SlideShare a Scribd company logo
1 of 15
Download to read offline
Using the IncMan Suite to Manage
 the Reporting of Cyber Security
 Risks and Incidents to the SEC
SEC Cyber Security Reporting




                                                                                                                                   Disclaimers
The information contained in this document is the proprietary and exclusive property of DFLabs
except as otherwise indicated. No part of this document, in whole or in part, may be
reproduced, stored, transmitted, or used for design purposes without the prior written
permission of DFLabs. The information contained in this document is subject to change without
notice.
NO WARRANTY: The information in this document is provided for informational purposes only.
DFLabs specifically disclaims all warranties, express or limited, including, but not limited, to the
implied warranties of merchantability and fitness for a particular purpose, except as provided for
in a separate software license agreement.
NOT LEGAL ADVICE: The ideas and opinions in this document are not to be construed as legal
advice.


                                                                                                                            About DFLabs
DFLabs is an ISO9001 certified company, specializing in Information Security Governance,
Governance Risk and Compliance (GRC) and Business Security. Our mission is: Supporting
Information Security Strategies and Guaranteeing Business Security. Proud of its professional
experience, DFLabs provides consulting, services and technologies in the following areas:
Network security, Information Security Strategy, Incident/Fraud Prevention and Response,
Digital Forensics, e-discovery, Litigation Support, Infosec Training, Intrusion Prevention, Log
and Vulnerability Management.
DFLabs is creator of the IncMan Suite, a comprehensive incident management solution. The
IncMan Suite comprises three modules that can operate autonomously or in concert for a
complete solution.
          Incident Manager (IMAN) is the integrated solution for the complete management of
          security incidents.
          Digital Investigation Manager (DIM) is digital evidence tracking software used in digital
          investigations. DIM has been designed and developed to be used for digital evidence
          process support during computer forensics and incident response operations.
          ITILity is a framework of best practices to manage IT operations and services. It is
          designed to provide a complete support solution, to streamline helpdesk processes.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 1
SEC Cyber Security Reporting




                                                                                             Table of Contents
   Executive Summary .................................................................................................. 3
   Business Challenges ................................................................................................ 4
   Solution Description .................................................................................................. 8
   Important Features ................................................................................................. 11
   Technical Details .................................................................................................... 12
   Summary ................................................................................................................ 12
   More Information ..................................................................................................... 13
   Works Cited ............................................................................................................ 13




©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                         Page 2
SEC Cyber Security Reporting




                                                                                      Executive Summary
On October 13, 2011, the US Securities and Exchange Commission (SEC) published guidance
regarding the obligations of companies registered with the SEC relating to cyber security risks
and cyber security incidents. Although cyber security risks have always been a potential
disclosure issue, this recently published guidance draws specific attention to the need of
registrants to carefully analyze “if these issues are among the most significant factors that make
an investment in the company speculative or risky.” [1]
In determining whether such disclosure is required, companies need to consider:
                       Past Security Incidents
                       The probability of security incidents occurring in the future, the magnitude of
                       those risks, as well as the potential costs and consequences of those incidents
                       The adequacy of the preventive actions taken to reduce cyber security risks
The SEC Guidance discussed in this paper provides several examples of cyber threats that can
have a material impact on a company that investors have the right to be made aware of.
However, public disclosure of cyber risk and incidents must be done carefully. The SEC
guidance recognizes that detailed disclosures could provide a roadmap to an attacker.
Company executives have the difficult task of weighing the obligation to provide timely and
comprehensive information while preserving customer and investor confidence. The stakes of
this balancing act are heightened by the litigious climate facing companies doing business in the
US.
This document will cover the challenges of assimilating all of the threats and attacks that a
company is exposed to so that a proper risk assessment can be performed. Proper disclosure
cannot be performed without competent analysis of the risks identified during a risk assessment.
Not every breach will need to be reported, as the majority will not have the potential for a
material impact to the company [2]. Deciding which security incidents to disclose is another
critical management decision and it must be made in a timely manner.
The DFLabs IncMan Incident Management Suite not only provides your organization’s incident
handlers with a framework for managing cyber security incidents, it provides management with
insightful information for understanding the organization’s cyber risk profile and incident
response trends, including actual costs of historical and current incident response activities.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 3
SEC Cyber Security Reporting




                                                                                  Business Challenges
Trade Secrets, Personally Identifiable
Information, and Reputation
In today’s information-based economy, it can be argued that information is the primary fuel of
wealth creation. Information, combined with financial and human capital creates the combustion
of prosperity.    Competitive advantage arises based on how effectively organizational
management leverages these three types of resources. Trade secrets are the information that
provides competitive advantage. Companies need to devote appropriate resources to
safeguarding this information, so as to protect their competitive advantage.
In order to for a company to do business, a modicum of trust must exist between the business
and its customers. Each party to a transaction must trust that the transaction is fair. Some
transactions require more trust than others, for example the trust relationship between a patient
and a brain surgeon. Trust implies vulnerability.      I do not have to trust you if I am not
vulnerable to you [3]. To engage in most significant transactions, information must be
exchanged, and the expectation is that the recipient can be trusted with the information.
The average consumer would rather not share intimate personal details with a large
international organization but they will do so if they want the transaction to occur. Whether one
is aware of it or not, the decision to trust and share personally identifiable information (PII) is
based on a risk calculation that is part of our psychological hardwiring. An individual may not
accurately perceive the risk [4] but it is clear that one’s experience and assessment of the
other’s reputation are predominant factors in the decision making process [5].
To survive and thrive, organizations must diligently protect their trade secrets and those of their
business partners. They must also safeguard the personal information entrusted to them by
their customers. How effective an organization is at protecting these vital assets shapes its
reputation and that reputation is a key factor in the growth or decline of a business.


Disclosure of Cyber Security Risks by Public Companies
Investing is another transaction that has inherent risk and is based on trust. The US Securities
and Exchange Commission (SEC) has stated that, “The federal securities laws, in part, are
designed to elicit disclosure of timely, comprehensive, and accurate information about risks and
events that a reasonable investor would consider important to an investment decision.” [1]




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 4
SEC Cyber Security Reporting




The SEC has noted that there is increased focus on the disclosure obligations of publically
traded companies and has issued a document called CF Disclosure Guidance: Topic No. 2 –
Cybersecurity (hereafter referred to as “the guidance”). Perhaps this is a response to several
high profile security breaches at large public companies. The guidance states in its introduction,
that as the increasing dependence on digital technologies has increased, “the risks to
registrants associated with cybersecurity have also increased, resulting in more frequent and
severe cyber incidents.” [1]


Attacks & Accidents
In general terms, the goal of an attack is to make the adversary’s resources more valuable to
the attacker (theft, for example) or less valuable to the adversary (such as “denial of service”).
Attackers have a variety of motivations. Understanding these motivations is an important part of
threat assessment.
However, not all security incidents are motivated by ill will toward the organization. In fact,
many security incidents are due to errors and omissions. [6]


                            Organizations must protect themselves from both attacks
                            and accidents.



Confidentiality, Integrity, and Availability
Regardless of the motivation, a security incident will fall into one or more of the following
categories:
                       Threats to Confidentiality – A threat to confidentiality occurs when
                       unauthorized access has been gained to a system containing secret information.
                       Threats to Integrity – When a system has been attacked, users lose trust in the
                       accuracy and reliability of the information contained therein.
                       Threats to Availability – If users cannot access the information in a system, the
                       value of that information is greatly diminished.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 5
SEC Cyber Security Reporting




Risk, Vulnerabilities, and Threats
The common definition of cyber security risk is the likelihood that a threat will exploit a specific
vulnerability. Risk management is the identification and prioritization of risks as well as the
economical application of resources to reduce the impact of the adverse advent. [7]
By way of example, the SEC guidance discusses a variety of deliberate and unintentional cyber-
attacks on confidentiality, integrity, and availability. The document states that successful
attacks might result in the victim organization incurring substantial costs and negative
consequences, such as:
                       Remediation costs that may include liability for stolen assets or information and
                       repairing system damage that may have been caused. Remediation costs may
                       also include incentives offered to customers or other business partners in an
                       effort to maintain the business relationships after an attack;
                       Increased cyber security protection costs that may include organizational
                       changes, deploying additional personnel and protection technologies, training
                       employees, and engaging third party experts and consultants;
                       Lost revenues resulting from unauthorized use of proprietary information or the
                       failure to retain or attract customers following an attack;
                       Litigation; and
                       Reputational damage adversely affecting customer or investor confidence.


                            Risks have to be prioritized because the cost of mitigating
                            the risk cannot outweigh the cost of the adverse impact.



Determining What to Disclose
The SEC guidance discusses the specifics of disclosing risks in the various sections of the SEC
forms that cover:
                       Risk Factors
                       Management’s Discussion and Analysis of Financial Condition and Results of
                       Operations (MD&A)
                       Description of Business
                       Legal Proceedings
                       Financial Statement Disclosures


  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 6
SEC Cyber Security Reporting




The disclosures must “adequately describe the nature of the material risks and specify how
each risk affects the registrant [1].” Registrants are expected to evaluate their cyber security
risks, considering all relevant information. The guidance specifically mentions:
                         previous cyber security incidents and severity & frequency of those incidents;
                         the probability of future cyber security incidents and the potential magnitude of
                         those risks; and
                         the adequacy of the countermeasures taken to reduce cyber security risks.


A founding partner of the Information Law Group stated, “One read of this guidance is that
companies internally are going to have to more carefully forecast and estimate the impact of
cyber incidents and the consequences of failing to implement adequate security. This analysis
will go well beyond privacy-related security issues where most companies have focused (due to
various privacy laws and regulator activity), and implicate key operational issues impacted by
security breaches.” [2]


Avoiding Litigation
The stakes are very high. If a company does not adequately disclose cyber security risks they
are potentially exposed to lawsuits and sanctions from the SEC. However, disclosing details
about prior security incidents can also open the company up to additional lawsuits. One thing is
sure, teams of lawyers and accountants are looking at both sides of this issue 1 and plaintiffs will
have no problems obtaining the funding to pursue class action lawsuits. [8]




1
  The introduction to the SEC guidance stated that a motive for publishing the guidance was that
“there has been increased focus by registrants and members of the legal and accounting professions
on how these risks and their related impact on the operations of a registrant should be described
within the framework of the disclosure obligations imposed by the federal securities laws” [1]




    ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                             Page 7
SEC Cyber Security Reporting




                                                                                    Solution Description
Determination of Material Risks
In order for management to determine which cyber security risks should be disclosed per the
SEC guidance, it is important that the organization have a comprehensive security management
program. There are three facets of the program that will be the biggest sources of information
to the disclosure decision-making process:
                       Incident Handling Case Management
                       Risk Assessments
                       Operational Security
The IncMan Suite from DFLabs is a comprehensive incident management framework that has
functionality to meet the needs of security governance programs particularly in these three
areas. This functionality is discussed in the following sections, with a focus on the needs of the
decision makers involved in SEC reporting.




Figure 1 – The IncMan Dashboard gives a visual indication of critical metrics.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 8
SEC Cyber Security Reporting




Information on Past Security Incidents
The guidance states that historical security incident information is a consideration to be factored
into the disclosure decision-making process. IncMan not only provides a workflow framework
for an organization’s incident response team, it is also a repository of the team’s historical
response activities. The IncMan Suite archives all case notes and evidence, preserving the
chain of custody records. All cases are rated on a severity scale based on your organization’s
criteria. Any lessons can be preserved with each case. All content is searchable.
A dashboard (see Figure 1) provides a high-level overview of aggregated case information,
allowing managers to identify trends and see the financial impact of security incidents.


Probability & Impact of Future Security Incidents
While historical security incident information is an important factor in risk assessments, it
provides only a partial picture because threats evolve rapidly. Security managers must also be
aware of emerging attack trends, recently disclosed software vulnerabilities, as well as security
incidents afflicting the organization’s industry peers.
One of the most important features of IncMan is its native support of the IODEF standard [9].
This capability allows IncMan to automatically receive incident reports from any CSIRT and
create assignments for the organization’s response team to take preemptive actions.


                            The IncMan Suite allows security managers to assess the
                            magnitude of risk, potential costs, and consequences
                            material threats to the organization.



Because all security incidents (internal and external to the organization) are catalogued
according to the IODEF data model, security managers are able to use the dashboard and
report wizard to characterize emerging security incident trends and project the potential financial
impact to the organization.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 9
SEC Cyber Security Reporting




Adequacy of Preventive Actions Taken to Reduce Risks
An important tenant of security is “prevention is important, but detection is a must!” Most secure
organizations have adopted a defense-in-depth security philosophy with overlapping layers of
preventive and detective security controls. The detective counter-measures are designed to
raise an alert when preventive control has failed or has been circumvented. Generally, the
more rapid the response to the incident, the lower the cost will be.
The IncMan Suite can integrate with all security devices that support XML and the common
event format (CVE), such as all popular intrusion detection systems (IDS), intrusion prevention
systems (IPS), and Security Event & Incident Management (SEIM) systems.
The data generated by IncMan will allow Security Managers to make an ongoing evaluation of
the adequacy and cost effectiveness of the organization’s preventive and detective controls. As
part of an operational security process, new procedures and incident response procedures are
adapted to respond to organizational changes and evolving threats. These critical documents
can be stored in the IncMan knowledge base for immediate access during an incident.


Supporting Documentation for SEC Disclosures
As stated in the Business Challenges section of this paper, cyber security risk and incident
disclosures may impact reputation, investor and customer confidence, as well as have legal
ramifications. For this reason, it is anticipated that organizations will develop written criteria for
internal use as to what constitutes a material disclosure. Customized reports can be created to
provide the supporting documentation for the SEC disclosures.


Discovery & Legal Evidence
The organization may become involved in legal action resulting from significant security
incidents, either as a plaintiff or as a defendant. Corporate counsel can rest assured that all
aspects of the incident response including artifacts and case notes are preserved in a
forensically sound manner within the IncMan Suite. The suite provides for chain of custody
tracking of all evidence and incorporates full support for digital forensic investigation activities.
Within the system, all activity is logged. Access to each case is controlled on a role-based,
need-to-know basis as granted by a supervisor. When cases are closed, access can be
revoked or changed to read only.



  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 10
SEC Cyber Security Reporting




                                                                                          Important Features
The IncMan Suite is designed with the needs of enterprise incident response teams in mind.
The following features make the system ideally suited to the challenge of disclosing material
risks and incidents to the Securities and Exchange Commission:
                       Workflow Management – Templates can be defined to pre-populate the security
                       incident case record and tasks can be created and tracked.

                       Dashboard – The configurable dashboard gives an overview of the incident
                       response posture of the organization.

                       Powerful Reporting – Reports can be customized to report exactly the
                       information needed to support a material disclosure.

                       GRC – Risk and compliance implications for every incident can be automatically
                       directed to the appropriate management personnel.

                       Preservation of Evidence and Chain of Custody – All activities are logged and
                       all artifacts are preserved in a forensically sound manner.

                       Knowledge Base – The knowledge base can be loaded with the organization’s
                       policies, procedures, and criteria for a material disclosure.

                       Case Activity Notifications – Email alerts can be configured to escalate
                       incident cases to the appropriate level of management based upon severity.

                       Automatic Integration with External Applications – Integration with Intrusion
                       Detection Systems (IDS), Security Information Event Management (SIEM)
                       systems, and all leading forensic tools. Examples include ArcSight, Netwitness,
                       Access Data FTK, Solo III, X-Ways, Guidance Software Encase, PTK Forensics,
                       RSA enviSion, Tableau and more.

The focus of this document is to highlight the value of the IncMan to security executives who
make cyber security disclosures to the SEC, but it should be emphasized that value is derived
from the fact that it is also an indispensable tool to the organization’s incident response team.



  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 11
SEC Cyber Security Reporting




                                                                                                 Technical Details
The IncMan Incident Management Suite is a secure web application designed to scale to the
largest, geographically distributed enterprises. The system is provided as a virtual machine, a
hardware appliance, or a multi-tiered cluster depending on the needs of the organization. Users
access the system using a web browser or mobile device, such as an iPad. The user interface
supports multiple languages.




                                                                                                                            Summary
This document shows how the DFLabs IncMan Incident Management Suite is well suited to
support the needs of Security Executives that must disclose cyber security risks and incidents to
the US Securities and Exchange Commission. Although only material risks must be disclosed,
deciding what to disclose is a decision that has significant consequences and should be based
on specific criteria.
The IncMan Suite is designed to support and coordinate the incident management activities of
an entire enterprise while providing governance with the necessary metrics needed to
understand the organization’s cyber risk profile. The system can escalate situations to the
appropriate levels of management when security incidents matching certain criteria occur or
pre-defined thresholds are exceeded.
All historical costs and associated risks are tracked to allow for the reporting of the financial
impact of incident response actions and the projection of future costs. This system helps
security managers identify attack trends and assess the adequacy of the preventive measures
that the organization is taking to reduce security risks.
While determining what to disclose to the SEC is still a tough executive decision, the IncMan
Suite helps to facilitate the decision by providing the information that is critical to the decision
making process.




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 12
SEC Cyber Security Reporting




                                                                                                 More Information
To schedule a demonstration of the DFLabs IncMan Incident Management Suite or to learn
more about our software products and services, contact Dale Wright at +01 410 381 4860, or
email sales_usa@dflabs.com. Visit our website at www.DFLabs.com.




                                                                                                                   Works Cited

[1] "CF Disclosure Guidance: Topic No. 2, Cybersecurity," Division of Corporation Finance, Securities and
    Exchange Commission, 13 October 2011. [Online]. Available:
    http://sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [Accessed 24 October 2011].

[2] D. Navetta, "SEC Issues Guidance Concerning Cyber Security Incident Disclosure," Information Law
    Group, 14 October 2011. [Online]. Available: http://www.infolawgroup.com/2011/10/articles/breach-
    notice/sec-issues-guidance-concerning-cyber-security-incident-disclosure/. [Accessed 24 October
    2011].

[3] C. McLeod, "Trust," The Stanford Encyclopedia of Philosophy, no. Spring 2011 Edition, 2011.

[4] D. Ropeik, How Risky Is It Really?, New York: McGraw-Hill, 2010.

[5] A. Partida and D. Andina, "Vulnerabilities, Threats and Risks in IT," in IT Security Management, vol.
    61, Springer Netherlands, 2010, pp. 1-21.

[6] ITpolicyCompliance.com, "Taking Action to Protect Sensitive Data," March 2007. [Online]. Available:
    http://www.itpolicycompliance.com/research-reports/taking-action-to-protect-sensitive-data/. [Accessed
    25 October 2011].

[7] D. W. Hubbard, The Failure of Risk Management, Hoboken, NJ: John Wiley & Sons, Inc., 2009.

[8] V. O'Connell, "Funds Spring Up to Invest in High-Stakes Litigation," 3 October 2011. [Online].
    Available: http://online.wsj.com/article/SB10001424052970204226204576598842318233996.html.
    [Accessed 25 October 2011].

[9] R. Danyliw, J. Meijer and Y. Demchenko, "The Incident Object Description Exchange Format,"
    December 2007. [Online]. Available: http://www.ietf.org/rfc/rfc5070.txt. [Accessed 8 November 2011].




  ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano




                                                                           Page 13
SEC Cyber Security Reporting
Using the IncMan Suite to Manage
the Reporting of Cyber Security
Risks and Incidents to the SEC


DF LABS Srl, VAT and taxpayer number 04547850968
Address: Rep. Office: Via Bergognone, 31, cap 20144 Milano, Italy
Labs: Via delle Macchinette, 27, 26013 Crema (CR), Italy
Tel: +39 0373-83196 / +39 0373-223716
Fax: +39 0373 387605 / +39 02-700424607
Email: info@dflabs.com

DFLabs - North America and South America
North AmericaWright
Contact: Dale and South America
Email: sales_usa@dflabs.com
Tel. +01 410 381 4860

DFLabs -
                                                       abs.com

DFLabs - Middle East, Dubai, UAE
Contact: Dennis Oommen
Email: dpo@dflabs.com
Tel: +97150 5515 480




About DFLabs
DFLabs is an ISO9001 certified company, specializing in Information Security Governance, Governance Risk and
Compliance (GRC) and Business Security. DFLabs provides consulting, services and technologies in the
following areas: Network security, Information Security Strategy, Incident/Fraud Prevention and Response, Digital
Forensics, e-discovery, Litigation Support, Infosec Training, Intrusion Prevention, Log and Vulnerability
Management.


About The Author
Kenneth G. Hartman is a Solution Architect for DFLabs. Ken holds multiple security certifications, including a
CISSP. Prior to coming to DFLabs, Ken was a Security & Privacy Officer for a Healthcare Informatics company.
Contact the author at kh@dflabs.com.


                                                                                Publication Date: 12/7/2011
                                                                                    ©2011 DFLabs srl




       ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano
                                                                     www.DFLabs.com
                                                                                Page 14

More Related Content

What's hot

Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Booz Allen Hamilton
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Professionamiable_indian
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Briefwdjohnson1
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS UK
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk ManagementManoj Jain
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationIBM Danmark
 
Information Security Shake-Up
Information Security Shake-Up  Information Security Shake-Up
Information Security Shake-Up EMC
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecuritySvetlana Belyaeva
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Briefmageeb
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Securityeircom
 

What's hot (20)

Security Feature Cover Story
Security Feature Cover StorySecurity Feature Cover Story
Security Feature Cover Story
 
טכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידעטכנולוגיות אבטחת מערכות מידע
טכנולוגיות אבטחת מערכות מידע
 
Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...Information Security Governance: Government Considerations for the Cloud Comp...
Information Security Governance: Government Considerations for the Cloud Comp...
 
Hiring Guide to the Information Security Profession
Hiring Guide to the Information Security ProfessionHiring Guide to the Information Security Profession
Hiring Guide to the Information Security Profession
 
CISO Case Study 2011 V2
CISO Case Study  2011 V2CISO Case Study  2011 V2
CISO Case Study 2011 V2
 
ITFM Business Brief
ITFM Business BriefITFM Business Brief
ITFM Business Brief
 
Compliance Awareness
Compliance AwarenessCompliance Awareness
Compliance Awareness
 
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBMArrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
Arrow ECS IBM Partner Jam - Security Update - Vicki Cooper - IBM
 
Riskpro information risk management
Riskpro information risk managementRiskpro information risk management
Riskpro information risk management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Riskpro Information Risk Management
Riskpro Information Risk ManagementRiskpro Information Risk Management
Riskpro Information Risk Management
 
Sådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig informationSådan undgår du misbrug af kundedata og fortrolig information
Sådan undgår du misbrug af kundedata og fortrolig information
 
Agam Profile
Agam ProfileAgam Profile
Agam Profile
 
Agama Profile
Agama ProfileAgama Profile
Agama Profile
 
Information Security Shake-Up
Information Security Shake-Up  Information Security Shake-Up
Information Security Shake-Up
 
2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity2 21677 splunk_big_data_futureofsecurity
2 21677 splunk_big_data_futureofsecurity
 
Is3 Capabilities Brief
Is3 Capabilities BriefIs3 Capabilities Brief
Is3 Capabilities Brief
 
eircom Managed Security
eircom Managed Securityeircom Managed Security
eircom Managed Security
 
Riskpro information risk management 2013
Riskpro information risk management 2013Riskpro information risk management 2013
Riskpro information risk management 2013
 

Similar to Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC

Recommendation For Current It Security Policy
Recommendation For Current It Security PolicyRecommendation For Current It Security Policy
Recommendation For Current It Security PolicyKatie Parker
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesEMC
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsSarah Cirelli
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityRahul Tyagi
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationChris Ross
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_readingseadeloitte
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementDaren Dunkel
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamEMC
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityKaryl Scott
 
The Best Suitable Corporate ICT Governance Model For The...
The Best Suitable Corporate ICT Governance Model For The...The Best Suitable Corporate ICT Governance Model For The...
The Best Suitable Corporate ICT Governance Model For The...Alyssa Jones
 
The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...Maggie Turner
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadsavassociates1
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainSanjay Chadha, CPA, CA
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldEMC
 
Analysis Of Network Concepts For A Small Accounting Firm
Analysis Of Network Concepts For A Small Accounting FirmAnalysis Of Network Concepts For A Small Accounting Firm
Analysis Of Network Concepts For A Small Accounting FirmApril Wbnd
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfAnil
 

Similar to Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC (20)

Recommendation For Current It Security Policy
Recommendation For Current It Security PolicyRecommendation For Current It Security Policy
Recommendation For Current It Security Policy
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Cyber Risks - Maligec and Eskins
Cyber Risks - Maligec and EskinsCyber Risks - Maligec and Eskins
Cyber Risks - Maligec and Eskins
 
SBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic TechnologiesSBIC Enterprise Information Security Strategic Technologies
SBIC Enterprise Information Security Strategic Technologies
 
SEC Alert
SEC AlertSEC Alert
SEC Alert
 
Cybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial InstitutionsCybersecurity Risk Management for Financial Institutions
Cybersecurity Risk Management for Financial Institutions
 
How close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe SecurityHow close is your organization to being breached | Safe Security
How close is your organization to being breached | Safe Security
 
Metrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in CommunicationMetrics & Reporting - A Failure in Communication
Metrics & Reporting - A Failure in Communication
 
2017 october supplementary_reading
2017 october supplementary_reading2017 october supplementary_reading
2017 october supplementary_reading
 
A CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk ManagementA CIRO's-eye view of Digital Risk Management
A CIRO's-eye view of Digital Risk Management
 
Transforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended TeamTransforming Information Security: Designing a State-of-the-Art Extended Team
Transforming Information Security: Designing a State-of-the-Art Extended Team
 
What CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber SecurityWhat CIOs Need To Tell Their Boards About Cyber Security
What CIOs Need To Tell Their Boards About Cyber Security
 
The Best Suitable Corporate ICT Governance Model For The...
The Best Suitable Corporate ICT Governance Model For The...The Best Suitable Corporate ICT Governance Model For The...
The Best Suitable Corporate ICT Governance Model For The...
 
The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...The Competency Of Quantum Technologies Information...
The Competency Of Quantum Technologies Information...
 
Cyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor uploadCyber presentation spet 2019 v8sentfor upload
Cyber presentation spet 2019 v8sentfor upload
 
Weakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chainWeakest links of an organization's Cybersecurity chain
Weakest links of an organization's Cybersecurity chain
 
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected WorldRSA Security Brief : Taking Charge of Security in a Hyperconnected World
RSA Security Brief : Taking Charge of Security in a Hyperconnected World
 
Analysis Of Network Concepts For A Small Accounting Firm
Analysis Of Network Concepts For A Small Accounting FirmAnalysis Of Network Concepts For A Small Accounting Firm
Analysis Of Network Concepts For A Small Accounting Firm
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 
Cyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdfCyber-Security-Whitepaper.pdf
Cyber-Security-Whitepaper.pdf
 

More from DFLABS SRL

Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU DFLABS SRL
 
Data Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniData Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniDFLABS SRL
 
L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...DFLABS SRL
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDFLABS SRL
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital InvestigationsDFLABS SRL
 
Iamers presentation-2
Iamers presentation-2Iamers presentation-2
Iamers presentation-2DFLABS SRL
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementDFLABS SRL
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentationDFLABS SRL
 

More from DFLABS SRL (9)

Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU Targeted  &  Persistent  Attacks  in  EU
Targeted  &  Persistent  Attacks  in  EU
 
Data Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioniData Breach e Garante Privacy: Problemi e soluzioni
Data Breach e Garante Privacy: Problemi e soluzioni
 
L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...L'evoluzione degli standard in materia di computer forensics e investigazioni...
L'evoluzione degli standard in materia di computer forensics e investigazioni...
 
Dario Forte's SST Moscow Keynote
Dario Forte's SST Moscow KeynoteDario Forte's SST Moscow Keynote
Dario Forte's SST Moscow Keynote
 
Using Encase for Digital Investigations
Using Encase for Digital InvestigationsUsing Encase for Digital Investigations
Using Encase for Digital Investigations
 
Iamers presentation-2
Iamers presentation-2Iamers presentation-2
Iamers presentation-2
 
IT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk ManagementIT GRC, Soluzioni Risk Management
IT GRC, Soluzioni Risk Management
 
PTK 1.0 official presentation
PTK 1.0 official presentationPTK 1.0 official presentation
PTK 1.0 official presentation
 
D.I.M.
D.I.M.D.I.M.
D.I.M.
 

Recently uploaded

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfJamie (Taka) Wang
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1DianaGray10
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UbiTrack UK
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesMd Hossain Ali
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Brian Pichman
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintMahmoud Rabie
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 

Recently uploaded (20)

activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
activity_diagram_combine_v4_20190827.pdfactivity_diagram_combine_v4_20190827.pdf
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1Secure your environment with UiPath and CyberArk technologies - Session 1
Secure your environment with UiPath and CyberArk technologies - Session 1
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
UWB Technology for Enhanced Indoor and Outdoor Positioning in Physiological M...
 
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just MinutesAI Fame Rush Review – Virtual Influencer Creation In Just Minutes
AI Fame Rush Review – Virtual Influencer Creation In Just Minutes
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )Building Your Own AI Instance (TBLC AI )
Building Your Own AI Instance (TBLC AI )
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Empowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership BlueprintEmpowering Africa's Next Generation: The AI Leadership Blueprint
Empowering Africa's Next Generation: The AI Leadership Blueprint
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 

Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC

  • 1. Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC
  • 2. SEC Cyber Security Reporting Disclaimers The information contained in this document is the proprietary and exclusive property of DFLabs except as otherwise indicated. No part of this document, in whole or in part, may be reproduced, stored, transmitted, or used for design purposes without the prior written permission of DFLabs. The information contained in this document is subject to change without notice. NO WARRANTY: The information in this document is provided for informational purposes only. DFLabs specifically disclaims all warranties, express or limited, including, but not limited, to the implied warranties of merchantability and fitness for a particular purpose, except as provided for in a separate software license agreement. NOT LEGAL ADVICE: The ideas and opinions in this document are not to be construed as legal advice. About DFLabs DFLabs is an ISO9001 certified company, specializing in Information Security Governance, Governance Risk and Compliance (GRC) and Business Security. Our mission is: Supporting Information Security Strategies and Guaranteeing Business Security. Proud of its professional experience, DFLabs provides consulting, services and technologies in the following areas: Network security, Information Security Strategy, Incident/Fraud Prevention and Response, Digital Forensics, e-discovery, Litigation Support, Infosec Training, Intrusion Prevention, Log and Vulnerability Management. DFLabs is creator of the IncMan Suite, a comprehensive incident management solution. The IncMan Suite comprises three modules that can operate autonomously or in concert for a complete solution. Incident Manager (IMAN) is the integrated solution for the complete management of security incidents. Digital Investigation Manager (DIM) is digital evidence tracking software used in digital investigations. DIM has been designed and developed to be used for digital evidence process support during computer forensics and incident response operations. ITILity is a framework of best practices to manage IT operations and services. It is designed to provide a complete support solution, to streamline helpdesk processes. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 1
  • 3. SEC Cyber Security Reporting Table of Contents Executive Summary .................................................................................................. 3 Business Challenges ................................................................................................ 4 Solution Description .................................................................................................. 8 Important Features ................................................................................................. 11 Technical Details .................................................................................................... 12 Summary ................................................................................................................ 12 More Information ..................................................................................................... 13 Works Cited ............................................................................................................ 13 ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 2
  • 4. SEC Cyber Security Reporting Executive Summary On October 13, 2011, the US Securities and Exchange Commission (SEC) published guidance regarding the obligations of companies registered with the SEC relating to cyber security risks and cyber security incidents. Although cyber security risks have always been a potential disclosure issue, this recently published guidance draws specific attention to the need of registrants to carefully analyze “if these issues are among the most significant factors that make an investment in the company speculative or risky.” [1] In determining whether such disclosure is required, companies need to consider: Past Security Incidents The probability of security incidents occurring in the future, the magnitude of those risks, as well as the potential costs and consequences of those incidents The adequacy of the preventive actions taken to reduce cyber security risks The SEC Guidance discussed in this paper provides several examples of cyber threats that can have a material impact on a company that investors have the right to be made aware of. However, public disclosure of cyber risk and incidents must be done carefully. The SEC guidance recognizes that detailed disclosures could provide a roadmap to an attacker. Company executives have the difficult task of weighing the obligation to provide timely and comprehensive information while preserving customer and investor confidence. The stakes of this balancing act are heightened by the litigious climate facing companies doing business in the US. This document will cover the challenges of assimilating all of the threats and attacks that a company is exposed to so that a proper risk assessment can be performed. Proper disclosure cannot be performed without competent analysis of the risks identified during a risk assessment. Not every breach will need to be reported, as the majority will not have the potential for a material impact to the company [2]. Deciding which security incidents to disclose is another critical management decision and it must be made in a timely manner. The DFLabs IncMan Incident Management Suite not only provides your organization’s incident handlers with a framework for managing cyber security incidents, it provides management with insightful information for understanding the organization’s cyber risk profile and incident response trends, including actual costs of historical and current incident response activities. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 3
  • 5. SEC Cyber Security Reporting Business Challenges Trade Secrets, Personally Identifiable Information, and Reputation In today’s information-based economy, it can be argued that information is the primary fuel of wealth creation. Information, combined with financial and human capital creates the combustion of prosperity. Competitive advantage arises based on how effectively organizational management leverages these three types of resources. Trade secrets are the information that provides competitive advantage. Companies need to devote appropriate resources to safeguarding this information, so as to protect their competitive advantage. In order to for a company to do business, a modicum of trust must exist between the business and its customers. Each party to a transaction must trust that the transaction is fair. Some transactions require more trust than others, for example the trust relationship between a patient and a brain surgeon. Trust implies vulnerability. I do not have to trust you if I am not vulnerable to you [3]. To engage in most significant transactions, information must be exchanged, and the expectation is that the recipient can be trusted with the information. The average consumer would rather not share intimate personal details with a large international organization but they will do so if they want the transaction to occur. Whether one is aware of it or not, the decision to trust and share personally identifiable information (PII) is based on a risk calculation that is part of our psychological hardwiring. An individual may not accurately perceive the risk [4] but it is clear that one’s experience and assessment of the other’s reputation are predominant factors in the decision making process [5]. To survive and thrive, organizations must diligently protect their trade secrets and those of their business partners. They must also safeguard the personal information entrusted to them by their customers. How effective an organization is at protecting these vital assets shapes its reputation and that reputation is a key factor in the growth or decline of a business. Disclosure of Cyber Security Risks by Public Companies Investing is another transaction that has inherent risk and is based on trust. The US Securities and Exchange Commission (SEC) has stated that, “The federal securities laws, in part, are designed to elicit disclosure of timely, comprehensive, and accurate information about risks and events that a reasonable investor would consider important to an investment decision.” [1] ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 4
  • 6. SEC Cyber Security Reporting The SEC has noted that there is increased focus on the disclosure obligations of publically traded companies and has issued a document called CF Disclosure Guidance: Topic No. 2 – Cybersecurity (hereafter referred to as “the guidance”). Perhaps this is a response to several high profile security breaches at large public companies. The guidance states in its introduction, that as the increasing dependence on digital technologies has increased, “the risks to registrants associated with cybersecurity have also increased, resulting in more frequent and severe cyber incidents.” [1] Attacks & Accidents In general terms, the goal of an attack is to make the adversary’s resources more valuable to the attacker (theft, for example) or less valuable to the adversary (such as “denial of service”). Attackers have a variety of motivations. Understanding these motivations is an important part of threat assessment. However, not all security incidents are motivated by ill will toward the organization. In fact, many security incidents are due to errors and omissions. [6] Organizations must protect themselves from both attacks and accidents. Confidentiality, Integrity, and Availability Regardless of the motivation, a security incident will fall into one or more of the following categories: Threats to Confidentiality – A threat to confidentiality occurs when unauthorized access has been gained to a system containing secret information. Threats to Integrity – When a system has been attacked, users lose trust in the accuracy and reliability of the information contained therein. Threats to Availability – If users cannot access the information in a system, the value of that information is greatly diminished. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 5
  • 7. SEC Cyber Security Reporting Risk, Vulnerabilities, and Threats The common definition of cyber security risk is the likelihood that a threat will exploit a specific vulnerability. Risk management is the identification and prioritization of risks as well as the economical application of resources to reduce the impact of the adverse advent. [7] By way of example, the SEC guidance discusses a variety of deliberate and unintentional cyber- attacks on confidentiality, integrity, and availability. The document states that successful attacks might result in the victim organization incurring substantial costs and negative consequences, such as: Remediation costs that may include liability for stolen assets or information and repairing system damage that may have been caused. Remediation costs may also include incentives offered to customers or other business partners in an effort to maintain the business relationships after an attack; Increased cyber security protection costs that may include organizational changes, deploying additional personnel and protection technologies, training employees, and engaging third party experts and consultants; Lost revenues resulting from unauthorized use of proprietary information or the failure to retain or attract customers following an attack; Litigation; and Reputational damage adversely affecting customer or investor confidence. Risks have to be prioritized because the cost of mitigating the risk cannot outweigh the cost of the adverse impact. Determining What to Disclose The SEC guidance discusses the specifics of disclosing risks in the various sections of the SEC forms that cover: Risk Factors Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) Description of Business Legal Proceedings Financial Statement Disclosures ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 6
  • 8. SEC Cyber Security Reporting The disclosures must “adequately describe the nature of the material risks and specify how each risk affects the registrant [1].” Registrants are expected to evaluate their cyber security risks, considering all relevant information. The guidance specifically mentions: previous cyber security incidents and severity & frequency of those incidents; the probability of future cyber security incidents and the potential magnitude of those risks; and the adequacy of the countermeasures taken to reduce cyber security risks. A founding partner of the Information Law Group stated, “One read of this guidance is that companies internally are going to have to more carefully forecast and estimate the impact of cyber incidents and the consequences of failing to implement adequate security. This analysis will go well beyond privacy-related security issues where most companies have focused (due to various privacy laws and regulator activity), and implicate key operational issues impacted by security breaches.” [2] Avoiding Litigation The stakes are very high. If a company does not adequately disclose cyber security risks they are potentially exposed to lawsuits and sanctions from the SEC. However, disclosing details about prior security incidents can also open the company up to additional lawsuits. One thing is sure, teams of lawyers and accountants are looking at both sides of this issue 1 and plaintiffs will have no problems obtaining the funding to pursue class action lawsuits. [8] 1 The introduction to the SEC guidance stated that a motive for publishing the guidance was that “there has been increased focus by registrants and members of the legal and accounting professions on how these risks and their related impact on the operations of a registrant should be described within the framework of the disclosure obligations imposed by the federal securities laws” [1] ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 7
  • 9. SEC Cyber Security Reporting Solution Description Determination of Material Risks In order for management to determine which cyber security risks should be disclosed per the SEC guidance, it is important that the organization have a comprehensive security management program. There are three facets of the program that will be the biggest sources of information to the disclosure decision-making process: Incident Handling Case Management Risk Assessments Operational Security The IncMan Suite from DFLabs is a comprehensive incident management framework that has functionality to meet the needs of security governance programs particularly in these three areas. This functionality is discussed in the following sections, with a focus on the needs of the decision makers involved in SEC reporting. Figure 1 – The IncMan Dashboard gives a visual indication of critical metrics. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 8
  • 10. SEC Cyber Security Reporting Information on Past Security Incidents The guidance states that historical security incident information is a consideration to be factored into the disclosure decision-making process. IncMan not only provides a workflow framework for an organization’s incident response team, it is also a repository of the team’s historical response activities. The IncMan Suite archives all case notes and evidence, preserving the chain of custody records. All cases are rated on a severity scale based on your organization’s criteria. Any lessons can be preserved with each case. All content is searchable. A dashboard (see Figure 1) provides a high-level overview of aggregated case information, allowing managers to identify trends and see the financial impact of security incidents. Probability & Impact of Future Security Incidents While historical security incident information is an important factor in risk assessments, it provides only a partial picture because threats evolve rapidly. Security managers must also be aware of emerging attack trends, recently disclosed software vulnerabilities, as well as security incidents afflicting the organization’s industry peers. One of the most important features of IncMan is its native support of the IODEF standard [9]. This capability allows IncMan to automatically receive incident reports from any CSIRT and create assignments for the organization’s response team to take preemptive actions. The IncMan Suite allows security managers to assess the magnitude of risk, potential costs, and consequences material threats to the organization. Because all security incidents (internal and external to the organization) are catalogued according to the IODEF data model, security managers are able to use the dashboard and report wizard to characterize emerging security incident trends and project the potential financial impact to the organization. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 9
  • 11. SEC Cyber Security Reporting Adequacy of Preventive Actions Taken to Reduce Risks An important tenant of security is “prevention is important, but detection is a must!” Most secure organizations have adopted a defense-in-depth security philosophy with overlapping layers of preventive and detective security controls. The detective counter-measures are designed to raise an alert when preventive control has failed or has been circumvented. Generally, the more rapid the response to the incident, the lower the cost will be. The IncMan Suite can integrate with all security devices that support XML and the common event format (CVE), such as all popular intrusion detection systems (IDS), intrusion prevention systems (IPS), and Security Event & Incident Management (SEIM) systems. The data generated by IncMan will allow Security Managers to make an ongoing evaluation of the adequacy and cost effectiveness of the organization’s preventive and detective controls. As part of an operational security process, new procedures and incident response procedures are adapted to respond to organizational changes and evolving threats. These critical documents can be stored in the IncMan knowledge base for immediate access during an incident. Supporting Documentation for SEC Disclosures As stated in the Business Challenges section of this paper, cyber security risk and incident disclosures may impact reputation, investor and customer confidence, as well as have legal ramifications. For this reason, it is anticipated that organizations will develop written criteria for internal use as to what constitutes a material disclosure. Customized reports can be created to provide the supporting documentation for the SEC disclosures. Discovery & Legal Evidence The organization may become involved in legal action resulting from significant security incidents, either as a plaintiff or as a defendant. Corporate counsel can rest assured that all aspects of the incident response including artifacts and case notes are preserved in a forensically sound manner within the IncMan Suite. The suite provides for chain of custody tracking of all evidence and incorporates full support for digital forensic investigation activities. Within the system, all activity is logged. Access to each case is controlled on a role-based, need-to-know basis as granted by a supervisor. When cases are closed, access can be revoked or changed to read only. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 10
  • 12. SEC Cyber Security Reporting Important Features The IncMan Suite is designed with the needs of enterprise incident response teams in mind. The following features make the system ideally suited to the challenge of disclosing material risks and incidents to the Securities and Exchange Commission: Workflow Management – Templates can be defined to pre-populate the security incident case record and tasks can be created and tracked. Dashboard – The configurable dashboard gives an overview of the incident response posture of the organization. Powerful Reporting – Reports can be customized to report exactly the information needed to support a material disclosure. GRC – Risk and compliance implications for every incident can be automatically directed to the appropriate management personnel. Preservation of Evidence and Chain of Custody – All activities are logged and all artifacts are preserved in a forensically sound manner. Knowledge Base – The knowledge base can be loaded with the organization’s policies, procedures, and criteria for a material disclosure. Case Activity Notifications – Email alerts can be configured to escalate incident cases to the appropriate level of management based upon severity. Automatic Integration with External Applications – Integration with Intrusion Detection Systems (IDS), Security Information Event Management (SIEM) systems, and all leading forensic tools. Examples include ArcSight, Netwitness, Access Data FTK, Solo III, X-Ways, Guidance Software Encase, PTK Forensics, RSA enviSion, Tableau and more. The focus of this document is to highlight the value of the IncMan to security executives who make cyber security disclosures to the SEC, but it should be emphasized that value is derived from the fact that it is also an indispensable tool to the organization’s incident response team. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 11
  • 13. SEC Cyber Security Reporting Technical Details The IncMan Incident Management Suite is a secure web application designed to scale to the largest, geographically distributed enterprises. The system is provided as a virtual machine, a hardware appliance, or a multi-tiered cluster depending on the needs of the organization. Users access the system using a web browser or mobile device, such as an iPad. The user interface supports multiple languages. Summary This document shows how the DFLabs IncMan Incident Management Suite is well suited to support the needs of Security Executives that must disclose cyber security risks and incidents to the US Securities and Exchange Commission. Although only material risks must be disclosed, deciding what to disclose is a decision that has significant consequences and should be based on specific criteria. The IncMan Suite is designed to support and coordinate the incident management activities of an entire enterprise while providing governance with the necessary metrics needed to understand the organization’s cyber risk profile. The system can escalate situations to the appropriate levels of management when security incidents matching certain criteria occur or pre-defined thresholds are exceeded. All historical costs and associated risks are tracked to allow for the reporting of the financial impact of incident response actions and the projection of future costs. This system helps security managers identify attack trends and assess the adequacy of the preventive measures that the organization is taking to reduce security risks. While determining what to disclose to the SEC is still a tough executive decision, the IncMan Suite helps to facilitate the decision by providing the information that is critical to the decision making process. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 12
  • 14. SEC Cyber Security Reporting More Information To schedule a demonstration of the DFLabs IncMan Incident Management Suite or to learn more about our software products and services, contact Dale Wright at +01 410 381 4860, or email sales_usa@dflabs.com. Visit our website at www.DFLabs.com. Works Cited [1] "CF Disclosure Guidance: Topic No. 2, Cybersecurity," Division of Corporation Finance, Securities and Exchange Commission, 13 October 2011. [Online]. Available: http://sec.gov/divisions/corpfin/guidance/cfguidance-topic2.htm. [Accessed 24 October 2011]. [2] D. Navetta, "SEC Issues Guidance Concerning Cyber Security Incident Disclosure," Information Law Group, 14 October 2011. [Online]. Available: http://www.infolawgroup.com/2011/10/articles/breach- notice/sec-issues-guidance-concerning-cyber-security-incident-disclosure/. [Accessed 24 October 2011]. [3] C. McLeod, "Trust," The Stanford Encyclopedia of Philosophy, no. Spring 2011 Edition, 2011. [4] D. Ropeik, How Risky Is It Really?, New York: McGraw-Hill, 2010. [5] A. Partida and D. Andina, "Vulnerabilities, Threats and Risks in IT," in IT Security Management, vol. 61, Springer Netherlands, 2010, pp. 1-21. [6] ITpolicyCompliance.com, "Taking Action to Protect Sensitive Data," March 2007. [Online]. Available: http://www.itpolicycompliance.com/research-reports/taking-action-to-protect-sensitive-data/. [Accessed 25 October 2011]. [7] D. W. Hubbard, The Failure of Risk Management, Hoboken, NJ: John Wiley & Sons, Inc., 2009. [8] V. O'Connell, "Funds Spring Up to Invest in High-Stakes Litigation," 3 October 2011. [Online]. Available: http://online.wsj.com/article/SB10001424052970204226204576598842318233996.html. [Accessed 25 October 2011]. [9] R. Danyliw, J. Meijer and Y. Demchenko, "The Incident Object Description Exchange Format," December 2007. [Online]. Available: http://www.ietf.org/rfc/rfc5070.txt. [Accessed 8 November 2011]. ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano Page 13
  • 15. SEC Cyber Security Reporting Using the IncMan Suite to Manage the Reporting of Cyber Security Risks and Incidents to the SEC DF LABS Srl, VAT and taxpayer number 04547850968 Address: Rep. Office: Via Bergognone, 31, cap 20144 Milano, Italy Labs: Via delle Macchinette, 27, 26013 Crema (CR), Italy Tel: +39 0373-83196 / +39 0373-223716 Fax: +39 0373 387605 / +39 02-700424607 Email: info@dflabs.com DFLabs - North America and South America North AmericaWright Contact: Dale and South America Email: sales_usa@dflabs.com Tel. +01 410 381 4860 DFLabs - abs.com DFLabs - Middle East, Dubai, UAE Contact: Dennis Oommen Email: dpo@dflabs.com Tel: +97150 5515 480 About DFLabs DFLabs is an ISO9001 certified company, specializing in Information Security Governance, Governance Risk and Compliance (GRC) and Business Security. DFLabs provides consulting, services and technologies in the following areas: Network security, Information Security Strategy, Incident/Fraud Prevention and Response, Digital Forensics, e-discovery, Litigation Support, Infosec Training, Intrusion Prevention, Log and Vulnerability Management. About The Author Kenneth G. Hartman is a Solution Architect for DFLabs. Ken holds multiple security certifications, including a CISSP. Prior to coming to DFLabs, Ken was a Security & Privacy Officer for a Healthcare Informatics company. Contact the author at kh@dflabs.com. Publication Date: 12/7/2011 ©2011 DFLabs srl ©2011 DFLabs. Copyright, USA and EU Patent Pending Software. DFLABS srl, P.I. and C.F. 04547850968, cap.soc. 50.000 Euro i.v., Corso Magenta 43, 20123 Milano www.DFLabs.com Page 14