https://community.isc2.org/t5/Industry-News/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced/m-p/64783#M6540 <P><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">A </SPAN></SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://garbarino.house.gov/sites/evo-subsites/garbarino.house.gov/files/evo-media-document/resolution-text-sec-cyber-rule-cra.pdf" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">joint resolution</SPAN></SPAN></A><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0"> was introduced by Representatives Andrew Garbarino (R-NY) </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">in the House </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">and Thom Tillis (R-NC) </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">in the</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> Senate</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">, </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">on November 14, </SPAN><SPAN class="NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW102205617 BCX0">2023</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> that, if passed, would overturn the Securities and Exchange Commission’s (SEC) recent&nbsp; "</SPAN></SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://www.sec.gov/files/rules/final/2023/33-11216.pdf" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure"</SPAN></SPAN></A><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0"> final rules.</SPAN> </SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">ISC2 has previously expressed concerns over the new rules particularly, that they leave considerable ambiguity, especially </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">regarding</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> the definition and measure of risk, along with not making a definitive ruling on cybersecurity skills and experience requirements for public company boards. </SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">To be successful both t</SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">he House and Senate must vote to approve the resolution and the president must sign it. So </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">far, during the current Executive administration, 7 CRA resolutions have been introduced, all have been</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> vetoed. </SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">Members should periodically review incident reporting processes against the SEC ruling to understand in advance what materiality means for their organization, and factor incident risk reporting into their processes. </SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">Several helpful ISC2 resources can be found </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">on ISC2 Insights</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">:</SPAN> </SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://www.isc2.org/Insights/2023/11/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">https://www.isc2.org/Insights/2023/11/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced</SPAN></SPAN></A> <SPAN class="EOP SCXW102205617 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Tue, 21 Nov 2023 14:12:50 GMT mborchardt 2023-11-21T14:12:50Z https://community.isc2.org/t5/Industry-News/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced/m-p/64783#M6540 <P><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">A </SPAN></SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://garbarino.house.gov/sites/evo-subsites/garbarino.house.gov/files/evo-media-document/resolution-text-sec-cyber-rule-cra.pdf" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">joint resolution</SPAN></SPAN></A><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0"> was introduced by Representatives Andrew Garbarino (R-NY) </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">in the House </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">and Thom Tillis (R-NC) </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">in the</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> Senate</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">, </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">on November 14, </SPAN><SPAN class="NormalTextRun ContextualSpellingAndGrammarErrorV2Themed SCXW102205617 BCX0">2023</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> that, if passed, would overturn the Securities and Exchange Commission’s (SEC) recent&nbsp; "</SPAN></SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://www.sec.gov/files/rules/final/2023/33-11216.pdf" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure"</SPAN></SPAN></A><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0"> final rules.</SPAN> </SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">ISC2 has previously expressed concerns over the new rules particularly, that they leave considerable ambiguity, especially </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">regarding</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> the definition and measure of risk, along with not making a definitive ruling on cybersecurity skills and experience requirements for public company boards. </SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">To be successful both t</SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">he House and Senate must vote to approve the resolution and the president must sign it. So </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">far, during the current Executive administration, 7 CRA resolutions have been introduced, all have been</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0"> vetoed. </SPAN></SPAN><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">Members should periodically review incident reporting processes against the SEC ruling to understand in advance what materiality means for their organization, and factor incident risk reporting into their processes. </SPAN></SPAN></P> <P>&nbsp;</P> <P><SPAN class="TextRun SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0">Several helpful ISC2 resources can be found </SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">on ISC2 Insights</SPAN><SPAN class="NormalTextRun SCXW102205617 BCX0">:</SPAN> </SPAN><A class="Hyperlink SCXW102205617 BCX0" href="https://www.isc2.org/Insights/2023/11/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced" target="_blank" rel="noreferrer noopener"><SPAN class="TextRun Underlined SCXW102205617 BCX0" data-contrast="none"><SPAN class="NormalTextRun SCXW102205617 BCX0" data-ccp-charstyle="Hyperlink">https://www.isc2.org/Insights/2023/11/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced</SPAN></SPAN></A> <SPAN class="EOP SCXW102205617 BCX0" data-ccp-props="{&quot;201341983&quot;:0,&quot;335559739&quot;:160,&quot;335559740&quot;:259}">&nbsp;</SPAN></P> Tue, 21 Nov 2023 14:12:50 GMT https://community.isc2.org/t5/Industry-News/Resolution-to-Overturn-SEC-Cyber-Disclosure-Rule-Introduced/m-p/64783#M6540 mborchardt 2023-11-21T14:12:50Z