Seguridad Mania.com - España y América Latina
Portal sobre tecnologías para la seguridad física
- Destacamos »
- software Anti Blanqueo
PR Newswire
WASHINGTON, May 12, 2022
Recommendations Emphasize Aligning Proposed Rules with Best Practices and Delineating Between Board and Management's Roles
WASHINGTON, May 12, 2022 /PRNewswire/ -- The National Association of Corporate Directors (NACD), the authority on boardroom practices representing more than 23,000 board members, this week submitted comments to the US Securities and Exchange Commission (SEC) on their proposed amendments to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incident reporting by public companies.
Agreeing with the intent of the proposed rules, NACD emphasized its support for consistent disclosure of information related to four key areas: cybersecurity incident response and reporting; cybersecurity risk management policies and procedures; the role of management in cybersecurity; and board cybersecurity expertise and oversight.
NACD emphasized the following main points about the board's role in its comments:
- The cyber security-specific roles of the board and management are distinct.
o Management must control and mitigate risk, and drill deeply into breaches.
o The board's role is to make sure that cybersecurity is well managed and that the risk is well controlled.
- NACD believes cybersecurity oversight must be the shared responsibility of the whole board, not the responsibility of one director with cybersecurity expertise.
"Continuous director education in cyber-risk oversight is critical for what the SEC is asking boards to do, and for directors to fulfill their obligations as effective stewards of their organizations," said Peter R. Gleason, president and CEO of NACD. "We are in agreement with the SEC that long-standing efforts to ensure board members have the necessary resources to provide meaningful oversight of cyber programs are essential."
NACD has demonstrated a deep commitment to promoting continuous director education and to helping board members keep pace with an ever-changing threat landscape. Today, more than 700 directors hold the NACD CERT Certificate in Cyber-Risk Oversight, which has long been recognized as the premier cyber credential for board members.
In the filing, NACD asserted and clarified the following:
- NACD supports a collaborative approach that clearly outlines distinct cybersecurity-specific roles for the board and organizational management functions.
- NACD supports disclosure of material cyber breaches within four days of determining materiality.
- NACD supports disclosures relevant to an organization's management and board-level cybersecurity policies, procedures, and governance.
- NACD supports phased requirements for smaller companies or another exemption to allow for maturing security operations, as well as consideration of other compliance and reporting requirements related to homeland security.
- NACD recommends that full-board oversight be conducted through a strong oversight framework instead of being reliant upon one board member who is deemed to have specific expertise.
- NACD supports identifying directors with cybersecurity expertise and/or education specific to cyber-risk oversight best practices, but rejects the proposal's mandate to disclose lack of specific cyber expertise among board members.
- NACD strongly supports the proposed safe harbor clarifying that a director identified as having cybersecurity expertise does not carry an increased level of liability under federal securities laws.
Click here to read the full comments submitted by NACD, including positions on other portions of the SEC's proposal.
About NACD
For more than 40 years, NACD has been on the leading edge of corporate governance, setting standards of excellence that have elevated board performance. NACD arms today's directors with insights and education that drive their mission forward, while preparing a new generation of boardroom leaders to meet tomorrow's biggest challenges. NACD is a community of more than 23,000 directors driven by a common purpose: to be trusted catalysts of economic opportunity and positive change—in businesses and in the communities they serve. To learn more about NACD, visit www.nacdonline.org.
Contact:
Susan Oliver
soliver@nacdonline.org
703-216-4078
Shannon Bernauer
sbernauer@nacdonline.org
571-367-3688
View original content to download multimedia:https://www.prnewswire.com/news-releases/nacd-responds-to-sec-rule-proposal-on-public-company-cybersecurity-risk-management-strategy-governance-and-incident-disclosure-301546494.html
SOURCE National Association of Corporate Directors
Publicamos interesante Informe de más de 48 págs y varios videos demostrativos sobre los posibles ataques a los robots de montaje de las fábricas. ... Leer más ►
Publicado el 22-Jun-2017 • 10.48hs
Publicado el 20-Jun-2017 • 20.22hs
Dirigido tanto a los principiantes, como a los expertos en seguridad informática y sistemas de control industrial (ICS), este libro ayudará a los lectores a comprender mejor la protección de normas de control interno de las amenazas electrónicas. ... Leer más ►
Publicado el 3-Ene-2012 • 20.16hs
Publicado el 25-Set-2009 • 01.26hs
Publicado el 17-Dic-2008 • 08.32hs