That’s right — the Securities and Exchange Commission has determined that risks associated with cybersecurity can be material enough to require that they be included in companies’ disclosures. The SEC issued a disclosure guidance on October 13, 2011 to alert companies that these risks may fall within their existing disclosure requirements. In other words, what…
Tag: Information security
We Are The Biggest Security Risk To Our Companies
“We are the weakest link.” Wow, this is certainly the theme of the last few weeks — people are realizing that the biggest threat to companies’ security defenses are the people people inside the companies. You may recall that I discussed this issue in two blogs about this over the last couple of weeks: Guarding…
Guarding Against the Inside Job (Part 1 of 2)
“You are only as strong as your weakest link” It is becoming clear that the weakest link in most companies’ information security defenses is the people who work inside the company. The company must identify the most likely risks those people face, train them to minimize those risks, develop policies to protect against those risks,…
Data Breach – Who’s Gonna Get It?
The message–that’s what I’m talking about–who’s gonna get the message first? Data breaches, hacking, and privacy are one of the biggest news stories for 2011 and we are just just barely through the first half of the year. By now even the most zoned-out among us should have heard of the hacking that led to…