Under pressure, SEC backpedals on 4-day breach disclosure rule at 11th hour of mandate

18 December 2023

A new Securities and Exchange Commission (SEC) rule that requires companies to report a breach within four days of determining a material incident goes into effect today, and the industry has responded positively to a last-minute change that does not require companies to file the technical details of a breach. In a blog post published December 14, Erik Gerding, director of the SEC’s Division of Corporation Finance, clarified that in the final version of the rules, companies do not need to “disclose any specific or technical information about their incident response, systems or potential vulnerabilities if that could impede their incident response and remediation process.” Gerding said the SEC sought to balance the need for disclosure with the risk that disclosing specific technical information could offer a roadmap that threat actors could exploit in future attacks.

Source: SC Magazine

Date:

18 December 2023

Categorie(s):

NEWS

Tag(s):

IT, News, SEC

Securing the future of IoT: Why attack surface management is key29 April 2024
No more 12345: devices with weak passwords to be banned in UK28 April 2024
20 Best Linux Password Managers in 202428 April 2024
Reliable Web App Pattern: Now Optimizes Azure Migration with Enhanced Infrastructure and Security28 April 2024
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks28 April 2024