The Threat of Noncompliance, Not Only a Data Risk But a Financial One

By Eric Noonan • February 24, 2015

News broke recently that the an investment advisory firm agreed to pay $75,000 to settle U.S. Securities and Exchange Commission charges, that it failed to have a cybersecurity policy in place before a breach compromised 100,000 individuals’ personal information. This is the latest example of regulatory and compliance enforcement by a federal agency and companies of all sizes should be paying attention. While the amount of the settlement isn’t headline grabbing, the actual enforcement of standards of care relative to cybersecurity is.

Regulatory compliance isn’t nearly as appealing as stories about large data breaches or Chinese hackers, but it generally highlights the kinds of fundamental blocking and tackling activities that lay the foundation for better security. Buying tools is easy, creating and implementing the policies and processes that will measure their effectiveness and ensure full deployment and optimization is not. Policy doesn’t stop attacks but it does force an organization to be thoughtful about what they will do and what they won’t do against the reality of their appetite for risk and more importantly their budget.

I recently had dinner with an accomplished CISO leading a multi-national corporation who bemoaned the focus on tool purchases and tactical day to day threats. As a former military officer he inherently knew preparing a concept of operations for the mission is the first step in organizing for victory. This means focusing on the “boring” things like strategy, capability, process, and logistics so that you optimize your chances for winning the war.

It’s hard to put a focus on policy and process when you’re trying to run a business but this latest action by the SEC highlights the importance and cost of doing nothing.  CyberSheath can provide your organization with an integrated view of all information security activities that enable you to reduce risk, demonstrate business value, and optimize your people, processes, and technology.  Our certified consultants are experts in Compliance and can arm your organization with information and guidance needed to avoid an unnecessary lawsuit, as described above.

How Can CyberSheath Help Your Organization?

To learn more, visit our Governance, Risk and Compliance service area where you can download a datasheet detailing our unique GRC approach.  CyberSheath will also be attending the RSA Charge Conference Oct 21-23, where industry experts will be meeting to discuss the strategies and tools that will armor your organization for the security battle you fight every day. CyberSheath is a proud Gold Sponsor for this event, for more details on how CyberSheath will be contributing click here.

CyberSheath Blog

Dr. Robert Spalding to Address Nation-State Attacks at CMMC Con 2021

Since the inaugural CMMC Con, we’ve seen some of the most malicious attacks on American infrastructure ever executed. The SolarWinds attack reverberated across the entire government as agencies scrambled to discover what nation-state attackers had accessed and stolen. The Colonial Pipeline, shut down by a ransomware attack, led to fuel…

CMMCEnclave: Add Versatility with a More Flexible Approach

The enclave approach to CMMC compliance is one of the most cost effective and least disruptive ways to safeguard CUI. You can maintain high-value custodial security of CUI without upending your existing processes, procedures, and people. That way, you can maintain the proper level of CMMC compliance and remain eligible…

CMMC Con 2021 Opens Registration, Reveals Theme and Speakers

CMMC compliance stands in the way of revenue for every defense contractor in the supply chain. Now that CMMC is a reality for the Defense Industrial Base (DIB), learn how contractors — primes and subs, large and small, foreign-owned — are handling the standards and requirements, as well as the…

Our Trusted Partners

Cyberark McAfee Thycotic RSA Tenable Alien Vault Alert Logic Microsoft

CMMC Con 2021 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.