SEC Guidance Regarding Disclosure of Information Security Risk

Welcome! Please comment and leave me a note telling me what you like and what you'd like to see more of. Sign up to my RSS Feed!

 

With the US economy in danger in 1933, almost 100 years ago, two laws were passed to perform important tasks.  On the one hand, to calm and reassure a desperate public that future investments by themselves should be into fully risk-transparent companies; and on the other to demand that companies which collect money from the public, will fully assess, investigate, mitigate and disclose such risks.

These laws, called the “The Securities Act of 1933”  and “The Securities Exchange Act of 1934” , set minimum thresholds for many practices, including the disclosure of all forms of risk.  Arguably, the most visible effect of these laws was the creation of the Securities and Exchanges Commission, or, for short, the SEC.

While the disclosure of risk was always mandated by these laws, as you can see below, there was never a direct call to disclose ‘cyber’ (or information security) risks. (Regulation S-K 503 (c) ).

Risk factors. Where appropriate, provide under the caption “Risk Factors” a discussion of the most significant factors that make the offering speculative or risky. This discussion must be concise and organized logically. Do not present risks that could apply to any issuer or any offering. Explain how the risk affects the issuer or the securities being offered. Set forth each risk factor under a subcaption that adequately describes the risk. The risk factor discussion must immediately follow the summary section. … The risk factors may include, among other things, the following:

  1. Your lack of an operating history;
  2. Your lack of profitable operations in recent periods;
  3. Your financial position;
  4. Your business or proposed business; or
  5. The lack of a market for your common equity securities or securities convertible into or exercisable for common equity securities.

 

In fact, due to the SEC’s demands, since 2005, if disclosing information security risk *at all*,  some companies chose to put in the annual 10-K and quarterly 10-Q forms a ‘boilerplate’ template stating something like:

Failure of an information system or a compromise of security of an information system could adversely affect our results of operations and financial reporting

 

That should now change.

In October 2011ce, the SEC’s Division of Corporate Finance issued a Disclosure Guidance (available at the SEC site) ‘suggesting’ (in fact requiring, or adding liability if someone doesn’t follow) a far more detailed and comprehensive discussion of information security risks.

In the next blog entry, I will discuss, analyze, and explain my views of this Guidance, as an Information Security Risk professional.

 

 

Note:  I am not an attorney and this blog does not intend to represent legal advice.  For legal advice, consult an attorney.

 

DeliciousStumbleUponDiggTwitterFacebookRedditLinkedIn

How To Stop G+ Searches in Google

Those who follow my blog know that few things are as important to me as Privacy.

When Google launched last week their new ‘personalized with Google+’ results, I found it to be aggravating, to say the least.   So this entry is about

How To Stop G+ Searches in Google Permanently

While clicking on the button here allows us to disable G+ searches for the current search, and perhaps the entire browser session, doing so will not prevent this for reccuring in the next browser session or after we rebooted our computers.

 

To stop G+ searches permanently, follow the insturctions here:

  1. First, go to www.google.com

How to stop G+ Search Results in Google Home Page

 

 

 

 

 

 

 

  1. Then, look at the upper right hand corner of the screen, and find the ‘gear’ icon.

 

How to stop G+ Search Results in Google Home Page Gear

  1. Click on the gear and select ‘Search settings’.

How to stop G+ Search Results in Google Home Page Search settings

 

 

 

  1. The next screen is your Search Settings screen.  Scroll down until you see the section titled ‘Personal results’

How to stop G+ Search Results in Google Search Settings Page

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

  1. Now, click on the button next to ‘Do not use personal results’

How to stop G+ Search Results in Google Search Settings Page Personal Results

 

 

 

 

 

 

 

 

 

  1. And finally, make sure you click ‘Save’, below.

 

How to stop G+ Search Results in Google Search Settings Page Save

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

That’s it.  Now we stopped allowing Google to show G+ searches.