Steven F. Fox, U.S. Dept of the Treasury
October 13, 2011 saw the release of the Securities and Exchange Commission's guidance on the reporting of material cyber security breaches. Consistent with regulations which address financial reporting, this guidance calls for publicly-traded companies to disclose breach information to current and prospective investors. Such disclosure may include discussion of service providers associated with the event.
This session will summarize the disclosure guidance and discuss its implications to both the business and the incident response team. A collaboration model will be discussed wherein a business representative can work with the IR team to evaluate incident materiality, allowing the business to address this guidance efficiently. The implications of of the Dodd-Frank Act in light on this guidance will also be discussed.