Blog: https://www.board-cybersecurity.com/b...
Re-recording of my SnowFROC 2024 presentation about the new SEC cybersecurity disclosure rules including an overview of the rules, analysis of disclosure to date and best practices for filing 8-K and 10-K cybersecurity disclosures. #sec #cybersecurity #8k #10k

00:00 - Introduction
01:33 - Why should you orient to risk?
03:27 - SEC - oversees over $100 trillion annually
03:53 - SEC Mission
04:43 - SEC EDGAR Overview
05:45 - Parsing 10-Ks in a PITA
06:43 - Citigroup’s Global Risk list
07:54 - “New” Cybersecurity Disclosure Riles
08:42 - Cybersecurity trends underlying new SEC disclosure rules
09:55 - Summary Description of SEC Cybersecurity Disclosure Requirements
14:05 - Why use materiality language?
16:07 - Cybersecurity Incident Tracker
20:40 - Get Alerts to Cybersecurity Incidents
21:14 - Cybersecurity Incident Reports (not 8-K disclosures)
24:01 - Observations about 8-K Item 1.05 Material Cybersecurity Incident disclosures
27:41 - 10-K Analysis - Overview of data
28:55 - (Failed) early attempts to analyze 10-K with ChatGPT / LLMs
29:55 - 10-K Item 1C Word Count Histogram
30:57 - Shortest (and longest) 10-K Item 1C Cybersecurity
32:07 - 10-K Analysis - CISO role mentioned?
34:46 - 10-K Analysis - What Board Committee does cybersecurity report to?
35:46 - 10-K Analysis - Is ERM mentioned?
36:20 - 10-K Analysis - What Security Frameworks are most used?
37:27 - 10-K Analysis - Is cybersecurity insurance mentioned?
37:58 - 10-K Analysis - Reporting frequency
38:48 - 8-K Item 1.05 Best Practices
43:38 - 10-K Item 1C Best Practices
49:16 - Wrap up

::::::::::::::::::::
Music: Fire - Elektronomia
Video: https://www.youtube.com/watch?v=mX-Sk...
Support by RFM - NCM:    • Fire - Elektronomia | Royalty Free Mu...  
::::::::::::::::::::

TALK TO OR FOLLOW ME:
LinkedIn:   / andrewhoog  
Mastodon: https://infosec.exchange/@ahoog42
GitHub: https://github.com/ahoog42
Website: https://www.andrewhoog.com
Company Website: https://www.nowsecure.com