While the U.S. Securities and Exchange Commission's (SEC) Cybersecurity Disclosure Rules may appear daunting, compliance is achievable. While the focus of the new Rules is on public companies, the impacts will be felt by nonpublic companies as well.
Join us on Wednesday, October 11, 2023 — in-person or live-streaming — at the next Midwest Cyber Security Alliance (MCSA) meeting, where sponsors HALOCK Security Labs and Foley & Lardner LLP will give you the combined legal and cyber risk management perspective. Know the dates of compliance. Understand the disclosure obligations. Identify steps to take and existing documents to leverage.
Companies should think about this new rulemaking as being akin to Sarbanes-Oxley in that they will need to implement measurable cybersecurity risk management practices and controls from bottom-to-top-and-back to support new disclosure requirements. As a result, the risk of not meeting certain cybersecurity standards may come from the street, as well as regulators. The rules require that companies disclose their cybersecurity practices and incidents, not that they meet a specific standard of care, such as NIST 800-53 or CIS Controls.
At a high level, the new rules require the following:
1. Disclosure in annual reports about your processes to assess, identify, and manage cybersecurity threats.
2. New Form 8-K disclosure around material cybersecurity incidents.
3. Disclosure of how your board of directors and executives identify and manage cybersecurity risks.
4. Consideration of cybersecurity threats in terms of materiality — qualitative and quantitative — both to the organization and to others who might be harmed.
We look forward to a lively discussion of this rule and seeing how MCSA members are approaching efforts to comply.
THANK YOU TO OUR SPONSOR:
We look forward to welcoming local attendees to the scenic 40th floor of our Milwaukee office! Because expanding participation to colleagues outside of the Milwaukee-Chicago corridor was an unexpected benefit of hosting virtual meetings over the last two years, we are pleased to continue offering a virtual option for those not able to attend in person. We will be monitoring CDC, local, and state guidelines, so the program format may be subject to change.
To register, click the RSVP button above and select in-person or virtual attendance. There is no fee to attend this event, but advance registration is required.
Jennifer Urban, CIPP/US
Foley & Lardner LLP
Jennifer L. Urban (née Rathburn) is dedicated to helping clients navigate evolving privacy, cybersecurity, and innovative technology issues. She advises on data protection programs, incident management, breach response and recovery, monetization of data, Internet of Things, artificial intelligence (AI), de-identification, and other emerging hot topics by leveraging her deep understanding of the complex risk, operational, and legal concerns companies must address to maintain their data. Jennifer serves as co-chair of the Cybersecurity & Data Privacy within the firm’s Innovative Technology sector and one of the founding members of the Midwest Cyber Security Alliance (MCSA).
With these issues requiring a multidisciplinary, scalable approach, Jennifer recognizes that legal advice may only address part of an issue. To provide end-to-end advice, she helps clients understand the additional services they may need to meet best practices and solve their issues by bringing her network of IT security, incident response, privacy, and other partners to the table.
Jennifer also serves as a vice chair of the firm’s Technology Transactions, Cybersecurity, and Privacy Practice and as a member of the Environmental, Social, and Corporate Governance (ESG) Practice. She routinely helps clients prepare for (and respond) to data security incidents, from preparing incident response plans and advising on cybersecurity programs to handling the breach notification response process. She regularly advises boards on current best practices and conducts tabletop exercises to help organizations prepare for cyberattacks.
Jennifer also assists clients in navigating compliance with evolving U.S. and global privacy and data security laws, frameworks, and guidance governing the privacy of consumer, employee, applicant, B2B, health, biometrics, and other sensitive data, such as FTC guidance, the EU’s General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), 42 C.F.R. Part 2 (Confidentiality of Substance Use Disorder Treatment Records), the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), and California Privacy Rights Act (CPRA), among many others.
Terry Kurzynski, CISSP, CISA, PCI QSA, ISO 27001 Auditor
HALOCK Security Labs
With a background in cyber security, networking, application development, audit, project management, and consulting, Terry has a unique skill set in providing strategic advice to clients. Terry is a Board Member of The DoCRA Council and a contributing author of the CIS Risk Assessment Method (RAM). Terry is a CISSP, CISA, PCI QSA, and ISO 27001 Auditor with over 25 years of experience in IT and Security Consulting. He Graduated from the University of Wisconsin with a B.S. in Computer Science.
Chris Cronin, ISO 27001 Auditor
HALOCK Security Labs
Chris Cronin is an ISO 27001 Auditor and has over 15 years of experience helping organizations with policy design, security controls, audit, risk assessment and information security management systems within a cohesive risk management process. Chris is Chair of The DoCRA Council and the principal author of CIS Risk Assessment Method (RAM). Chris is also a member of The Sedona Conference, Data Security and Privacy Liability – Working Group 11 (WG11).
He is a frequent speaker and presenter at information security conferences and events. Chris earned his Masters of Arts from Case Western Reserve University.
Partner | Milwaukee
Foley & Lardner LLP
Jessie Lochmann practices corporate and business law, with an emphasis in securities law and compliance, corporate governance, executive compensation, and capital markets transactions. Jessie frequently represents issuers in securities transactions, including initial and secondary public offerings of equity securities and public and private placements of debt securities. She is the co-leader of the firm’s Capital Markets and Public Company Advisory Practice.
Jessie regularly advises public company clients and their boards of directors on the full range of governance and securities law matters, including governance structure, SEC reporting and disclosure, corporate governance “best practices,” board evaluation processes, fiduciary duty issues, stock exchange listing standards and requirements, relationships with shareholders and proxy advisory firms, ESG hot topics, and shareholder activism and related preparedness. She actively represents over a dozen public companies on their regular 1934 Act compliance, capital markets, and governance matters.
Jessie’s clients also include large private and nonprofit organizations in a governance and board advisory capacity.
Jessie is active in the firm’s governance, serving on the firm’s national partnership selection committee. She is active in the firm’s Manufacturing and Health Care & Life Sciences sectors and is the former co-chair of the firm’s Manufacturing Industry Team, as well as the former hiring partner for the Milwaukee office. She previously served as the vice-chair of the firm’s Transactions Practice Group. Jessie has served as the co-chair of the firm’s National Directors Institute Program since 2014. She is a frequent speaker on corporate governance and SEC-related topics.