Browse communities
Browse communities
Presenting a webinar?

Incident Materiality and the SEC Guidance

Steven F. Fox, U.S. Dept of the Treasury
October 13, 2011 saw the release of the Securities and Exchange Commission's guidance on the reporting of material cyber security breaches. Consistent with regulations which address financial reporting, this guidance calls for publicly-traded companies to disclose breach information to current and prospective investors. Such disclosure may include discussion of service providers associated with the event.

This session will summarize the disclosure guidance and discuss its implications to both the business and the incident response team. A collaboration model will be discussed wherein a business representative can work with the IR team to evaluate incident materiality, allowing the business to address this guidance efficiently. The implications of of the Dodd-Frank Act in light on this guidance will also be discussed.
May 23 2012
38 mins
Incident Materiality and the SEC Guidance
SEC compliance GRC
Join us for this summit:
More from this community:

IT Governance, Risk and Compliance

  • Live and recorded (3406)
  • Upcoming (76)
  • Date
  • Rating
  • Views
  • Channel
  • Channel profile
  • Do You Even CISO? May 7 2015 4:00 pm UTC 45 mins
    Eric Cowperthwaite, VP of Advanced Security and Strategy and Todd Harris, Director of Product Marketing, Core Security
    Being a CISO (Chief Information Security Officer) is hard. Endless responsibilities, never ending demands, restless nights’ sleep, and always playing catchup. Come hear a former CISO tell stories of some of his more interesting experiences, challenges, successes and complete failures.
  • The Mobile Security Problem for Small Businesses May 6 2015 5:00 pm UTC 60 mins
    Cameron Camp, Security Researcher
    Mobility can be a challenge for small businesses, especially when it comes to managing various devices and keeping them secure. ESET Security Researcher, Cameron Camp, explores mobile device management, BYOD and other challenges discussed during National Small Business Week.
  • Rethinking Remote Office Backup May 6 2015 5:00 pm UTC 45 mins
    Nick Kotterman, Product Marketing
    Remote office backup presents numerous challenges, including ever-increasing data volumes, network bandwidth constraints, overtaxed IT administrators and complicated, time-consuming backup processes. Compounding all this is a reliance on older technologies that are inefficient and costly. And the more sites your organization has, the challenges multiply.

    It's time for businesses to rethink remote office backup; one that meets data and regulatory retention requirements, is easy to deploy and maintain, and is secure and cost effective. Its time to look to the cloud.

    Join backup experts Druva to learn how remote office server backup has evolved. Discover how the cloud offers a new, and in most cases, a better approach. In this session you’ll learn:
    - How the latest advancements in cloud storage technology scale globally for enterprises of all sizes
    - Why advances in cloud security models are addressing stringent global security and data privacy issues, including data residency requirements and more
    - How an 'infinite data snapshot model' combined with cost-optimized flexible retention eliminates traditional vendor restrictions.

    Hear real-life use cases of how others are leveraging the cloud for remote server backup. Live Q&A will follow to answer your specific questions.
  • NGFW 101: What is it and why should you care? May 4 2015 4:00 pm UTC 45 mins
    Deena Thomchick, Director of Product Marketing, Fortinet
    What makes a firewall a next generation firewall? How can next gen capabilities help you and what are the gotchas you should know before you turn it all on? Get your basic education on NGFW and some tips you should know before you get started.
  • Creating a Government Private Threat Intelligence Cloud Apr 30 2015 6:00 pm UTC 75 mins
    Taylor Ettema, Product Manager, Threat Prevention Technologies
    With the sophistication and highly targeted nature of attacks against governments, the adversary can use numerous approaches and actions to get in and move across the network. Palo Alto Networks Threat Intelligence—from the cloud or an on-premises government-run platform—constantly gathers intelligence on evasive applications and converts the intelligence back into all platform devices. This ensures that organizations maintain control of evasive applications to ensure authorized activity traverses the networks while unauthorized activity fails to route.

    Join this webinar to Learn:
    - How Government Agencies can develop and manage their own threat intelligence cloud on a closed, dedicated Palo Alto Networks WF-500 threat intelligence platform.

    - How to create effective threat intelligence private clouds for a singular agency or for a group of Agencies, Ministries or Departments who wish to share their threat intelligence.

    - How the threat intelligence cloud (public or private) analyzes and correlates intelligence from all platform security functions—URL Filtering, mobile security, IPS/threat prevention and the virtual execution engine or sandbox, WildFire™— and validated community input.

    - How WildFire immediately discovers previously unknown malware and communicates the results to the platform to automatically generate signatures.

    - How all threat intelligence is distributed to the network and endpoints to ensure they are protected.

    - How this is all done automatically, reducing operational burden and shortening an organization’s response time.

    - How this innovative architecture can be operated at a fraction of the cost it takes to deploy and manage an equivalent set of point products – APT, IDS/IPS, URL filtering and more – all correlating insights automatically in real-time for greatest network protection.
  • CyberTECH Cyber+IoT eWeek Roundtable Apr 30 2015 5:00 pm UTC 60 mins
    Expert Panel
    The CyberTECH Cyber+IoT eWeek Roundtable features top industry experts sharing critical updates and information regarding IoT Security. Keynote presentations will be delivered by Mark Weatherford, Principal at the Chertoff Group and Enrique Salem, former CEO at Symantec . Following Mark and Salem's sessions will be an exclusive roundtable moderated by eWeek Editor, Chris Preimesberger, including top cyber, IoT and InfoSec professionals.
  • Deploying a "Magic Quadrant" Private Cloud-based Backup and Recovery Platform Apr 30 2015 4:00 pm UTC 45 mins
    Jack Pressman, Chief Technology Officer, Cyber Innovation Labs
    Information is the lifeblood of any business. If the data required to operate and maintain market presence becomes inaccessible, compromised, or worse – unrecoverable, the business impact could be devastating. Learn about the existing and emerging risks to your critical data infrastructure and business operations. What mitigation strategies are available and what considerations do you need to assess? How does the changing landscape for consumption of IT such as cloud, on-premise, and hybrid solutions effect survivability and securitization of your prized assets?
  • Best Practices in Major Incident Management Communications Apr 29 2015 8:00 pm UTC 45 mins
    Scott Bowler, Manager of IT Delivery Management Services, NBN Co. and Abbas Haider Ali, Chief Technology Officer, xMatters
    If your data, services and processes become compromised, your business can suffer irreparable damage in minutes. The clock is ticking, and how fast you communicate to your major incident resolution team is everything.

    Join Scott Bowler, Manager of IT Delivery Management Services, NBN Co, and Abbas Haider Ali, CTO of xMatters and learn how NBN Co identifies major incidents and uses best practices for automating their communication processes to resolve major IT incidents quickly and effectively.

    During the event you will learn how to:
    - Immediately Identify a major incident
    - Instantly locate available major incident managers and target notifications to them
    - Get the right resolution team on the job fast based on the required expertise
    - Utilize one-click conference bridge technology to get key stakeholders together instantly
    - Conduct reviews to identify improvements and prevent similar incidents from reoccurring
  • Layered Security Infrastructure: Enterprise Case Studies Apr 29 2015 6:00 pm UTC 45 mins
    Icaro Vazquez, Senior Product Line Manager, Security
    As bad actors relentlessly continue to take advantage of the many innovations and trends in our current world, network security professionals are realizing that the passive mode of checking for threats is no longer adequate. As BYOD is now the norm rather than the exception in the corporate world and most organizations have a significant presence in the cloud, bad actors are more than happy to take advantage of the new conduits into the corporate network. Therefore, the need to catch, repair and eliminate security threats as early as possible has never been greater. With this in mind, VSS Monitoring has been helping various enterprise customers to deploy an inline layered security infrastructure that provides multiple lines of defense against the bad actors.

    This webinar will present some of the use cases we have been involved in, what were the motivations that led to the deployment of layered security and how a layered security architecture, anchored by VSS Monitoring, allowed enterprises to become more nimble in their never ending fight against bad actors. Join us for a safari tour of an exciting and evolving space!
  • User-Centric Enterprise Mobility Management Apr 29 2015 5:00 pm UTC 60 mins
    Vikas Krishna, Vice President, Products – Mobile Application, Content & Email Management, New Business Innovation, CA Technol
    Mobility is the new frontier that is ‘still arriving’ and enterprises are grappling with how best to enable it, keeping enterprise security and employee satisfaction front and center of mind. Inherent in that balance is a careful trade-off as security is paramount but it should not come at the expense of productivity. On one hand is the Wild West with no security whatsoever and happy employees bringing in devices and apps of their choosing. On the other hand are happy enterprises with strict security controls but dissatisfied and disappearing employees! This webcast will help strike a balance that works for both entities - the User and the Enterprise. No utopia promised but you will come away with an understanding of:

    1) What the challenges around Mobility in the Enterprise are
    2) Why you should look into tacking them
    3) How one approach works for both the employees and the enterprises
  • The Hybrid WAN for Your Data Center Apr 29 2015 4:00 pm UTC 45 mins
    Mark Byers, Director of Product Marketing, Fortinet
    Almost every organization is challenged by the increasing need for more bandwidth. Cloud-based services, content-rich applications, and access to internet sites is putting more and more strain on the limited pipes coming in to your data centers. WAN Optimization had been the tool of choice to connect and manage branch office traffic. It's now more and more being used to bridge multiple Internet connections for organizations large and small to create more bandwidth in and out of their data centers. Traditional WAN Link Load Balancing has evolved from simple back up and VPN connectivity to a robust traffic management tool that seamlessly adds bandwidth using virtually any ISP technology. In this webinar you’ll learn the basics of Hybrid WANs, what they and Link Load Balancing can do for your organization, and discover more about Fortinet’s Hybrid WAN solutions.
  • SDN and NFV: Protecting the Next Wave of Infrastructure Apr 29 2015 3:00 pm UTC 45 mins
    Talbot Hack, Senior Product Manager, Arbor Networks
    As traditional network architectures come under increasing strain, Software Defined Networking (SDN) and Network Functions Virtualization (NFV) hold the promise of making networks more open, predictable, flexible, user- and service-friendly and lower cost to operate. These virtualized, software-controlled networking environments, however, do not yet benefit from the range and sophistication of DDoS protections and security available for traditional networks. This presentation focuses on how the delivery of traffic intelligence, threat detection and attack blocking is evolving, regardless of whether BGP and flow or future SDN/NFV-based techniques are in use.

    Attend this session to learn how Arbor Networks is adopting its DDoS solution suite to advance protections in SDN- and NFV-based networks.
  • Deploying Flowspec in a Service Provider Environment Apr 29 2015 2:00 pm UTC 45 mins
    Steve Walsh, Senior Security Engineer, AOL
    Flowspec is an important tool in combating DDoS attacks, especially in large networks. Arbor provides valuable intelligence on how to craft your Flowspec routes, as well as a handy interface for managing the routes.

    In this session, Steve Walsh, Senior Security Engineer at AOL, describes what Flowspec is, how it came about, and how it works. Learn about some of the tests performed by Juniper and others on scalability, and the discovered limitations that were overcome with the implementation of Flowspec.

    Join this session to learn:
    •Some of the different methods of deploying Flowspec
    •How Flowspec compares with alternative filtering methods
    •Best practices for secure traffic routing
  • Best Practices for DDoS Protection Apr 29 2015 1:00 pm UTC 45 mins
    Julio Arruda, Sales Engineering Manager, Arbor Networks
    DDoS attacks have been around for more than a decade, and in that sense they are old news. However, what a DDoS attack actually is has been constantly changing. There are several persistent misconceptions about DDoS attacks and DDoS defense that leave too many organizations vulnerable today. One misconception is that a DDoS attack is all about size. While certainly true, modern DDoS attacks can enormous, DDoS today is more frequently targeting your applications and security infrastructure, such as your firewall and IPS. Another misconception is that DDoS defense is an either-or proposition. You handle it in the cloud through a provider, or you have DDoS defense on premise. In fact, one layer of protection is not protection at all.

    Join us for a session that will cover:
    • An overview of the current attack landscape and implications
    • Best practice defense against modern DDoS attacks
    • Lessons learned by global enterprises struck by attacks
  • Managing the unmanageable: The network security perspective Apr 28 2015 5:00 pm UTC 60 mins
    Kurt Roemer, Chief Security Strategist, Citrix; Rick Davis, Senior Sales Engineer, Citrix
    This webinar will provide strategies and best practices to secure your network and apps against threats while optimizing availability and performance.

    Computing has extended beyond the exclusive domain of the IT department - a fact that has significantly complicated security, privacy and has put tremendous pressure on today’s networks. IT managers are tasked to automate networking polices, protect against an ever growing and changing number of attacks and keep users happy with the highest level of performance.

    Attend this webinar to learn:

    - How to protect web applications with an integrated Web Application Firewall solution
    - Defend against DDoS and specific application layer attacks
    - Simplify access with SSO and securely authenticate to external applications
    - Encrypt all traffic while ensuring compliance visibility
  • Managing Cyber Risk In Your Vendor Ecosystem Apr 28 2015 5:00 pm UTC 60 mins
    Stephen Boyer, Co-Founder and CTO , BitSight; Mike Rothman, President, Securosis
    Sharing network access and sensitive information with your business
    partners could be putting you at risk of third-party breach. These
    breaches can be very damaging and may account for major losses in
    data, time, and resources. If you’re looking for a better risk
    management method, you’re not alone.

    Watch this webinar to will learn more about:

    - Security risks that could be facing your corporation today.
    - How you can utilize selection criteria to build the best solution.
    - Methods you can use to assess partner security risk.
    - How to make better risk-based decisions by factoring in the security
    posture of your organization.
  • Beware the Botnets: Botnets as an Indicator of Breach Likelihood Apr 28 2015 4:00 pm UTC 45 mins
    Stephen Boyer, Co-Founder and CTO , BitSight
    A 2015 PwC survey found that 96% of CEO’s in the US have indicated rising concern about data breaches - and rightly so. With the record-breaking breaches of 2014 barely behind us, organizations want to take steps to avoid becoming the next victim and are looking for signs that can indicate troubling performance. BitSight Technologies may have found one such indicator. Using their Security Ratings data, recent research shows a solid correlation between a company’s botnet grade and their likelihood of experiencing a publicly disclosed breach, demonstrating that Security Ratings are a powerful metric for communicating cyber risk across the enterprise.

    Join BitSight CTO and Cofounder Stephen Boyer to discuss this research and to learn why continuous security performance monitoring should be an essential part of your enterprise risk management strategy.

    Attendees will learn:
    -What is the correlation between botnet grades and publicly disclosed breaches
    -Why botnet grades vary across key industries and what the top infections are by sector
    -How Security Ratings are generated and the impact botnets and other risk vectors have on these security performance metrics
  • Maximizing ROI with SharePoint in the Cloud Apr 28 2015 3:30 pm UTC 75 mins
    Dux Raymond Sy, Jeff DeVerter, John Peluso, Todd Klindt & Shyam Oza
    Please join AvePoint and Rackspace at 11:30 a.m. – 12:30 p.m. EST on Tuesday, April 28, 2015 as we discuss how the cloud affects governance and management strategies in the final webinar in the three-part series.

    In this 60-minute webinar, Dux Raymond Sy, Chief Technology Officer for AvePoint Public Sector, Jeff DeVerter, Chief Technology Officer - Microsoft Technologies for Rackspace, John Peluso, Vice President of Product Management for AvePoint, Todd Klindt, SharePoint Consultant for Rackspace, and Shyam Oza, Senior Product Manager for AvePoint, will address strategies and tools for ensuring your cloud-hosted SharePoint content remains properly managed and protected.

    Panelists will cover best practices, strategies, and tools for managing and protecting cloud-hosted users and content, ensuring you remain in compliance with your governance policies – no matter where your content resides. Whether you’re an IT manager, developer, administrator, or someone that wants to learn logistics behind moving to the cloud, please join us for what promises to be a lively and informative discussion!
  • CyberTECH Securing the Internet of Things Forum San Francisco - Part 1 Recorded: Apr 23 2015 83 mins
    Expert panel
    This panel of security experts will discuss the internet of things and what's keeping them up at night when they think about security in 2015. After an in-depth discussion, there will be live Q&A from the audience.

    This week's panelists include:
    Darin Andersen, Chairman and Founder, CyberTECH
    Mark Rasch, CyberLaw Editor, SecurityCurrent.com
    Grant Jordan, President, Somerset Recon
  • Using Machine-Readable Threat Intelligence to Block Unknown Threats Recorded: Apr 23 2015 51 mins
    Gartner Research Director Craig Lawson and Webroot Chief Technology Officer Hal Lonas
    Enterprises continue to struggle with network breaches, data theft, and other incidents, despite deploying layers of security technologies across their IT environments. One reason for these successful attacks is that many of the threats have never been seen before, and go undetected by traditional security technology. So how can an organization recognize these threats more quickly as they emerge? How does the organization ensure that information about the latest threats is available to drive fast response at the points of vulnerability? In this program, Gartner Research Director Craig Lawson and Webroot Chief Technology Officer Hal Lonas discuss how integrating machine-readable threat intelligence into your security infrastructure can help your organization block active attacks, and even predict where future attacks are likely to come from.
trends, developments, and technology
Increasing expectations for good governance, effective risk management and complex demands for legislative and regulatory compliance are presenting a growing challenge for organizations of all sizes. Tune in to live and recorded presentations by respected luminaries in the fields of governance, risk and compliance. Their thought leadership will provide you with practical advice on how to implement successful GRC strategies and processes for your organization.

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Incident Materiality and the SEC Guidance
  • Live at: May 23 2012 7:00 pm
  • Presented by: Steven F. Fox, U.S. Dept of the Treasury
  • From:
Your email has been sent.
or close
You must be logged in to email this