Proposed SEC Cybersecurity Rule Will Put Unnecessary Strain on CISOs
The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous.
The Proposal tag covers proposals that could shape cybersecurity policy, technical standards, incident response, and protections for digital systems.
Search across headline titles and summaries.
Background for this topic.
A proposal is a documented plan for introducing, changing, or funding a security measure, policy, architecture, or project. It turns a problem or requirement into a decision by defining scope, objectives, options, cost, dependencies, owners, and implementation criteria. In security reporting, it may cover a vulnerability-remediation plan, access-control redesign, security tooling purchase, or response to a proposed technical standard.
Its security value depends on connecting identified threats and vulnerabilities to specific controls and verification steps. Reviewers should examine assumptions about assets, trust boundaries, data handling, and third parties; privacy and regulatory constraints where personal data is involved; and plans for testing, rollout, monitoring, exception handling, and reassessment. A proposal that omits residual risk, ownership, measurable acceptance criteria, or maintenance can leave weaknesses unresolved after approval.
The Security and Exchange Commission's Proposed Rule for Public Companies (PPRC) is ambiguous.
It could be used to put ethical hackers, and citizens, behind bars A controversial United Nations proposal has a new foe, Microsoft, which has joined the growing number of organizations warning delegates that the draft version of the UN cybercrime treaty only succeeds in justifying state surveillance — not stopping criminals, as originally intended.…