Examines the policies, frameworks, and organizational structures that guide cybersecurity decision-making and accountability. Covers governance models, regulatory compliance, risk management oversight, security policy development, and how leadership establishes and enforces effective cybersecurity programs.
posts
The SEC Just Made Ignorance Expensive In July 2023, the SEC finalized rules requiring public companies to disclose material cybersecurity incidents within four business days — and to describe their board's oversight of cyber risk annually. That single regulatory move turned board-level cybersecurity awareness from a nice-to-have into a
The SEC Changed Everything — Most Boards Still Haven't Caught Up In July 2023, the SEC adopted rules requiring public companies to disclose material cybersecurity incidents within four business days and to describe their board's oversight of cyber risk annually. Since then, I've reviewed dozens
