[ISN] 2012 Compliance Checklist

[InfoSec News <alerts@xxxxxxxxxxxxxxx>]

http://www.darkreading.com/compliance/167901112/security/vulnerabilities/232200757/2012-compliance-checklist.html

By Ericka Chickowski
Contributing Editor
Dark Reading
Dec 05, 2011

When the calendar flips over to a new year in January, organizations 
will be faced with a new round of compliance demands piled on to the 
existing ones that they may already be struggling to deal with. Here's 
what a range of industry insiders say should make any organization's 
to-do list in the coming year.

Show Shareholders The Dirty Laundry, Per SEC Demands

The SEC released a guidance in October this year that asks public 
companies to disclose data breaches and 'material cyber attacks' that 
would raise shareholder eyebrows. This means publicly traded companies 
need to be ready to report to investors the financial ramifications of 
hacks and breaches that hit them starting in 2012.

"Members of our profession frequently lament the lack of awareness and 
visibility of cybersecurity issues with the senior management," says 
Michael de Crespigny, CEO of Information Security Forum. "This SEC 
guidance, speaking to management about obligatory disclosures, provides 
another opportunity to change that. Information security leaders should 
take the initiative to raise this issue with senior management and 
explain how your organization should respond."

[...]


_____________________________________________________
Subscribe to InfoSec News - www.infosecnews.org
http://www.infosecnews.org/mailman/listinfo/isn