regardless of whether the risk or incident occurs on an asset managed by the company or a third party.
- 6. Beyond CISO: Navigating the Path to Your Next Cybersecurity Career
You've been a CISO, now what? The role of Chief Information Security Officer (CISO) is often considered the pinnacle of a cybersecurity professional’s career. CISOs are responsible for safeguarding an organisation’s critical data and information systems, making them key players in the defence against cyber threats.
However, for ambitious CISOs looking to advance their careers, there are various paths to explore. In this blog, we will delve into what a CISO can do next after holding this prestigious position, including transitioning to roles such as Chief Technology Officer (CTO), Chief Security Officer (CSO), and Chief Information Officer (CIO). We will also discuss the challenges and benefits of these moves, along with the specific skill sets required for each role.
- 7. As Congress mulls AI, Biden asks first for data privacy law
President Joe Biden's executive order on AI issued Oct. 30 said Congress needs to pass a bipartisan data privacy law to better protect privacy, including from AI risks. Though data privacy laws have been proposed in Congress, none have passed into law, leaving a patchwork of state data privacy laws for businesses to comply with -- a pattern that could be repeated with AI if Congress takes years to act.