Nicole Sundin - CPO at Axio - SEC compliance, usable security, setting up risk mgmt programs

BrakeSec Education Podcast

23-09-2023 • 1 ora 6 minuti

Disclaimer: The views, information, or opinions expressed on this program are solely the views of the individuals involved and by no means represent absolute facts. Opinions expressed by the host and guests can change at any time, and do not represent views of past, present, or future employers.

Guest Bio: Nicole is the Chief Product Officer at Axio. Nicole has spent her career building awareness around the benefits of usable security and human-centered security as a way to increase company revenue and create a seamless user experience.

Youtube VOD Link: https://youtube.com/live/tFaAB9an47g

Questions and topics: Usable security: is it an oxymoron?

What determines if the security is ‘usable’ or no? We sacrifice security for a better UX, what can be done to alleviate that? Or is it some sort of sliding scale in “poor UX, amazing security or awesome UX, poor security” Examples of poor UX for ‘people’: MFA, and password managers.

SEC updates and ‘material events’ and how that would affect security, IR, and other company reporting functions.

Also, additional documentation (Regulation S-K Item 106) https://www.linkedin.com/posts/nicole-sundin-5225a1149_sec-adopts-rules-on-cybersecurity-risk-management-activity-7090065804083290112-ISD8

Are companies ready to talk about their cybersecurity? Can the SEC say “you’re not doing enough?”

What is ‘enough’?

Are we heading toward yet another audit needed for public companies, similar to SOX?

When does an 8-K get publicly disclosed?

Materiality is based on a “reasonable investor”?

So, you don’t need to announce that until you’re certain, and it’s based on what you can collect? Cyber Risk Management and some good examples of how to set up a proper cyber risk organization

Additional Links:

https://csrc.nist.gov/CSRC/media/Projects/usable-cybersecurity/images-media/Is%20Usable%20Security%20an%20Oxymoron.pdf

http://web.mit.edu/Saltzer/www/publications/protection/Basic.html

https://www.sec.gov/news/press-release/2023-139

https://www.sec.gov/news/statement/munter-statement-assessing-materiality-030922

https://www.pwc.com/us/en/services/consulting/cybersecurity-risk-regulatory/sec-final-cybersecurity-disclosure-rules.html

https://www.nasa.gov/centers/ames/research/technology-onepagers/hc-computing.html

https://securityscorecard.com/blog/what-is-cyber-security-performance-management/

Potrebbe piacerti

La Zanzara
La Zanzara
Radio 24
Non hanno un amico
Non hanno un amico
Luca Bizzarri – Chora Media
Stories
Stories
Cecilia Sala – Chora Media
Il Mondo
Il Mondo
Internazionale
Giorno per giorno
Giorno per giorno
Corriere della Sera – Francesco Giambertone
The Essential
The Essential
Will Media - Mia Ceran
Start - Le notizie del Sole 24 Ore
Start - Le notizie del Sole 24 Ore
Il Sole 24 Ore
Tutti convocati
Tutti convocati
Radio 24
Focus economia
Focus economia
Radio 24
2024
2024
Radio 24
Nessun luogo è lontano
Nessun luogo è lontano
Radio 24
Notizie a colazione
Notizie a colazione
Massimo Brugnone - PodClass
Tg La7
Tg La7
la7
Don Chisciotte
Don Chisciotte
Will Media
Veleno
Veleno
la Repubblica
Le news di Sky Tg 24
Le news di Sky Tg 24
Sky TG 24
Altre/Storie americane
Altre/Storie americane
Mario Calabresi e Marco Bardazzi - Chora Media
Melog
Melog
Radio 24
Globally
Globally
Will Media - ISPI
Globo
Globo
Il Post