cybersecurity disclosure and internal controls
play

Cybersecurity Disclosure and Internal Controls Association of - PowerPoint PPT Presentation

Aug 28, 2022 •160 likes •308 views

Cybersecurity Disclosure and Internal Controls Association of Corporate Counsel April 26, 2019 SECs Increasing Emphasis on Cybersecurity The SEC formed a dedicated cyber unit in 2017 According to the SEC Enforcement Divisions FY

  1. Cybersecurity Disclosure and Internal Controls Association of Corporate Counsel April 26, 2019

  2. SEC’s Increasing Emphasis on Cybersecurity • The SEC formed a dedicated cyber unit in 2017 • According to the SEC Enforcement Division’s FY 2018 annual report, the SEC brought 20 cyber-related enforcement actions last year • The SEC has over 200 open cyber-related investigations 2

  3. Overview and Implications of SEC’s Guidance on Cybersecurity Disclosures • In February 2018, SEC issued interpretive guidance “to assist public companies in preparing disclosures about cybersecurity risks and incidents” • Guidance emphasizes Board’s role in cybersecurity risk oversight • May need to disclose prior or ongoing cybersecurity incidents in order to place discussions of risk in the appropriate context • Disclosure controls should ensure that appropriate personnel have necessary information about cybersecurity risks and incidents so fully informed disclosure decisions can be made 3

  4. SEC Guidance: Disclosure Timing, Corrections, and Updates • Timing of Incident Disclosures – “[W]e recognize that a company may require time to discern the implications of a cybersecurity incident” – “[A]n ongoing internal or external investigation – which often can be lengthy – would not on its own provide a basis for avoiding disclosures of a material cybersecurity incident” • Correcting and Updating Disclosures – May have duty to correct prior disclosure if determine untrue at time made, such as by discovering contradictory information that existed at time made – May have duty to update disclosure if it becomes materially inaccurate after made – Should consider whether need to revisit or refresh during the process of investigating a cybersecurity incident 4

  5. SEC Investigative Report on Cybersecurity Internal Controls • On October 16, 2018, SEC issued investigative report emphasizing that public companies must consider cyber threats when implementing internal accounting controls – Companies must safeguard investor assets from cyber-related frauds • Key Takeaways – Continually assess cybersecurity risks and calibrate internal controls accordingly – Factor human vulnerabilities into control design – Companies had appropriate policies in place but various aspects were ignored or misunderstood – Evaluate insider trading policies in relation to knowledge of cybersecurity risks and incidents 5

  6. Types of Threats Data Breach Financial data Personal data Customer data Knowledge Assets Intellectual property Business plans Critical Infrastructure Cyber Attacks Shutdown of operations Target control systems to cause physical harm and property destruction Ransomware Data as hostage Destruction of data

  7. Lifecycle of a Cyber Attack Data is Compromised Attack Stage Maintaining • Data theft the Back Door Weapon/ • Data destruction Malware • Espionage • Unmonitored ports Delivery Opening • Denial of service • Misconfigured data the Door • Spyware • Unauthorized system loss prevention tools Intelligence • Ransomware and network access • Spear phishing Collection • Stolen access • Rootkit • Cyber crime • Drive-by download credentials • Peer-to-peer • Bot • Software/hardware networks vulnerabilities • Search engines • Third-party • Social engineering compromise Time Time to Exploit: Minutes Time to Discovery: Months or Longer Source: Deloitte Development LLC

  8. Cyber Security as a Material Risk 1. Businesses are increasingly targeted 4. Everything can’t be protected equally § Fraud – millions of dollars in losses § Identify the ‘ crown jewels ’ and high-impact, high- § IP theft – corporate espionage risk individuals/events – prioritize and invest in § Customer data theft – financial data theft controls based on risk decisions § Denial of service – disruptions in operations (e.g., § Plan, budget, track, and report on the effectiveness shutdown of industrial processes) and loss of of cybersecurity programs and internal controls customer trust § Physical harm – attacks designed to cause harm 5. Traditional controls are necessary but 2. Cyber damages go beyond dollars should be augmented § Determine your risk tolerance and the cost of § Perimeter defense is no longer sufficient protection § Understand the impact of changes in privacy laws and cybersecurity standards and the need for continual assessment § Human error/lapses continue to be one of the key 3. Speed of attack is increasing, response reasons for breaches times are shrinking, and the tail of a crisis-level data breach is long 6. Regulators, government, and the media are key stakeholders with ever increasing focus § It only takes minutes to compromise and it may take years to recover § Cyber security is a team sport. The General § Understand the importance of communications and Counsel’s office has a critical role to play in messaging, especially during a time of crisis managing a cyber security incident as does the CISO.

  9. Cybersecurity Risk Assessment Best Practices • Conduct a risk assessment to identify and prioritize important systems and information, the most likely threats to those systems, and the best controls to reduce or eliminate those threats • Risk Identification Process – Create a inventory of systems and data – Determine the criticalness of systems and data – Identify key vulnerabilities and threats to systems and data – Collect and classify controls 9

  10. About Norton Rose Fulbright Key industry strengths Global footprint Energy Financial institutions Infrastructure, mining and commodities Transport Technology and innovation Life sciences and healthcare Business principles Quality. Unity. Integrity. 58 Offices, including locations in major energy and financial markets 4000+ Lawyers and other legal staff worldwide (900+ in US) 10

  11. Gerard G. Pecht Global Head of Dispute Resolution and Litigation, Houston T: +1 713 651 5243 gerard.pecht@nortonrosefulbright.com Gerry Pecht concentrates his practice in the area of securities litigation, SEC enforcement and internal corporate investigations, both nationwide and globally. He regularly represents Fortune 500 companies and their officers and directors and has led many significant matters, including some highly sensitive ones, to a positive conclusion. Litigation Experience: Gerry has extensive experience litigating in federal and state court and before arbitration panels, having tried over 30 matters to judgment. He has also argued appeals before the United States Courts of Appeal of the Second, Fifth, Tenth and Eleventh Circuits as well as the appellate courts of Texas. Gerry's litigation practice includes defending a large number of class actions, as well as shareholder derivative actions and a wide range of claims against corporations, underwriters, officers and directors. He has also represented companies in litigation over corporate control, including hostile tender offers and proxy solicitations. Gerry also has represented corporations as plaintiffs and has recovered on their behalf millions of dollars in judgments, settlements, mediations and arbitrations. Enforcement Experience: Gerry’s enforcement experience includes representing both companies and individuals in cases and investigations involving FCPA, disclosures, insider trading, market manipulation, accounting controls, and use of promotors. He has also represented companies, officers, and directors in inquires and investigations by the SEC, FINRA and the Texas State Securities Board (TSSB), as well as litigated cases against the SEC, before Administrative Law Judges and in federal courts. Internal Corporate Investigations: Drawing on decades of experience representing issuers, officers and directors before the SEC, NASD, NYSE and in securities and derivative litigation, Gerry regularly represents the board, audit committees, special litigation committees and other committees of the board in internal investigations. His internal corporate investigations have involved a wide range of issues, including: accounting irregularities, alleged foreign corrupt practices, transactions with sanctioned countries, related party transactions, improper revenue recognition and financial disclosures, whistleblower claims, conflicts of interest, corporate malfeasance, and officer and director breaches of fiduciary and other duties. Gerry has represented multinational companies in internal corporate investigations that have spanned the globe. He has experience in working with forensic experts, auditors, insurers, company counsel, public relations firms and regulators in connection with these investigations and he has expertise in assessing liability, fashioning disclosures, structuring remedial measures and devising corporate compliance programs. Gerry has handled corporate investigations for companies and board committees in industries such as software, oilfield service and supply, international construction, energy and medical services. In these investigations, Gerry regularly deals with US Attorneys, SEC, DOJ, Department of Commerce and Department of the Treasury. 11

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cybersecurity Disclosure and Internal Controls Association of Corporate Counsel April 26, 2019

Cybersecurity Disclosure and Internal Controls Association of Corporate Counsel April 26, 2019

Cybersecurity Disclosure and Internal Controls Association of Corporate Counsel April 26, 2019 SECs Increasing Emphasis on Cybersecurity The SEC formed a dedicated cyber unit in 2017 According to the SEC Enforcement Divisions FY

333 views • 15 slides
Financial Procedures and Internal Controls Internal controls Why is this so important? Internal

Financial Procedures and Internal Controls Internal controls Why is this so important? Internal

Financial Procedures and Internal Controls Internal controls Why is this so important? Internal control why is this so important? Create valuable information on to the leadership on financial matters informed decision making

630 views • 14 slides
Internal Controls Presented by: Patrick Cowen, CPA, CIA, CISA Why Internal Controls? Prevent

Internal Controls Presented by: Patrick Cowen, CPA, CIA, CISA Why Internal Controls? Prevent

Internal Controls Presented by: Patrick Cowen, CPA, CIA, CISA Why Internal Controls? Prevent and Detect Fraud, Waste and Abuse Motive + Opportunity + Justification = Fraud 2 What Are Internal Controls? Internal Control is a process set by

547 views • 42 slides
The Annual Internal Controls Certification Process The Office of Internal Controls The Office

The Annual Internal Controls Certification Process The Office of Internal Controls The Office

The Annual Internal Controls Certification Process The Office of Internal Controls The Office of Internal Controls ANNUAL UNIT CERTIFICATION History Began with 2005 FY High degree of decentralization in higher education Designed to

407 views • 27 slides
Todays Keys What are Internal Controls Financial Close Controls Where to Find Resources

Todays Keys What are Internal Controls Financial Close Controls Where to Find Resources

Todays Keys What are Internal Controls Financial Close Controls Where to Find Resources Community Foundation 1 What are Internal Controls Community Foundation 2 Objectives of Internal Control are Interrelated Reduce risk of loss

389 views • 18 slides
Internal Controls A short presentation from Your Internal Audit Department The Old Internal

Internal Controls A short presentation from Your Internal Audit Department The Old Internal

Internal Controls A short presentation from Your Internal Audit Department The Old Internal Audit Department The New Internal Audit Department Were here to help! Teach + Train = Change Our goal: Promote effective, efficient and

205 views • 19 slides
Internal Controls for Your Form 990: What to Know Christa Divis, CPA, MBA, CGMA VP of Finance

Internal Controls for Your Form 990: What to Know Christa Divis, CPA, MBA, CGMA VP of Finance

Internal Controls for Your Form 990: What to Know Christa Divis, CPA, MBA, CGMA VP of Finance and Chief Financial Officer Coastal Community Foundation Agenda 1. Introductions 2. Internal Controls 3. Form 990 Overview 4. Putting It Together!

405 views • 19 slides
Non-Profit Internal Controls: Establishing and Examining Controls To Prevent Fraud and Improve

Non-Profit Internal Controls: Establishing and Examining Controls To Prevent Fraud and Improve

Presenting a live 110-minute teleconference with interactive Q&A Non-Profit Internal Controls: Establishing and Examining Controls To Prevent Fraud and Improve Financial Reporting WEDNESDAY, JULY 17, 2013 1pm Eastern | 12pm Central |

772 views • 54 slides
Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing

Presenting a live 90-minute webinar with interactive Q&A Mitigating D&O Liability Exposure for Data Privacy and Cybersecurity Breaches Reducing D&O Risk With Internal Controls, Insurance, and Indemnification; Defending Derivative

1.28k views • 79 slides
Internal Controls for Federal Grants Terenzio Volpicelli, CPA, Partner Roselli, Clark and

Internal Controls for Federal Grants Terenzio Volpicelli, CPA, Partner Roselli, Clark and

Internal Controls for Federal Grants Terenzio Volpicelli, CPA, Partner Roselli, Clark and Associates MMAAA June Annual Meeting South Yarmouth, Massachusetts June 13, 2018 Agenda What are internal controls What does the Uniform

507 views • 39 slides
WA S H I N G T O N S T AT E U N I V E R S I T Y Fiscal Audits and Internal Controls Terry Ely ,

WA S H I N G T O N S T AT E U N I V E R S I T Y Fiscal Audits and Internal Controls Terry Ely ,

WA S H I N G T O N S T AT E U N I V E R S I T Y Fiscal Audits and Internal Controls Terry Ely , Executive Director Business Services/Controller Heather Lopez , Chief Audit Executive Internal Audit Revised November 2015 1 Workshop

486 views • 20 slides
MRO Internal Controls Accounting and Financial Management March 28, 2019 1 The purpose of this

MRO Internal Controls Accounting and Financial Management March 28, 2019 1 The purpose of this

MRO Internal Controls Accounting and Financial Management March 28, 2019 1 The purpose of this presentation is to update the MRO Board of Directors on MROs internal control environment, documentation, and compliance oversight. It is meant

484 views • 19 slides
Todays Keys What are Internal Controls What are High Risk Areas How to Assemble a Team How

Todays Keys What are Internal Controls What are High Risk Areas How to Assemble a Team How

Todays Keys What are Internal Controls What are High Risk Areas How to Assemble a Team How to Document Where to Find Resources Community Foundation 1 What are Internal Controls Community Foundation 2 Polling Question What Comes to

560 views • 26 slides
CIS Controls, the Building Blocks of Organizational Cybersecurity Independent Bankers of Colorado

CIS Controls, the Building Blocks of Organizational Cybersecurity Independent Bankers of Colorado

1 CIS Controls, the Building Blocks of Organizational Cybersecurity Independent Bankers of Colorado Convention 2019 2 TODAYS PRESENTER RACHAEL SCHWARTZ Rachael has been an IT consultant for financial firms for more than 9 years. Prior to

658 views • 20 slides
The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California

The Third Line of Defense in Cybersecurity Internal Audit and the University of California Cybersecurity Audit Team Overview 1. University of California and Internal Audit 2. Establishing the Cybersecurity Audit Team (CAT) 3. CAT

650 views • 23 slides
Agenda Introduction Internal Controls the textbook version ACFE Report to the

Agenda Introduction Internal Controls the textbook version ACFE Report to the

6/21/2018 Fraud Happens.but it doesnt have to. A Simple Perspective on how to Protect You and Your Organization David Mol, CPA Redpath and Company,Ltd 1 Agenda Introduction Internal Controls the textbook version ACFE

499 views • 20 slides
MAC Clauses and Indemnification MAC Clauses and Indemnification Provisions in M&A Deals

MAC Clauses and Indemnification MAC Clauses and Indemnification Provisions in M&A Deals

Presenting a live 90 minute webinar with interactive Q&A MAC Clauses and Indemnification MAC Clauses and Indemnification Provisions in M&A Deals Crafting Terms to Minimize Transaction Risks and Post Closing Disputes TUES DAY,

1.05k views • 76 slides
ZA 2016-1920-CUB ENV-2016-192-EAF CUB 6/1/2016 Lisette Covarrubias CONDITIONAL USE A T T A C H

ZA 2016-1920-CUB ENV-2016-192-EAF CUB 6/1/2016 Lisette Covarrubias CONDITIONAL USE A T T A C H

ZA 2016-1920-CUB ENV-2016-192-EAF CUB 6/1/2016 Lisette Covarrubias CONDITIONAL USE A T T A C H M E N T 1 1124 S San Julian Street, Unit 101 Los Angeles, CA 90015 Representative: Applicant: Elizabeth Peterson Group, Inc. SDLA, LLC 400

845 views • 38 slides
Alameda Health System Fis iscal 2021 Operating and Capital Budget Process and Tim imeline

Alameda Health System Fis iscal 2021 Operating and Capital Budget Process and Tim imeline

Alameda Health System Fis iscal 2021 Operating and Capital Budget Process and Tim imeline Delvecchio Finley, CEO Kim Miranda, CFO 1 March 12, 2020 Fiscal 2021 Budget Goals and Principles Focus on stabilization after SAPPHIRE

430 views • 12 slides
$ % $ % & $ ' ( ) * ITEM 3, A Planning

$ % $ % & $ ' ( ) * ITEM 3, A Planning

494 views • 34 slides
Feasibility Study for Residential Solid Waste Collection Contracts June 25, 2020 1 1 Jennifer

Feasibility Study for Residential Solid Waste Collection Contracts June 25, 2020 1 1 Jennifer

City of Burlington Public Meeting Feasibility Study for Residential Solid Waste Collection Contracts Feasibility Study for Residential Solid Waste Collection Contracts June 25, 2020 1 1 Jennifer Porter GBB Vice President (Project Manager)

366 views • 10 slides
BISD First Week - Middle School August 31st is the first week of school If you chose

BISD First Week - Middle School August 31st is the first week of school If you chose

S tart of School Information for STEAM Middle School August 3, 2020 BISD First Week - Middle School August 31st is the first week of school If you chose Virtual Learning, your whole week will be virtual learning If you chose

470 views • 15 slides
Nurse Next Door Trademark Acquisition and Royalty Investor Presentation November 1, 2019 Legal

Nurse Next Door Trademark Acquisition and Royalty Investor Presentation November 1, 2019 Legal

Nurse Next Door Trademark Acquisition and Royalty Investor Presentation November 1, 2019 Legal Disclaimer Notice The contents of this presentation are for information purposes only. This presentation does not constitute an offer to sell secu

623 views • 24 slides
Landmark Preservation Commission Public Hearing Presentation February 20 th , 2018 Presented to

Landmark Preservation Commission Public Hearing Presentation February 20 th , 2018 Presented to

205 EAST 17TH STREET Landmark Preservation Commission Public Hearing Presentation February 20 th , 2018 Presented to the Community Board 6 on February 6 th , 2018 Project: 205 E 17th Street 10003 New York, NY Title Sheet Landmark Preservation

278 views • 12 slides

More recommend