The U.S. Securities and Exchange Commission (SEC) has enacted new rules that will significantly impact cyber security governance and disclosure for public companies. These changes are important because they promote better cyber security practices, enhance transparency, and emphasize the role of governance in managing cyber security risks.
The Framework
The NIST CSF v2.0 is the upcoming revision to the cyber security Framework. The new version of the framework is expected to include updates to the core functions, categories, and subcategories, as well as new implementation examples.
The Action
From the SEC Ruling, it is clear that leadership and the board must understand what is being done to protect assets from a cyber-attack. Identifying critical assets, systems and data and understanding the impact to the business should they be disrupted is an essential first step.