Workshop A – A Roadmap to Building a Cyber Program: Dissecting the Patchwork of Federal, State and Industry Requirements, Including NIST and SEC
Michael Court
Deputy General Counsel
Agricultural Bank of China, New York Branch
Amy Mushahwar
Partner
Lowenstein Sandler LLP
Registration opens at 8:30 am
Requirements, Including NIST and SEC Join this interactive session to gain a complete roadmap to the patchwork of federal, state and industry regulations. Under the SEC’s newly adopted cybersecurity risk management rules, public companies are now required to disclose a cyber breach publicly and within four days. This session will unpack the requirements, grey areas, practical implications and key missteps to avoid:
Part One: Federal Regulations
- Setting the highest standard to satisfy government regulations and protect your organization
- Implementing regulations and operationalizing them through policies and procedures
- Clarifying key requirements, including deadlines
- Satisfying SEC’s expectations for incident reporting within four days, and specifically the expectation for a Form 8-K and Form 10-K filing
- Updating initial reports, and what is expected in follow-up reports
- Defining a “material” cybersecurity incident as reaching a threshold reasonable investors consider important to their decision-making
- Assessing the incident’s effects, remediation efforts, cyber insurance impacts, and estimated costs of a breach
Part Two: Complying with State, Federal and Industry Specific Requirements
- Identifying what is being regulated, where there are similarities, differences and gaps between the regulations
- Meeting reporting obligations and communicating to the different state regulators
- Determining the impact of regulations on your business operations