Standards, Regulations & Compliance
'Materiality' and the Weaponization of SEC Reporting
Cybersecurity Leader Edna Conway on Recommended Reporting RequirementsAs of Monday, Dec. 18, public companies must meet the SEC's material incident reporting requirements, although small stock market-listed companies can wait until June 15. Already, one ransomware threat actor has tried to report a victim for not reporting an attack. Veteran security leader Edna Conway opens up on how to approach materiality and the weaponization of reporting.
See Also: How to Take the Complexity Out of Cybersecurity
In this video interview with Information Security Media Group, Conway discussed:
- What the SEC considers to be an incident;
- The significance of the "reasonable investor" perspective;
- How the SEC should handle criminals attempting to report noncompliance.
Conway provides board and advisory services to enterprises and governments globally on technology, security, risk management and supply chain resilience. She served as chief security and risk officer for Microsoft's cloud infrastructure. Prior to Microsoft, she was chief security officer of Cisco's Global Value Chain. She is recognized domestically by presidential commissions and globally by NATO, was appointed to the Executive Committee of the U.S. DHS Task Force on ICT Supply Chain Risk Management and serves on the DHS Critical Manufacturing Sector Coordinating Council Executive Committee.