THE ITAM NEWSLETTER

Boardroom Alert: SEC’s New Cybersecurity Rules Demand Your Attention

Author: Jeremy Boerger, The ITAM Coach​

Share this Article

Screenshot 2024-02-08 at 14-48-07 Boerger SEC Cyber Newsletter Image.webp (WEBP Image 1792 × 1024 pixels) — Scaled (66_)

Cybersecurity compliance isn’t just a buzzword—it’s an evolution in corporate responsibility, especially with the SEC’s new rules that dictate how public organizations manage and report cyber risks and incidents.

Grant Thornton recently published an article titled: “SEC Heightens Urgency on Cybersecurity.” It summarizes the SEC’s new rules that went into effect in December and how they impact organizations from now on.

The new rules require organizations to sharpen their focus on transparency and governance frameworks. This is no minor administrative update, and adaptation is not optional.

Accurate, reliable data sits at the heart of compliance, and achieving that is no small feat. If your internal departments treat data sharing like a game of tag or your asset reporting reads more like fiction than fact, you’re looking at a compliance headache of epic proportions.

The Rules In Brief

In my role as an ITAM professional specializing in public sector organizations, the recent unveiling of the SEC’s compliance regulations directly impacts how I advise my clients. ITAM’s role in ensuring organizational strategy meets regulatory demands has become more critical than ever. Here are some excerpts from the Grant Thornton article and my thoughts:

“Companies need to be prepared to comply with the SEC’s rules, which focus on providing transparency to investors. An organization that has weak cybersecurity controls may pose more risk to investors, and a company with a substantial breach may experience reputational harm and loss of value.

 

To compel organizations to provide that transparency, the SEC is requiring that registrants disclose:

  • Their board of directors’ oversight of risks from cybersecurity threats and management’s role and expertise in assessing and managing material cybersecurity risks on an annual basis.

  • Their processes for assessing, identifying and managing material risks from cybersecurity threats, as well as the material effects or reasonably likely material effects of risks from cybersecurity threats and previously likely cybersecurity incidents on an annual basis.

  • Any cybersecurity incident they deem to be material — as well as its scope, nature and timing — within four business days after determining that the incident is material.”

My Thoughts: Good money says most boards will stop with CISO and not ask about ITAM or SAM. And most CISOs will not offer up any cooperation with existing internal ITAM or SAM groups.  It is a shame because when cybersecurity and ITAM are encouraged to work together, the organization can improve its cybersecurity and reduce its IT operational costs simultaneously!

The Board Of Directors

“The board of directors has the ultimate oversight of cybersecurity risks through board committees or subcommittees that are directly responsible on a regular basis to be kept abreast of changes in the cybersecurity risk situation and help guide the board in its oversight,” said Grant Thornton Managing Director for Cybersecurity and Privacy Services Max Kovalsky.

The final rule does not require boards to have a member with specific expertise in cybersecurity risk management, but Kovalsky said boards need to be educated on these risks to appropriately exercise their duties related to cybersecurity.”

My Thoughts: ITAM asset lifecycle management ensures the board can depend on accurate and trustworthy data because it describes how IT assets move through the organization and how to find IT assets that skip a step – which would signal a potential security risk.

In Summary

The latest SEC regulations serve as a critical reminder that cybersecurity compliance is now a critical element of corporate governance. Public organizations must adapt to the changes to maintain investor trust and avoid the pitfalls of non-compliance. Accurate and reliable IT asset data ensures that your board of directors can fulfill their oversight duties with confidence.

I encourage you to set up a research call with me to uncover how the SEC standards are – and will be – affecting your organization. Let’s explore ways to strengthen your ITAM processes – and train your team to make the changes permanent.

Share this Article

Leave a comment

Your email address will not be published. Required fields are marked *

Picture of Jeremy Boerger<br><a  ITAM Coach</a>

Jeremy Boerger
The ITAM Coach

Jeremy Boerger has over two decades of experience within the Information Technology sector. His signature Pragmatic ITAM Method is used by major manufacturing, healthcare, and global financial institutions. It enables them to Spend Less On Software Without Buying Less Software.

Categories

Categories

Recent Posts

Subscribe to my blog

Buy The Book:

Rethinking Technology Asset Management

If you’re a business leader or an IT
executive who is tired of hearing:
This is just the way ITAM is.
Then this book is for you. Buy here:


Screen Shot 2022-03-31 at 9.31.11 AM
Picture of Jeremy Boerger<br><a  ITAM Coach</a>

Jeremy Boerger
The ITAM Coach

Jeremy Boerger has over two decades of experience within the Information Technology sector. His signature Pragmatic ITAM Method is used by major manufacturing, healthcare, and global financial institutions. It enables them to Spend Less On Software Without Buying Less Software.

Categories

Categories

Recent Posts

Recent Posts

Subscribe to my blog

Buy The Book:

Rethinking Technology Asset Management

If you’re a business leader or an IT
executive who is tired of hearing:
This is just the way ITAM is.
Then this book is for you. Buy here:


Screen Shot 2022-03-31 at 9.31.11 AM

CONTACT THE ITAM COACH

Schedule a call with me and find out if you could be managing your assets more efficiently with the tools you already have. There is no pressure or obligation.
(You may not even need me!)

Submit the form or:

Share this Article

Share this Article

mobile-logo-resized mobile-btn-resized-final
Boerger Consulting

Don't Sweat Your Next Software Audit!

Get the knowledge you need to succeed from one of the world's top ITAM practitioners.

Subscribe To The ITAM Newsletter