Accounting for Cyber-Security – SEC Cybersecurity Guidance

On October 13, 2011, the Securities and Exchange Commission (SEC) Division of Corporation Finance released CF Disclosure Guidance: Topic No. 2 – Cybersecurity (the “Guidance”), which is intended to provide guidance to companies on whether and how to disclose the impact of the risk and cost of cybersecurity incidents (both malicious and accidental) on a company.

Part 1 – Posted November 15, 2011. Available at http://www.sourcingspeak.com/2011/11/accounting-for-cybersecurity.html

Part 2 – In Part Two we’ll look at the specific advice provided by the Guidance regarding specific reporting regulations and how it might apply to some recent cyber-incidents. Posted November 17, 2011. Available at http://www.sourcingspeak.com/2011/11/accounting-for-cybersecurity—part-two.html

Part 3 – Cloud Service Providers and ISO 27001. Posted December 9, 2011. Available at http://www.sourcingspeak.com/2011/12/accounting-for-cyber-security-part-three—cloud-service-providers-and-iso-27001.html

Part 4 – Auditing Cloud Providers’ Security. Posted December 15, 2011. Available at http://www.sourcingspeak.com/2011/12/accounting-for-cyber-security-part-four—auditing-cloud-providers-security.html

Advertisements

About John Nicholson

I'm a transactional attorney who focuses on structuring and negotiating large outsourcing transactions (both on and offshore). As part of my work, I've specialized in: - Structuring and negotiating large outsourcing transactions (both on and offshore) including IT outsourcing and various BPOs (including HRO, Facilities Management, Procurement, Finance and Accounting), large systems development and implementations; - Assisting with development of RFPs, proposal evaluation, down select, and negotiation; - US and European privacy laws, including US Safe Harbor, and state privacy and data breach notification laws; and - Privacy, security, legal and contractual issues associated with cloud computing. I'm a frequent speaker on outsourcing, privacy and security issues. Before becoming a lawyer, I was the acting IT director for a mid-size company prior to hiring the CIO and project manager for the company's Oracle Financials implementation.
This entry was posted in cloud, contracting, cybersecurity, outsourcing and tagged , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s