-
To be or not to be: determining materiality
The Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) requires companies operating in critical infrastructure sectors to report covered cyber incidents within 72 hours of their reasonable belief that a cyber incident has occurred and report within 24 hours after a ransom payment. Critical infrastructure sectors, as defined in a 2013 presidential policy…
-
Clash of the Titans: Compliance vs. Risk
In today’s complex world, CISOs face increased pressure to provide a winning value proposition to their organizations. Sometimes that sets up a clash between compliance and risk management. Risk management, by its predictive and strategic nature, tends to create value. By spinning out risk scenarios and identifying potential risks, businesses should benefit from new and…