ashar

joined 2 years ago
MODERATOR OF
 

SECURITIES AND EXCHANGE COMMISSION 17 CFR Parts 229, 232, 239, 240, and 249 [Release Nos. 33-11216; 34-97989; File No. S7-09-22] RIN 3235-AM89

Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure AGENCY: Securities and Exchange Commission.

ACTION: Final rule. SUMMARY: The Securities and Exchange Commission (“Commission”) is adopting new rules to enhance and standardize disclosures regarding cybersecurity risk management, strategy, governance, and incidents by public companies that are subject to the reporting requirements of the Securities Exchange Act of 1934. Specifically, we are adopting amendments to require current disclosure about material cybersecurity incidents. We are also adopting rules requiring periodic disclosures about a registrant’s processes to assess, identify, and manage material cybersecurity risks, management’s role in assessing and managing material cybersecurity risks, and the board of directors’ oversight of cybersecurity risks. Lastly, the final rules require the cybersecurity disclosures to be presented in Inline eXtensible Business Reporting Language (“Inline XBRL”). DATES: Effective date: The amendments are effective [INSERT DATE 30 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]

2
submitted 2 years ago* (last edited 2 years ago) by ashar to c/security_cpe
 

PLENARY SESSION 02 Monday Keynote: Measuring Security Outcomes

Security is measurable. Or rather, security outcomes (broadly defined) are measurable. In the most basic form the measure of insecurity is the sum total of harm experienced. Success of security efforts can be measured based on the rate of decrease of this harm. If harm is decreasing, then we are succeeding. If harm is increasing, then we are failing. While such measurement of outcomes is essential for post-hoc assessment of overall progress, it does not directly help In guiding new decisions. For that we need predictive heuristics.

In order for these predictive metrics to be valid their correlation with actual outcomes must be continuously empirically validated. Unfortunately, most of the predictive security metrics in use today, plausible as they seem, have never been empirically correlated with harm reduction. Thus, establishing reliable measurement of security outcomes is essential for developing better predictive metrics and driving the evolutionary progress of our field. Our domain is not unique in this challenge and we can learn a lot from how other fields have approached it.

Keynote Speaker: Alex Gantman, Qualcomm Technologies Inc.

Alex Gantman is a security engineering executive with over 20 years of experience leading global organizations to deliver secure and reliable products at scale.

Currently serving as Vice President of Engineering at Qualcomm Technologies Inc., Alex has led the establishment and evolution of a broad-scale product security practice covering thousands of products, tens of millions of lines of code, and tens of thousands of engineers across the globe.

Alex received Bachelor’s (1998) and Master’s (2001) degrees in Computer Science from the University of California, San Diego. He holds over 45 patents and is a recognized subject matter expert in hardware, software, and systems security across a wide range of domains, including mobile, automotive, IoT, healthcare, and payments.

Network and Distributed System Security (NDSS) Symposium 2022, 24 – 28 April, 2022 Catamaran Resort Hotel & Spa, San Diego, California, and online.

5
Summer Con 2023 (mastodon.social)
submitted 2 years ago by ashar to c/security_cpe
2
submitted 2 years ago* (last edited 2 years ago) by ashar to c/security_cpe
 

cross-posted from: https://infosec.pub/post/550799

The moderator/host of this instance has a great podcast about infosec.

Episode 18: Mastodon & Cyber-success w/ @rebootkid - Recorded on December 30, 2022

 

Let's cross the CISSP off your Bucket List - BSidesPGH - 33 minutes

https://youtu.be/e06Oi_-6wIM

Talk description https://bsidespgh2022.sched.com/event/13eH9/lets-cross-the-cissp-off-your-bucket-list

"Would you like to see CISSP after your name? 100% of the people that actively followed the methods in the ISC2 study group passed their exam. Will you be next to follow in their footprints to be the leader of tomorrow? Let us show you a different way to pass your exams.

Obtaining a CISSP can be a daunting task. But it doesn't have to be? Our approach will help with any certification, not just the CISSP. This talk is focused on providing tips, tricks, and guidance on how you can easily learn the materials to pass the certification. The CISSP has been the gold standard for security certifications for a number of reasons. Now, there are literally thousands of high-paying job openings asking for this exam. "

6
submitted 2 years ago* (last edited 2 years ago) by ashar to c/security_cpe
 

BSidesPGH 2022 - SecPgh - 17 videos

Playlist

Schedule

view more: ‹ prev next ›