View this email in your browser

Defense in Depth

New SEC Rules for Cyber Security

The Securities and Exchange Commission (SEC) issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? 

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Jamil Farshchi, CISO, Equifax.

Is it yay or nay to new SEC rules?

Are the new rules a boon or a bust for the role of a CISO? "I think it will lessen the number of CISO candidates and reflects naiveté about how companies operate,” said Barry Rabkin of Near Earth Autonomy. Others see reasons for optimism in the new rules. "For those companies who follow the guidance, this will step up their cyber game," claimed Jon Watkins of Watkins Consulting.

Giving the CISO a seat at the table

One of the key provisions of the new rules is putting cybersecurity squarely in view of the C-suite and board. "We should celebrate that the C-suite now has to allocate mind space for cyber because that is a direct line item on the 10K," said Sanket Naik of Palosade. Jaydeep Thakkar of PwC sees this as a win not just for security teams, saying, "Transparency will lead to more cyber awareness among investors." 

The SEC rules should be besides the point

While these new requirements might be a good level setting regulation for the industry, it should be a reflection of what you’re already doing. "If you need a ruling to be told to do the right thing, your firm has serious issues," said Rachel Apanewicz-Delgado of Ocrolus. These rules shouldn’t be first steps, they should refine already existing policies for secure companies.

Understanding the knock-on effects

Having definitive breach notification rules by the SEC may finally lead to a national policy on disclosure in the US. “This may finally lead to a national standard, ending the confusing patchwork of state regulation." said Eric Stoever. Beyond that, implications of incident reporting requirements will lead to some logical next steps. Chalan Aras from Deloitte predicts, "Asking for clear cyber risk profiles from second, third parties and beyond is a likely next step that will spawn from this regulatory update."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Nudge Security

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Andrew Wilder, CISO, Community Veterinary Partners.

Thanks to this week's headlines sponsor, Vanta

Cyber chatter from around the web...

Jump in on these conversations 

"Misled by my Employer, Feeling Stuck in a Dead-end Job" (

More here

)

"Off Topic: What is your vice/helps you get through the day?" (

More here

)

"How much technical knowledge does a lawyer need to be considered good in cybersecurity law" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [10-27-23] Hacking Third-Party Risk in the Cloud

• [11-03-23] Hacking SOC 2

• [11-17-23] Hacking US Data Privacy

• [12-01-23] Hacking Trust Management

Save your spot

and register for them all now!

Sponsored Content

The Human Cost of Generative AI

Like any new technology, generative AI can seem miraculous at first glance.

Regardless of how impressive things like ChatGPT are, they are just tools. They open the door to new possibilities for organizations, but are only a means to get there. Organizations need to keep an eye on what they want to accomplish with these tools, rather than get caught up on the latest hype. Mike Rogers, operating partner, Team8, goes beyond that to say companies need to consider the human cost of these tools, both from who these tools impact and who picks the data to train them.

Watch this video to start thinking about how these tools can impact your business mission.

Huge thanks to our sponsor, Team8

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.