The Threat of Noncompliance, Not Only a Data Risk But a Financial One

By Eric Noonan • February 24, 2015

News broke recently that the an investment advisory firm agreed to pay $75,000 to settle U.S. Securities and Exchange Commission charges, that it failed to have a cybersecurity policy in place before a breach compromised 100,000 individuals’ personal information. This is the latest example of regulatory and compliance enforcement by a federal agency and companies of all sizes should be paying attention. While the amount of the settlement isn’t headline grabbing, the actual enforcement of standards of care relative to cybersecurity is.

Regulatory compliance isn’t nearly as appealing as stories about large data breaches or Chinese hackers, but it generally highlights the kinds of fundamental blocking and tackling activities that lay the foundation for better security. Buying tools is easy, creating and implementing the policies and processes that will measure their effectiveness and ensure full deployment and optimization is not. Policy doesn’t stop attacks but it does force an organization to be thoughtful about what they will do and what they won’t do against the reality of their appetite for risk and more importantly their budget.

I recently had dinner with an accomplished CISO leading a multi-national corporation who bemoaned the focus on tool purchases and tactical day to day threats. As a former military officer he inherently knew preparing a concept of operations for the mission is the first step in organizing for victory. This means focusing on the “boring” things like strategy, capability, process, and logistics so that you optimize your chances for winning the war.

It’s hard to put a focus on policy and process when you’re trying to run a business but this latest action by the SEC highlights the importance and cost of doing nothing.  CyberSheath can provide your organization with an integrated view of all information security activities that enable you to reduce risk, demonstrate business value, and optimize your people, processes, and technology.  Our certified consultants are experts in Compliance and can arm your organization with information and guidance needed to avoid an unnecessary lawsuit, as described above.

How Can CyberSheath Help Your Organization?

To learn more, visit our Governance, Risk and Compliance service area where you can download a datasheet detailing our unique GRC approach.  CyberSheath will also be attending the RSA Charge Conference Oct 21-23, where industry experts will be meeting to discuss the strategies and tools that will armor your organization for the security battle you fight every day. CyberSheath is a proud Gold Sponsor for this event, for more details on how CyberSheath will be contributing click here.

CyberSheath Blog

CyberSheath Opens Registration For CMMC CON 2022

RESTON, Va. — June 8, 2022 — Federal contractors have been searching for direction after seeing a flood of messaging about the future of Cybersecurity Maturity Model Certification (CMMC). The nation’s largest CMMC conference has returned to help contractors navigate their course through the evolving compliance landscape.   Hosted by…

5 Reasons to Partner with CyberSheath

The threat landscape is only becoming more complex. Offload the responsibility of navigating cybersecurity issues for your customers by taking advantage of CyberSheath’s new Partner Program.   As a pioneer and industry leader in the managed security service provider space, our new offering helps you achieve rapid results and deliver…

CMMC Compliance Training: How to Earn Your Black Belt

Contractors in the Defense Industrial Base (DIB) are looking for direction as Cybersecurity Maturity Model Certification (CMMC) 2.0 nears. Compliance with CMMC and Defense Federal Acquisition Regulation Supplement (DFARS) is your key to doing business with the Department of Defense (DoD) and we can help you navigate those requirements and…

Our Trusted Partners

Tenable Microsoft Siemplify KnowBe4 ConnectWise DUO

CMMC CON 2022 is here! Save your spot to hear the latest on CMMC from our expert speakers across the government and Defense Industrial Base.